search

shaarli / Shaarli

The personal, minimalist, super-fast, database free, bookmarking service - community repo
https://shaarli.readthedocs.io/
Other
3.38k stars 287 forks source link

Wrong token using httpd and relayd on openbsd #2066

Open caywin25 opened 7 months ago

caywin25 commented 7 months ago

Hello

I find myself facing a problem. I can't share an article with the "Shaare link" button

When I open the window and enter my credentials, I get the message Wrong token and I cannot share the link.

It seems to me that it is because of my reverse proxy. My configuration is as follows:

Log on my webserver with Wrong token message : 

<domain> 127.0.0.1 - - [24/Jan/2024:19:57:25 +0100] "POST /login?returnurl=%2Fadmin%2Fshaare%3Fpost%3Dhttps%253A%252F%252Fgithub.com%252Fshaarli%252FShaarli%252Fpulls%26title%3DPull%2520requests%2520%25C2%25B7%2520shaarli%252FShaarli%2520%25C2%25B7%2520GitHub%26description%3D%26source%3Dbookmarklet HTTP/1.1" 403 0 "https://domain.fr/login%3Freturnurl=%252Fadmin%252Fshaare%253Fpost%253Dhttps%25253A%25252F%25252Fgithub.com%25252Fshaarli%25252FShaarli%25252Fpulls%2526title%253DPull%252520requests%252520%2525C2%2525B7%252520shaarli%25252FShaarli%252520%2525C2%2525B7%252520GitHub%2526description%253D%2526source%253Dbookmarklet" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" <IP> -

I think that's where the problem comes from. Could you please help me ?

caywin25 commented 7 months ago

I just did new tests. If I log in directly to my shaarli site and I want to share a link with the "Shaare link" window I get the error: Wrong token.

If I am not logged in on my shaarli site but I log in from the small window ¨Shaare link¨ I can share any links.

Finally if I log into the small "shaare link" window and on my shaarli site one of the will return the Wrong Token error and will be unusable

nodiscc commented 7 months ago

Hi,

It seems to me that it is because of my reverse proxy.

Please post

caywin25 commented 7 months ago

Hello

Thanks for your reply. I'm using httpd ans relayd on openbsd and I installed shaarli with zip I know is not standard :)

httpd.conf 

server "perso.shaarli.org" {
        listen on 127.0.0.1 port 8080

        log style forwarded
        log {
                access "access.log"
                error "error.log"
        }

        location "/tpl/*" {
            root "/htdocs/shaarli"
        }

        location "*.php" {
            root "/htdocs/shaarli"
            fastcgi socket "/run/php-fpm.sock"
        }

        location "*index.php*" {
            root "/htdocs/shaarli"
            fastcgi socket "/run/php-fpm.sock"
        }

        location match "/(.*)" {
            request rewrite "/index.php/%1"
        }

        location "/*" {
            root "/htdocs/shaarli"
        }
        gzip-static
}

server "perso.shaarli.org" {
        listen on 127.0.0.1 port 8081
        block return 301 "https://$HTTP_HOST$REQUEST_URI"
}

relayd.conf

match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
match request header set "X-Real-IP" value "$REMOTE_ADDR"

Above are the headers that I pass to VHOST The rest of the conf is just standard for the 443

Thank for your help

nodiscc commented 6 months ago

Does accessing /admin/token on your instance return a token?

Are there errors in the browser console or webserver logs?

nodiscc commented 5 months ago

Hi @caywin25 did you get a chance to check /admin/token on your instance, as requested above?

caywin25 commented 3 months ago

Hello @nodiscc Sorry for delay Yes if I go to /admin/token I have my token

Thanks Regards