Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HFS will not load under reverse proxy #694

Open
flash-world opened this issue Jul 31, 2024 · 12 comments
Open

HFS will not load under reverse proxy #694

flash-world opened this issue Jul 31, 2024 · 12 comments
Labels
bug Something isn't working cannot reproduce

Comments

@flash-world
Copy link

BEFORE

  • Are you using a reverse-proxy, like nginx?
    • Check if your problem is caused by your proxy, try without it.

To Reproduce
Steps to reproduce the behavior:

  1. Load HFS
  2. Load Nginx
  3. Load page under reverse proxy

Describe the bug
When loading the hfs page under reverse proxy it gets stuck on "Wait for loading or use basic interface"
Expected behavior
The page loads correctly under the reverse proxy.

Screenshots
image

Environment (please complete the following information):

  • OS: Windows
  • HFS Version 0.53.0
  • Browser Firefox

Additional context
Nginx runs as https.

@flash-world flash-world added the bug Something isn't working label Jul 31, 2024
@patschi
Copy link

patschi commented Sep 18, 2024

I can indeed reproduce the same issue with trying to get this to work with nginx. I have followed the documentation and configuration examples as per https://github.com/rejetto/hfs/wiki/Reverse-proxy and issue remains the same.

The nginx error log reports tons of upstream timed out and barely any resource loads. No errors seen in hfs.

@patschi
Copy link

patschi commented Sep 18, 2024

I was just able to figure out why... Just few minutes as I posted above. In the local console I was able to see this:

20:34:56 plugin antibrute: delaying x.x.x.x for 5
20:35:01 plugin antibrute: delaying x.x.x.x for 10
20:35:01 plugin antibrute: delaying x.x.x.x for 25
20:35:45 plugin antibrute: delaying x.x.x.x for 2
20:35:46 plugin antibrute: delaying x.x.x.x for 25

This is my public IP and I was already delayed/blocked after accessing the site the first time. After disabling the plugin HFS does work just fine behind a reverse proxy.

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

20:35:46 plugin antibrute: delaying x.x.x.x for 25
This is my public IP and I was already delayed/blocked after accessing the site the first time. After disabling the plugin HFS does work just fine behind a reverse proxy.

antibrute plugin only acts when you make repeated login attempts, otherwise does nothing

@patschi
Copy link

patschi commented Sep 18, 2024

antibrute plugin only acts when you make repeated login attempts, otherwise does nothing

I'd have expected this as well. But somehow it still seem to break reverse proxy ability without even submitting any login form (I don't have any admin accounts created and solely use localhost)

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

When loading the hfs page under reverse proxy it gets stuck on "Wait for loading or use basic interface"

Sorry for the late reply, I've lost track of this.
The problem can happen if you didn't configure the proxy correctly.
Did you follow this guide? https://github.com/rejetto/hfs/wiki/Reverse-proxy

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

antibrute plugin only acts when you make repeated login attempts, otherwise does nothing

I'd have expected this as well. But somehow it still seem to break reverse proxy ability without even submitting any login form (I don't have any admin accounts created and solely use localhost)

hmmm,
this can be triggered also by credentials passed with http-basic-authentication (like passwords inside URLs)

@patschi
Copy link

patschi commented Sep 18, 2024

That's a good point. I have indeed configured HTTP Basic Auth on reverse proxy-level, before any traffic goes through HFS. That would make sense.

And due to some caching or whatsoever, it might try to access CSS, JS, etc resources and exceed threshold, ending up in blocking the IP.

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

consider that a lot of people is using hfs behind nginx without this problem, and antibrute is enabled by default.
if it doesn't work for you, there must be something peculiar

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

That's a good point. I have indeed configured HTTP Basic Auth on reverse proxy-level, before any traffic goes through HFS. That would make sense.

ok, so maybe you should add a line in nginx to override the content of "authentication". Make it empty, or delete it, if you don't need this feature in HFS.

HFS supports this kind of authentication.

@patschi
Copy link

patschi commented Sep 18, 2024

HFS supports this kind of authentication.

Is there any way disabling HTTP BASIC Auth? I really would like to have nginx do the authentication. Also because I'm using HFS unauthenticated in my internal network.

@rejetto
Copy link
Owner

rejetto commented Sep 18, 2024

there's no such option at the moment, but you can solve the way i wrote.
you don't want to send this authentication to HFS, do you?
try adding this in the nginx configuration for hfs
proxy_set_header authentication "";
so that nginx gets it, but doesn't forward it to hfs.

@patschi
Copy link

patschi commented Sep 18, 2024

Aaah, sorry. Misunderstood your idea. Sorry! Brilliant one!

I just tested it, and this one does the trick with antibrute enabled:

proxy_set_header Authorization "";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working cannot reproduce
Projects
None yet
Development

No branches or pull requests

3 participants