Closed lustrant closed 6 months ago
Kimai needs to know that it is running at https, so your proxy needs to set the correct headers: https://www.kimai.org/documentation/webserver-configuration.html#reverse-proxy
I'll add those to the example set up
I believe Traefik emits them correctly; I hacked the entrypoint index.php and added the var_dump()
<?php
var_dump($_SERVER, $_ENV);
exit();
use App\Kernel;
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
return function (array $context) {
return new Kernel($context['APP_ENV'], (bool) $context['APP_DEBUG']);
};
OUTPUT
array(59) {
["REDIRECT_MAILER_FROM"]=>
string(17) "kimai@example.com"
["REDIRECT_APP_ENV"]=>
string(4) "prod"
["REDIRECT_APP_SECRET"]=>
string(31) "change_this_to_something_unique"
["REDIRECT_DATABASE_URL"]=>
string(48) "mysql://kimai:g1uFYKq9gaalginEVE5a@mariadb/kimai"
["REDIRECT_MAILER_URL"]=>
string(16) "null://localhost"
["REDIRECT_TRUSTED_PROXIES"]=>
string(51) "nginx,localhost,127.0.0.1,traefik,kimai.doma.pawouk"
["REDIRECT_TRUSTED_HOSTS"]=>
string(51) "nginx,localhost,127.0.0.1,traefik,kimai.doma.pawouk"
["REDIRECT_STATUS"]=>
string(3) "200"
["MAILER_FROM"]=>
string(17) "kimai@example.com"
["APP_ENV"]=>
string(4) "prod"
["APP_SECRET"]=>
string(31) "change_this_to_something_unique"
["DATABASE_URL"]=>
string(48) "mysql://kimai:g1uFYKq9gaalginEVE5a@mariadb/kimai"
["MAILER_URL"]=>
string(16) "null://localhost"
["TRUSTED_PROXIES"]=>
string(51) "nginx,localhost,127.0.0.1,traefik,kimai.doma.pawouk"
["TRUSTED_HOSTS"]=>
string(51) "nginx,localhost,127.0.0.1,traefik,kimai.doma.pawouk"
["HTTP_HOST"]=>
string(17) "kimai.doma.pawouk"
["HTTP_USER_AGENT"]=>
string(111) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
["HTTP_ACCEPT"]=>
string(135) "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
["HTTP_ACCEPT_ENCODING"]=>
string(17) "gzip, deflate, br"
["HTTP_ACCEPT_LANGUAGE"]=>
string(14) "cs-CZ,cs;q=0.9"
["HTTP_COOKIE"]=>
string(49) "PHPSESSID=2hqvtjskfnkui8njqs1s137i3q; K2P=desktop"
["HTTP_DNT"]=>
string(1) "1"
["HTTP_SEC_CH_UA"]=>
string(58) ""Chromium";v="114", "Not.A/Brand";v="8", "Vivaldi";v="6.1""
["HTTP_SEC_CH_UA_MOBILE"]=>
string(2) "?0"
["HTTP_SEC_CH_UA_PLATFORM"]=>
string(9) ""Windows""
["HTTP_SEC_FETCH_DEST"]=>
string(8) "document"
["HTTP_SEC_FETCH_MODE"]=>
string(8) "navigate"
["HTTP_SEC_FETCH_SITE"]=>
string(4) "none"
["HTTP_UPGRADE_INSECURE_REQUESTS"]=>
string(1) "1"
["HTTP_X_FORWARDED_FOR"]=>
string(11) "192.168.2.3"
["HTTP_X_FORWARDED_HOST"]=>
string(17) "kimai.doma.pawouk"
["HTTP_X_FORWARDED_PORT"]=>
string(3) "443"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_X_FORWARDED_SERVER"]=>
string(7) "traefik"
["HTTP_X_REAL_IP"]=>
string(11) "192.168.2.3"
["PATH"]=>
string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
["SERVER_SIGNATURE"]=>
string(80) "<address>Apache/2.4.38 (Debian) Server at kimai.doma.pawouk Port 8001</address>
"
["SERVER_SOFTWARE"]=>
string(22) "Apache/2.4.38 (Debian)"
["SERVER_NAME"]=>
string(17) "kimai.doma.pawouk"
["SERVER_ADDR"]=>
string(10) "10.120.4.2"
["SERVER_PORT"]=>
string(4) "8001"
["REMOTE_ADDR"]=>
string(11) "10.120.4.15"
["DOCUMENT_ROOT"]=>
string(17) "/opt/kimai/public"
["REQUEST_SCHEME"]=>
string(4) "http"
["CONTEXT_PREFIX"]=>
string(0) ""
["CONTEXT_DOCUMENT_ROOT"]=>
string(17) "/opt/kimai/public"
["SERVER_ADMIN"]=>
string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=>
string(27) "/opt/kimai/public/index.php"
["REMOTE_PORT"]=>
string(5) "41704"
["REDIRECT_URL"]=>
string(1) "/"
["GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.1"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(1) "/"
["SCRIPT_NAME"]=>
string(10) "/index.php"
["PHP_SELF"]=>
string(10) "/index.php"
["REQUEST_TIME_FLOAT"]=>
float(1697124435.05769)
["REQUEST_TIME"]=>
int(1697124435)
}
array(0) {
}
Hello, Apparently similar bug has been opened directly for Kimai
https://github.com/kimai/kimai/issues/4533
So it seems its really a problem with the Kimai code.
Hello, based on your compose/traefik/docker-compose.yml I have created my own docker-compose.yml file, however I have commented out the section with the redirect from HTTP to HTTPS.
When accessing https://kimai.doma.pawouk I get redirected to http://kimai.doma.pawouk/cs_CZ/login where its stuck, because I dont have Traefik configured to handle non-https requests at all.
When I enable the HTTP section, it works. However, I would like to have it without HTTP completely. Is it possible at all?
My docker-compose.yml is as follows
My .env file is as follows