OneDev
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
server
Code
Pull Requests
Issues
List
Boards
Milestones
Builds
Packages
Statistics
Child Projects
OneDev 10.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues #1223
#1223  Infinite redirects while behind reverse proxy
Closed
Jonathan Simon opened 1 year ago

I'm running OneDev in a docker container. I also have the LinuxServer.IO swag container running my nginx instance. I modified the reverse proxy guide found here (https://docs.onedev.io/administration-guide/reverse-proxy-setup) to fit within the swag subdomain structure. That file looks like this:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name git.*;

    include /config/nginx/ssl.conf;

    proxy_buffering off;

    # maximum size of uploaded file
    client_max_body_size 100M;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    set $upstream_app 172.16.0.100;
    set $upstream_port 6610;
    set $upstream_proto http;

    location /wicket/websocket {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/wicket/websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /~server {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/~server;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location / {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/;
    }
}

If I access the OneDev instance directly on port 6610 at the appropriate local IP, everything works. When I connect via the external URL (https://git.example.com), my browser is infinitely redirected to /~login. This appears to be entirely done inside the script in the HTML response to /.

Am I missing something?

Thanks!
Robin Shen commented 1 year ago

I tried a local installed Nginx instance with your nginx config, and it works fine. Can you please let me know the command you are using to start the LinuxServer.IO swag container?
Jonathan Simon commented 1 year ago

Native nginx reverse proxy did work for me as well. All I did here was merge the host nginx site file with the swag format and include their boilerplate.

Swag compose:

services:
    swag:
        container_name: swag
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - URL=example.com
            - VALIDATION=http
            - 'SUBDOMAINS=d,git,n,h,a'
            - EMAIL=myemail@example.com
        ports:
            - 4444:443
            - 8081:80
        volumes:
            - /media/storage/docker_configs/letsencrypt:/config
        restart: unless-stopped
        image: linuxserver/swag

While the host port is 4444, the port forwarding in my router is 443->4444 on the host. I have another container that only functions in host networking and needs 443.

onedev compose:

services:
    server:
        container_name: onedev
        restart: always
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - /media/storage/docker_configs/onedev/:/opt/onedev
        ports:
            - 6610:6610
            - 6611:6611
        image: 1dev/server:latest

Thanks!
Robin Shen commented 1 year ago

Then how to mount/merge your nginx config file? Should I prepopulate directory /media/storage/docker_configs/letsencrypt with something first?

I never used this container before. Checking the documentation and guessing the setup might be time consuming. A step-by-step reproducing guide will be of a lot help.

Also is http protocol working?
Robin Shen commented 1 year ago

Reproducing steps with http protocol should be simpler if it does not work either.
Jonathan Simon commented 1 year ago

Sorry about that! The swag container will auto-populated many directories under its /config. After it does that, put the nginx config in my first post in the swag container's /config/nginx/proxy-confs/onedev.subdomain.conf and restart the swag container. Swag won't start unless it can resolve the domain name you specify for it to get an SSL cert for.

I redirect all http traffic to https just to not have to think about it but I'll reconfigure it as http tomorrow to see what happens.
Robin Shen changed state to 'Closed' 1 year ago
Previous Value Current Value 
Open
 
Closed
Robin Shen commented 1 year ago

Feel free to reopen if you tested with http protocol.
Jonathan Simon commented 11 months ago

Btw, I figured this out and it was entirely on me. The http vs https thing was a red herring. The proxy_pass directive in the location block for / in my nginx config file didn't include $request_uri at the end so every request redirected to / which obviously doesn't work.
Robin Shen commented 11 months ago

Thanks for sharing.
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
onedev/server#1223
Please wait...
Page is in error, reload to recover