0
Completed

[ 2.0 ] cookie to old behind a proxy

zer 3 years ago updated by Tom 3 years ago 5

Hi,


Accessing Ubboquity v2 behind a proxy seems a bit complicated !


I reach the loggin page, log in seccuessfully, but when I click on any link, I am asked to log in again. And again. And again... :=)


Here is the appropriate log :

20170419 16:09:02 [qtp883020319-34] INFO com.ubooquity.d.c - Cookie token invalid or too old. Access Denied. [login:zer][ip:192.168.42.42]


It's a simple nginx proxy with the following conf :

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;

}

The same config I used with Ubooquity v1.10.1 and that used to work.


Note :

- Direct access works perfectly. It happens only when the access comes from behind the proxy.

- I tried adding --host 0.0.0.0, ip of the proxy ...

Under review

I think we should take a look at the content of the cookie.

Could you do a fresh login (an note the time at wich you do) and post here the cookie you get in your browser following this login ?



Hi,

For me it works well behind apache as proxy between WAN https & LAN http. Login as well as cookie. On a Debian.

I would suspect proxy config...

Mat

I didn't change anything on my proxie's conf, but it's working now.

I updated my debian kernel, nginx, docker and Ubooquity since I made this post, so it will be hard to know exactly from where came this error :D


@Tom : You can close, thanks.

+1

I'm having the same issue w/ an apache reverse proxy.  I get the following error in the apache logs:


[Sat May 27 14:08:34.665488 2017] [http:error] [pid 8845] [client xx.xx.xx.xx:16823] AH02429: Response header name ';expires=Mon, 26-Jun-2017 14' contains invalid characters, aborting request


I found the following reference to a recent apache patch that puts a hard stop on invalid headers:

https://blog.tigertech.net/posts/apache-cve-2016-8743/


I suspect this is the issue for anyone running an up to date apache reverse proxy.  Any chance of a fix?


Edit:

Just realized there is a 2.0.2 beta available and I'm running 1.10.1.  I'm going to give the beta a go and see if that fixes the reverse proxy header issues.


Edit2:

Just installed 2.0.2 and it works great behind the proxy.  All is well again.