Zumo
October 29, 2023, 3:02pm
1
Hello,
I’ve configured the Nginx reverse proxy when doing so I’ve got the following error in the link.
this is my nginx code block for the passbolt.
#Passbolt
server {
listen 443 ssl;
server_name xxxxxxxx;
# SSL parameters
ssl_certificate /etc/letsencrypt/live/xxxxxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxxxx/privkey.pem; # managed by Certbot
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
client_max_body_size 50m;
# log files
access_log /var/log/nginx/passboltapp.access.log;
error_log /var/log/nginx/passboltapp.error.log;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_header Content-Type;
add_header Content-Security-Policy "default-src;";
# Handle / requests and redirect to a specific port on localhost
location / {
proxy_redirect off;
proxy_pass https://127.0.0.1:4443;
}
}
Can anyone help me understand what is missing?
thanks in advance
antony
October 30, 2023, 6:32am
2
Hello,
Can you try to add this block:
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
access_log on;
log_not_found on;
rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
try_files $uri $uri/ /index.php?$args;
}
Zumo
January 19, 2024, 1:30am
5
Hello,
I’m back at trying to get this to work with 443.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name passbolt.example.com;
ssl_certificate /etc/letsencrypt/live/passbolt.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/passbolt.example.com/privkey.pem; # managed by Certbot
add_header Content-Security-Policy "default-src 'self'; ";
add_header Content-Security-Policy "script-src 'self'; "; # eval needed by canjs for templates
add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; "; # inline needed to perform extension iframe resizing
add_header Content-Security-Policy "img-src 'self';";
add_header Content-Security-Policy "frame-src 'self' https://*.duosecurity.com;";
location / {
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
proxy_pass https://localhost:4443;
proxy_redirect off;
access_log on;
log_not_found on;
rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
try_files $uri $uri/ /index.php?$args;
}
}
}
I’m getting the same error a different page, not a blank.
These are the errors I get in the developer tools.
Thanks.
antony
January 19, 2024, 8:02am
6
Hey @Zumo , you can take a look at one of my older repo as I was using a nginx reverse proxy there as an example!
Zumo
January 19, 2024, 11:50am
7
Good morning @antony ,
Thank you for those files, seeing them makes we wonder if I did something wrong.
In your compose file you still have nginx and I don’t, difference number one.
For the nginx running as a reverse proxy you have 2 files one proxy.conf and another nginx-passbolt.conf are thes two files really needed?
In my passbolt docker I have only the app, with extras. Database is on different container and nginx is installed directly on the server itself that is used as a reverse proxy for several different apps.
Currently 2 apps working with no issues like with this network design.
I’m just wandering if the installation of nginx web server is actually needed in order for this to function properly.
Thank you.
