Apply Settings - 502 error

[myopenflixr]

Hello!

I run several instances of Webmin behind an Nginx reverse proxy and everything has worked great for the past year or so until recently. I've noticed this "bug" or "issue" for maybe the last month or two. Webmin runs on a couple servers as well as within a couple VM's. I experience this issue on all instances

My url is this format for each of my instances: https://webmin.DOMAIN.com/Server-1/

Here's the most specific example I can give that produces the error: On my server that runs Nginx, I have the Nginx module that allows me to make changes to my various Virtual Hosts. When I click the "Apply Changes", the main screen shows a 502 error. The URL that displays before clicking apply changes is: https://webmin.DOMAIN.com/Server-1/nginx/?xnavigation=1. Looking at the webconsole, the error seems to be on the page reload. I think it's trying to reload the page as https://webmin.DOMAIN.com/nginx/....It's dropping the "/Server-1/"

Here's an image of the error.

Noting has changed with any of my configuration. This error just seemed to appear out of the blue a while back.

I also have Apache running on another server and I experience the exact same issue on that server as well.

I also notice sometimes that webmin just drops the "/Server-1/" completely resulting me in having to re-navigate to the correct URL.

Any suggestions?

Thanks, Mike

[iliajie]

Hi, Mike.

Do you get the same error if you try, let's say, to upload a file?

[iliajie]

The error, where the prefix is removed upon reload is fixed.

You can apply the patch from here. https://github.com/webmin/webmin/commit/34c6acdeb201d5bd0b1534c4bb782ac342ba813c

Also, you are welcome to install latest theme version to make sure that any "issues" are still issues for you.

Speaking about Bad Gateway error. Does it also happen when you use Gray Theme, right?

[iliajie]

For other sources of the issue I would look at:

1. ModSecurity
2. _client_max_bodysize option
3. SELinux policies.

[iliajie]

Read more here: https://sourceforge.net/p/webadmin/bugs/5166/#0304

[myopenflixr]

Hi @rostovtsev,

I do not get the same error when uploading a file.

I applied the fix by uploading the new file and that didn't help. I restarted Webmin, cleared cookies and cache and still no luck.

I looked at the sourceforge post and that doesn't seem to apply as my reverse proxy runs through Nginx.

Thanks,

[iliajie]

What about changing the theme, does it produce the same error in older themes?

[myopenflixr]

I changed to the Gray Theme and the problem no longer exists.

[iliajie]

Does it only happen with this, if I understand correctly, third-party module?

[myopenflixr]

Yes, it is a third-party module.

[iliajie]

We don't support outdated, third party modules. It should be done by module's developer.

There is better supported Nginx module by Virtualmin Nginx.

Check it out:

wget http://software.virtualmin.com/gpl/debian/dists/virtualmin-universal/main/binary-amd64/webmin-virtualmin-nginx_2.5_all.deb
dpkg -i webmin-virtualmin-nginx_2.5_all.deb

---

You are welcome to try Virtualmin Pro as well.

[iliajie]

However, I found an issue with redirects. Working on it..

[iliajie]

I have made a patch. Please install latest development version of the theme to give it a try. Ignore mentioned 34c6acd fix, as it's rolled back now.

[myopenflixr]

It looks like that did the trick! Problem resolved! Thank you!

[iliajie]

Thank you very much for reporting.

[iliajie]

Hi, Mike.

Can you please pull latest changes (update the theme) to give it another check, if it works for you correctly?

I had to make more changes due to possible various configurations.

[myopenflixr]

Hi @rostovtsev,

I manually forced latest development (19.32-RC3) and all still seems to still be working well!

[iliajie]

Thank you, Mike!

[myopenflixr]

Hi @rostovtsev ,

I'm running into this error again in a little different manner. I will try to explain...

Here's a specific example (this also happens at other times when I execute other things as well): I right click a file in File Manager to change permissions. I get the "pop up" box that allows me to change permissions. When I click "Change" to apply the new permissions, a blue box appears at the bottom that says: "Setting Permissions to 0775 on selected file(s). Please wait....".

Then, a red "pop up" box appears right above and says "Error: 502 - error".

I am not redirected anywhere and then have to navigate away from the page to clear all the pop up boxes.

I opened Chrome console and it looks like the redirect is dropping my "/WEBPREFIX" as mentioned in my 1st post on this issue above.

This also happens in Gray Theme.

Do you think this is an error with with my Nginx config, webmin.conf, miniserv.conf, theme issue, or Webmin issue?

I came to you first since this is similar to my previous reported issue in this thread and you worked it out super quick!

Thanks!

[iliajie]

502 error - Bad Gateway (meaning that one server received an invalid response from another) sound like Nginx error to me, because, if there was bad redirect, you would simply get 404 error - Not Found.

Simply post your configs here, I will take a look, or use the post-form from my website to send it privately.

[myopenflixr]

Hi @rostovtsev ,

As I mentioned in my very first post a couple months back, I run a couple metal servers along with multiple VM's and they all have Webmin installed. I am running into this issue on all of them.

My webmin.conf and miniserv.conf are basically identical on all servers with the exception of webprefix and cookiepath.

Here are my configs:

NGINX Reverse Proxy Config:

include /etc/nginx/includes/webmin.conf;

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
listen 80;
server_name webmin.DOMAIN.com;
return 301 https://$server_name$request_uri;
}

server {
# SSL configuration
listen 443 ssl http2;
server_name webmin.DOMAIN.com;
include /etc/nginx/snippets/strong-ssl.conf;
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;

# Add index.php to the list if you are using PHP
index index.html index.htm index.php index.nginx-debian.html;

# Change the client side error pages (4xx) to prevent some information disclosure
error_page 401 403 404 /404.html;

# Deny access to .htaccess files, if Apache's document
# root concurs with nginx's one

location ~ /\.ht {
deny all;
}

#Webmin
location ~ /(?<behost>.*)/(?<ndpath>.*) {
  auth_basic off;
  #proxy_buffering off;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Host $host;
  #proxy_set_header X-Forwarded-Server $host;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  #proxy_set_header X-Forwarded-For $http_x_forwarded_for;
  proxy_redirect http://$host:10000/ https://$host/$behost/;
  proxy_pass http://webmin-$behost/$ndpath$is_args$args;
  #add_header X-Frame-Options "ALLOW FROM myopenflixr.com";
  #add_header X-Frame-Options "ALLOW FROM webmin.DOMAIN.com";
 }
# make sure there is a trailing slash at the browser or the URLs will be wrong
location ~ /(?<behost>.*) {
  return 301 /$behost/;
 }
}

And here's my /etc/nginx/includes/webmin.conf:

upstream webmin-Main-Server {
    server 172.16.0.5:10000;
    keepalive 64;
}
upstream webmin-Application-Server {
   server 172.16.0.8:10000;
   keepalive 64;
}
upstream webmin-Production-Server {
   server 172.16.0.100:10000;
   keepalive 64;
}
upstream webmin-Applications {
   server 172.16.0.101:10000;
   keepalive 64;
}
upstream webmin-VPN-Server {
   server 172.16.0.102:10000;
   keepalive 64;
}
upstream webmin-Admin-Server {
   server 172.16.0.103:10000;
   keepalive 64;
}
upstream webmin-Pi-Hole {
   server 172.16.0.104:10000;
   keepalive 64;
}
upstream webmin-Plex-Server {
   server 172.16.0.105:10000;
   keepalive 64;
}
upstream webmin-App-Server {
   server 172.16.0.111:10000;
   keepalive 64;
}

Here's my webmin.conf:

s_version=9.0
nohostname=0
gotoone=0
referer=1
lang=en.UTF-8
no_frame_options=1
help_width=
passwd_file=/etc/shadow
feedback_to=
tempdelete_days=7
relative_redir=1
gotomodule=
nowebminup=
hostnamemode=0
passwd_pindex=1
showlogin=0
referers=webmin.DOMAIN.com
webprefixnoredir=1
by_view=0
md5pass=1
error_stack=0
passwd_uindex=0
path=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
help_height=
webprefix=/App-Server
passwd_cindex=2
dateformat=dd/mon/yyyy
sysinfo=0
os_type=debian-linux
passwd_mindex=4
deftab=webmin
real_os_version=18.04.2
nomoduleup=
showhost=0
theme=authentic-theme
referers_none=1
real_os_type=Ubuntu Linux
log=1
product=webmin
notabs=0
hostnamedisplay=DOMAIN
find_pid_command=ps auwwwx | grep NAME | grep -v grep | awk '{ print $2 }'
nofeedbackcc=0
ld_env=LD_LIBRARY_PATH
os_version=9.0

And finally, here's my miniserv.conf:

port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ssl=0
trust_real_ip=1
no_ssl2=1
no_ssl3=1
no_tls1=1
no_tls1_1=1
ssl_honorcipherorder=1
no_sslcompression=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
ipv6=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=authentic-theme
passdelay=1
logout_script=/etc/webmin/logout.pl
cipher_list_def=1
failed_script=/etc/webmin/failed.pl
login_script=/etc/webmin/login.pl
sudo=1
nolog=.*xhr.*
cookiepath=/App-Server
error_handler_404=404.cgi
error_handler_403=403.cgi
error_handler_401=401.cgi
noshowstderr=
nolistdir=
expires_paths=
gzip=1
logouttimes=
root=/usr/share/webmin
mimetypes=/usr/share/webmin/mime.types
server=MiniServ/1.910

Thanks in advance for taking a look!

Mike

[iliajie]

Did you try to disable all proxy_set_header options in your Nginx?

[iliajie]

Aside from it, try different proxy configuration for your Nginx.

Confirmed to work with many users: https://github.com/webmin/webmin/issues/420#issuecomment-308290754

[iliajie]

Then, a red "pop up" box appears right above and says "Error: 502 - error".

Does this only happen when changing Permissions? What about other operations?

[myopenflixr]

Hi @rostovtsev,

Sorry for the delayed response, it's been busy at work!

It seems that I am only experiencing that error with trying to change permissions or ownership.

Looking at things, it seems that both of those operations drop the webprefix when redirecting after applying the settings.

Everything else seems to be working fine.

[iliajie]

I just made a patch, I don't know if it helps in your case.

Please give it a try.

[iliajie]

Besides, did you try to set relative_redir=0?

[iliajie]

I see the problem. Fixing...

[iliajie]

Okay, this issue should be fixed now, no matter what config do you use.

Please install latest dev version using theme configuration to give it a try.

[myopenflixr]

Everything seems to be working great now!

However, I have 1 other "possible non-related" issue that just started occurring on just 1 of my servers....When I tried to test change permissions or ownership, it throws a 404 error. Looking at the web console, it is adding my webprefix twice and causing a Session Expired pop-up.

I reverted back to the Stable release of the theme and then upgraded once again to the Development Version. I also compared this server's config file & miniserv.conf file and they are identical to all other server's config & miniserv.conf.

Any idea what is causing this?

[iliajie]

It looks like Webmin versions are different. It shouldn't be happening. At least, after making a change, I have tested it on literally, 6 different machines with different configurations and it works for me?

At first try restarting Webmin.

That machine that doesn't work, if you don't mind, can you update it using update-from-repo.sh script? Or at least check Webmin versions installed and how are they different?

Both machines are setup to use proxy, with webprefix (as subdomain), correct?

[myopenflixr]

Disregard that last message. I copied>pasted both config files from another server and it is working perfectly. I swear that I compared config & miniserv.conf files with the other servers and they were identical. Maybe I had a misspelling somewhere. Oh well. All works great!

Thanks again!

[iliajie]

Thank you very much for reporting and patience. :smiley_cat: I've had very crazy days recently.

[iliajie]

:laughing: I could reproduce your spontaneous issue. It's due to combination of webprefixnoredir=0 and relative_redir=1.

[iliajie]

I have fixed re-authenticate banner from popping up on error. It was a bug.

Unfortunately, webprefixnoredir=1 has to be used (as recommended by docs), as it's hardcoded in WebminCore redirect sub but File Manager's extensions, intentionally skipping using theme core to increase performance.

[iliajie]

Actually, there is better solution. We don't need to use anything but relative redirects anyway, so I fixed my code once again, to make sure that it works disregard of webprefixnoredir and relative_redir options.

Please give it another try.

[myopenflixr]

I updated to the the latest development theme and all seems to continue working great!