Nginx reverse Proxy with error

Installation Issues
1

Hello,

I’ve configured the Nginx reverse proxy when doing so I’ve got the following error in the link.

Screenshot from 2023-10-29 13-59-24
Screenshot from 2023-10-29 13-59-241432×109 30.9 KB

this is my nginx code block for the passbolt.

#Passbolt

    server {
        listen 443 ssl;
        server_name xxxxxxxx;

        # SSL parameters
        ssl_certificate /etc/letsencrypt/live/xxxxxxx/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/xxxxxxx/privkey.pem; # managed by Certbot


        proxy_read_timeout 720s;
        proxy_connect_timeout 720s;
        proxy_send_timeout 720s;

        client_max_body_size 50m;


        # log files
        access_log /var/log/nginx/passboltapp.access.log;
        error_log /var/log/nginx/passboltapp.error.log;

        # Proxy headers
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass_header Content-Type;
        add_header Content-Security-Policy "default-src;";

        # Handle / requests and redirect to a specific port on localhost
        location / {
            proxy_redirect off;
            proxy_pass https://127.0.0.1:4443;
         }
    }

Can anyone help me understand what is missing?

thanks in advance

2

Hello,

Can you try to add this block:

  location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
  access_log on;
  log_not_found on;
  rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
  rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
  try_files $uri $uri/ /index.php?$args;
}
3

Hello @antony,

I’ve commented most of the lines and left only the location of passbolt inside of the docker and the block of code that you’ve given me. Same outcome.

Passbolt

   server {
       listen 443 ssl;
       server_name xxxxxxx;

       # SSL parameters
       ssl_certificate /etc/letsencrypt/live/xxxxxxx/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/xxxxxxxx/privkey.pem; # managed by Certbot


       #proxy_read_timeout 720s;
       #proxy_connect_timeout 720s;
       #proxy_send_timeout 720s;

       #client_max_body_size 50m;


       # log files
       access_log /var/log/nginx/passboltapp.access.log;
       error_log /var/log/nginx/passboltapp.error.log;

       # Proxy headers
       #proxy_set_header X-Forwarded-Host $host;
       #proxy_set_header X-Real-IP $remote_addr;
       #proxy_set_header Host $host;
       #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       #proxy_set_header X-Forwarded-Proto $scheme;
       #proxy_set_header X-Real-IP $remote_addr;
       #proxy_pass_header Content-Type;
       #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';frame-src 'self'"; 


       # Handle / requests and redirect to a specific port on localhost
       location / {
           proxy_pass https://127.0.0.1:4443;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host;


   }

           location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
               access_log on;
               log_not_found on;
               rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
               rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
               try_files $uri $uri/ /index.php?$args;
               }

   }

#Passbolt

    server {
        listen 443 ssl;
        server_name passbolt.bgvs.online;

        # SSL parameters
        ssl_certificate /etc/letsencrypt/live/passbolt.bgvs.online/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/passbolt.bgvs.online/privkey.pem; # managed by Certbot


        #proxy_read_timeout 720s;
        #proxy_connect_timeout 720s;
        #proxy_send_timeout 720s;

        #client_max_body_size 50m;


        # log files
        access_log /var/log/nginx/passboltapp.access.log;
        error_log /var/log/nginx/passboltapp.error.log;

        # Proxy headers
        #proxy_set_header X-Forwarded-Host $host;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header Host $host;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto $scheme;
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_pass_header Content-Type;
        #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';frame-src 'self'"; 


        # Handle / requests and redirect to a specific port on localhost
        location / {
            proxy_pass https://127.0.0.1:4443;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;


            location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
                access_log on;
                log_not_found on;
                rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
                rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
                try_files $uri $uri/ /index.php?$args;
                }

    }


    }

to have a more clear understanding of design Passbolt is in docker and Nginx is installed directly on the Ubuntu 22.04. I’ve reached out to Nginx folks in the IRC channel and mentioned that is this is not related to Nginx, but how CORS was developed in the Passbolt.

Screenshot from 2023-10-30 12-58-59
Screenshot from 2023-10-30 12-58-591432×176 50.5 KB

4

Hello,

I’ve tried everything for the Nginx reverse proxy to work.

Does anyone have any ideas to assist me with this?

Below is my latest sites config file.

#Passbolt

    server {
        listen 443 ssl;
        server_name passbolt.bgvs.online;

        # SSL parameters
        ssl_certificate /etc/letsencrypt/live/passbolt.bgvs.online/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/passbolt.bgvs.online/privkey.pem; # managed by Certbot


        add_header Content-Security-Policy "default-src 'self'; ";
        add_header Content-Security-Policy "script-src 'self'; "; # eval needed by canjs for templates
        add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; "; # inline needed to perform extension iframe resizing
        add_header Content-Security-Policy "img-src 'self';";
        add_header Content-Security-Policy "frame-src 'self' https://*.duosecurity.com;";

        # log files
        access_log /var/log/nginx/passboltapp.access.log;
        error_log /var/log/nginx/passboltapp.error.log;

        # Handle / requests and redirect to a specific port on localhost
        location / {
                proxy_pass https://127.0.0.1:4443;
        }

        location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|woff2|avi|mp\d)$ {
                access_log on;
                log_not_found on;
                rewrite ^/([^/]+)/([img|css|js|fonts|locales]+)/(.*)$ /$2/$3 break;
                rewrite ^/([^/]+)/favicon.ico$ /favicon.ico break;
                try_files $uri $uri/ /index.php?$args;
                }

    }

Screenshot from 2023-11-08 20-14-27
Screenshot from 2023-11-08 20-14-271844×246 57.3 KB