search

pyload / pyload

The free and open-source Download Manager written in pure Python
https://pyload.net
Other
3.34k stars 713 forks source link

login url scheme #4432

Closed UserX404 closed 9 months ago

UserX404 commented 9 months ago

Question

I'm running pyload behind an nginx reverse proxy (Nginx Proxy Manager) and have a (maybe) small issue where I don't know where to find the culbrit. The issue occures only when the browser hasn't cached data, when I has to input my login credentials. I access through https://pyload.mydomain.com and get a respose url like https://pyload.mydomain.com/login?next=http://pyload.mydomain.com. Changing the scheme of the next-url to https directs me to the expected login page. Is this next-url someting pyload is responsible for or has there somesthing to be changed on ngnix-config?

I use ngnix as ssl-termination with unencrypted connection to pyload.

Additional references

> # ------------------------------------------------------------
> # pyload.mydomain.com
> # ------------------------------------------------------------
> 
> map $scheme $hsts_header {
>     https   "max-age=63072000;includeSubDomains; preload";
> }
> 
> server {
>   set $forward_scheme http;
>   set $server         "192.168.1.12";
>   set $port           1234;
> 
>   listen 80;
> listen [::]:80;
> 
> listen 443 ssl http2;
> listen [::]:443 ssl http2;
> 
>   server_name pyload.mydomain.com;
> 
>   # Let's Encrypt SSL
>   include conf.d/include/letsencrypt-acme-challenge.conf;
>   include conf.d/include/ssl-ciphers.conf;
>   ssl_certificate /etc/letsencrypt/live/npm-9/fullchain.pem;
>   ssl_certificate_key /etc/letsencrypt/live/npm-9/privkey.pem;
> 
> # Asset Caching
>   include conf.d/include/assets.conf;
> 
>   # Block Exploits
>   include conf.d/include/block-exploits.conf;
> 
>   # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
>   add_header Strict-Transport-Security $hsts_header always;
> 
>     # Force SSL
>     include conf.d/include/force-ssl.conf;
> 
>   access_log /data/logs/proxy-host-7_access.log proxy;
>   error_log /data/logs/proxy-host-7_error.log warn;
> 
>   location / {
> 
>   # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
>   add_header Strict-Transport-Security $hsts_header always;
> 
>     # Proxy!
>     include conf.d/include/proxy.conf;
>   }
> 
>   # Custom
>   include /data/nginx/custom/server_proxy[.]conf;
> }
GammaC0de commented 9 months ago

The next parameter had changed recently: https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd

GammaC0de commented 9 months ago

Closing.

github-actions[bot] commented 1 month ago

This ticket has been automatically locked since there has not been any recent activity after it was closed.