OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.7
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-1223
Infinite redirects while behind reverse proxy (OD-1223)
Jonathan Simon opened 3 years ago

I'm running OneDev in a docker container. I also have the LinuxServer.IO swag container running my nginx instance. I modified the reverse proxy guide found here (https://docs.onedev.io/administration-guide/reverse-proxy-setup) to fit within the swag subdomain structure. That file looks like this:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name git.*;

    include /config/nginx/ssl.conf;

    proxy_buffering off;

    # maximum size of uploaded file
    client_max_body_size 100M;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    set $upstream_app 172.16.0.100;
    set $upstream_port 6610;
    set $upstream_proto http;

    location /wicket/websocket {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/wicket/websocket;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /~server {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/~server;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location / {
        proxy_pass $upstream_proto://$upstream_app:$upstream_port/;
    }
}

If I access the OneDev instance directly on port 6610 at the appropriate local IP, everything works. When I connect via the external URL (https://git.example.com), my browser is infinitely redirected to /~login. This appears to be entirely done inside the script in the HTML response to /.

Am I missing something?

Thanks!

  • Robin Shen commented 3 years ago

    I tried a local installed Nginx instance with your nginx config, and it works fine. Can you please let me know the command you are using to start the LinuxServer.IO swag container?

  • Jonathan Simon commented 3 years ago

    Native nginx reverse proxy did work for me as well. All I did here was merge the host nginx site file with the swag format and include their boilerplate.

    Swag compose:

    services:
    swag:
        container_name: swag
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - URL=example.com
            - VALIDATION=http
            - 'SUBDOMAINS=d,git,n,h,a'
            - [email protected]
        ports:
            - 4444:443
            - 8081:80
        volumes:
            - /media/storage/docker_configs/letsencrypt:/config
        restart: unless-stopped
        image: linuxserver/swag

    While the host port is 4444, the port forwarding in my router is 443->4444 on the host. I have another container that only functions in host networking and needs 443.

    onedev compose:

    services:
    server:
        container_name: onedev
        restart: always
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - /media/storage/docker_configs/onedev/:/opt/onedev
        ports:
            - 6610:6610
            - 6611:6611
        image: 1dev/server:latest

    Thanks!

  • Robin Shen commented 3 years ago

    Then how to mount/merge your nginx config file? Should I prepopulate directory /media/storage/docker_configs/letsencrypt with something first?

    I never used this container before. Checking the documentation and guessing the setup might be time consuming. A step-by-step reproducing guide will be of a lot help.

    Also is http protocol working?

  • Robin Shen commented 3 years ago

    Reproducing steps with http protocol should be simpler if it does not work either.

  • Jonathan Simon commented 3 years ago

    Sorry about that! The swag container will auto-populated many directories under its /config. After it does that, put the nginx config in my first post in the swag container's /config/nginx/proxy-confs/onedev.subdomain.conf and restart the swag container. Swag won't start unless it can resolve the domain name you specify for it to get an SSL cert for.

    I redirect all http traffic to https just to not have to think about it but I'll reconfigure it as http tomorrow to see what happens.

  • Robin Shen changed state to 'Closed' 3 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • Robin Shen commented 3 years ago

    Feel free to reopen if you tested with http protocol.

  • Jonathan Simon commented 3 years ago

    Btw, I figured this out and it was entirely on me. The http vs https thing was a red herring. The proxy_pass directive in the location block for / in my nginx config file didn't include $request_uri at the end so every request redirected to / which obviously doesn't work.

  • Robin Shen commented 3 years ago

    Thanks for sharing.

issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Issue Votes (0)
Login to vote
Watchers (4)
Reference
OD-1223
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover