Problems with Docker and redirect

Support apps
, , , ,
1

My YunoHost server

Hardware: Raspberry Pi 4 at home
YunoHost version: 11.2.9.1 (stable)
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
My IT skill : Proto newbie confortable with command line

Description of my issue:

Cant logging to slskd (soulseeek) installed in a container (docker-compose)

Things I tried before coming here :slight_smile:

-Modify the redirect.conf file of my app :

location / {
  proxy_pass http://localhost:5030;
  proxy_redirect off;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $server_name;
  proxy_set_header X-Forwarded-Port $server_port;
  
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  # Unset Authorization and Cookie headers **<-- thats the modification I did**
  proxy_set_header Authorization "";
  proxy_set_header Cookie "";

  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
  more_clear_input_headers 'Accept-Encoding';
}

*- I have found this post on github :

*Which drove me to this one :slight_smile:

It seems to me that I have the exact same issue , only I cannot find the way to resolve it !

Coud someone help please? @tituspijean , you were the one giving the solution maybe you could show me the way ?

Thanks again to all yunohost team for all the great work

2

After your modification, have you reloaded NGINX with systemctl reload nginx?
I do not know enough about the headers, but there’s a risk that the authorization and cookie are reset upon every request with your hack. That would reset even a successful login.

Have you run the same command as I suggested in the other thread? If so, what’s its output?

Can you confirm you have the exact same issue as the one described on Github, notably the successful POST request to /session but other requests failing?

3

Wooa I didn’t expect such a rapid answer !

I did reload nginx after modifications but nothing changed .

Here is a print screen of what I get in my browser .

Capture d’écran du 2024-04-07 22-19-10ok
Capture d’écran du 2024-04-07 22-19-10ok1909×927 87.5 KB

For you solutions : I didn’t really understand what I should input and didn’t want to run the command without understanding a bit … That’s why I did this thread because my IT skills are not enough for me to understand your proposed solution … Maybe you coud explain a bit? Or should I just copy paste and try ? ??

4

Open a terminal to your server in SSH, then run:

app=redirect
sudo yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.main' ,auth_header=False)"

If you do not know how to do this, god bless you, you can check out the documentation: SSH and command line | Yunohost Documentation :wink:

5

Lol , running command trought SSH is fine by me .
Run the command and still got the same error message.
Here is the docker-compose log (altought it doesnt say anything interresting)

I uncommented the slskd.yaml (Daaaaaa) and that changed the log output , now saying I am connected to soulseek . Still cant access the app tought

slskd_1  |                     ▄▄▄▄     ▄▄▄▄     ▄▄▄▄
slskd_1  |               ▄▄▄▄▄▄█  █▄▄▄▄▄█  █▄▄▄▄▄█  █
slskd_1  |               █__ --█  █__ --█    ◄█  -  █
slskd_1  |               █▄▄▄▄▄█▄▄█▄▄▄▄▄█▄▄█▄▄█▄▄▄▄▄█
slskd_1  | ╒════════════════════════════════════════════════════════╕
slskd_1  | │           GNU AFFERO GENERAL PUBLIC LICENSE            │
slskd_1  | │                   https://slskd.org                    │
slskd_1  | │                                                        │
slskd_1  | │              0.20.0.0 (0.20.0.0+264019f1)              │
slskd_1  | └────────────────────────────────────────────────────────┘
slskd_1  | [20:31:32 INF] Version: 0.20.0.0 (0.20.0.0+264019f1)
slskd_1  | [20:31:32 INF] System: .NET 8.0.2, Unix 6.1.74.8, 64 bit, 4 processors
slskd_1  | [20:31:32 INF] Process ID: 7 (64 bit)
slskd_1  | [20:31:32 INF] Invocation ID: c364e3b4-a25d-413e-868a-61f7c075f7c1
slskd_1  | [20:31:32 INF] Instance Name: default
slskd_1  | [20:31:32 INF] Configuring application...
slskd_1  | [20:31:32 INF] Using application directory /app
slskd_1  | [20:31:32 INF] Using configuration file /app/slskd.yml
slskd_1  | [20:31:32 INF] Storing application data in /app/data
slskd_1  | [20:31:32 INF] Saving application logs to /app/logs
slskd_1  | [20:31:36 INF] Listening for HTTP requests at http://0.0.0.0:5030/
slskd_1  | [20:31:36 INF] Listening for HTTPS requests at https://0.0.0.0:5031/
slskd_1  | [20:31:36 INF] Using randomly generated self-signed certificate
slskd_1  | [20:31:39 INF] Using base url /
slskd_1  | [20:31:39 INF] Serving static content from /slskd/wwwroot
slskd_1  | [20:31:39 INF] Configuration complete.  Starting application...
slskd_1  | [20:31:40 INF] Application started
slskd_1  | [20:31:41 INF] Listening for incoming connections on 0.0.0.0:50300
slskd_1  | [20:31:41 INF] Checking GitHub Releases for latest version
slskd_1  | [20:31:41 INF] Initializing shares
slskd_1  | [20:31:41 INF] Share cache StorageMode is 'Memory'. Attempting to load from backup...
slskd_1  | [20:31:42 INF] Share cache backup validated. Attempting to restore...
slskd_1  | [20:31:42 INF] Share cache successfully restored from backup
slskd_1  | [20:31:42 INF] Share cache loaded from disk successfully. Sharing 0 directories and 0 files
slskd_1  | [20:31:42 INF] Warming browse response cache...
slskd_1  | [20:31:42 INF] Starting system clock...
slskd_1  | [20:31:42 INF] Browse response cached successfully in 112ms
slskd_1  | [20:31:42 INF] System clock started
slskd_1  | [20:31:43 INF] Connected to the Soulseek server
slskd_1  | [20:31:43 INF] A new version is available! 0.20.0.0 -> 0.20.1
slskd_1  | [20:31:43 INF] Logged in to the Soulseek server as nbu

On firefox using web console I get :
(*** to hide Id data)

HTTP/2 401 
server: nginx
date: Mon, 08 Apr 2024 21:16:11 GMT
content-type: application/octet-stream
content-length: 0
x-sso-wat: You've just been SSOed
www-authenticate: Bearer
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2


GET /api/v0/session HTTP/2
Host: slskd.*****.***
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: application/json, text/plain, */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Referer: https://slskd.*****.***/searches
Cookie: SSOwAuthUser=admin; SSOwAuthHash=475d6dd58608*********************************************f8f00b34cb05e38fb7************a08dea86c5e55bf; SSOwAuthExpire=1713209706.31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

Is there any Yunohost logs that would be relevant to share ?

Thanks for the help .

6

Still no solutions :frowning: . Maybe I ll just wait for slskd to be in Yunohost official apps… @tituspijean no idea what my next steps could be?
cheers

7

slskd begins listening for incoming connections on port 50300 and maps the application directory to the provided path

Did you open port 50300 on yunohost firewall?

8

Have you removed this from the nginx configuration?

9

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.