Accessing an app ends up in an SSO loop

My YunoHost server

Hardware: VirtualBox with 1GB of RAM
YunoHost version: 4.0.8
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain:

I am trying to package a new Python app (https://github.com/spiral-project/copanier_ynh) on a VirtualBox instance, aliased as the “yunohost.local” domain.

Description of my issue

The app runs on localhost:2244, and I am trying to make it work via nginx. The install template has written the file /etc/nginx/conf.d/yunohost.local.d/copanier.conf, which content is:

rewrite ^/copanier$ /copanier/ permanent;
location /copanier/ {

  # Force usage of https
  #if ($scheme = http) {
  #  rewrite ^ https://$server_name$request_uri? permanent;
  #}

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header Host $http_host;
  proxy_pass http://127.0.0.1:2244/;
  proxy_redirect    off;
  client_max_body_size 10M;

  # Include SSOWAT user panel.
  #include conf.d/yunohost_panel.conf.inc;
}

location /copanier/static {
  alias /var/www/copanier/static/;
}

When I click on the user dashboard on the “Copanier” app, I am directed to https://yunohost.local/copanier, and then https://yunohost.local/copanier/ and then https://yunohost.local/connexion?next=/ and finally to https://yunohost.local/yunohost/sso/.

I looked at various apps that use reverse proxy, and I don’t get what I am missing to make this work as expected (aka, seeing the web interface of the app).

The /connexion?next=/ route is the one handled by the application as states an internal curl command:

curl -sSL  http://localhost:2244/connexion?next=/ | head



<!DOCTYPE html>
<html>
<head>
	<title>Copanier</title>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" type="text/css" href="/static/app.css">

It sounds like the redirect should have been to /copanier/connexion and not /connexion.
I am confused why the proxy pass does not rewrite this.

Thanks for your help :slight_smile:

My best guess is that the python application has to know where it’s installed (the “site root”) because it’s the one crafting the redirection. It’s kinda common issue - except that some developer don’t realize their app may be installed on a subpath and not on the root of a domain … so kinda depends in the doc of this app says anything about this.

Alternatively, some yunohost app just decide to give up on trying to handle this (if the app doesnt support it, you would either end up changing its code yourself, of doing black magic in the nginx conf) and just enforce that the app is to be installed on the domain’s root.

Ah, alternatively :

It may be that you need to remove the trailing / here … Not 100% to explain why the behavior changes if you don’t put it but many apps don’t include it …

Hi @Aleks, thanks for your help.

You are right: the loop happened because the proxied app was unaware of being in a subfolder, but the proxy was well configured. I managed to talk with the maintainers, and they implemented the feature.

Thanks for your help!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.