On Rails 5.2, SSL enviroment, running as reverse_proxy with Nginx, whenever I submit a form I get the error:
HTTP Origin header (https://agro2business.com.br) didn't match
request.base_url (https://agro2business.com.br, agro2business.com.br)
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)
ActionController::InvalidAuthenticityToken
(ActionController::InvalidAuthenticityToken)
I'd read about configuring params and Nginx for passing on headers in another StackOverflow questions but no luck so far. My nginx config file:
proxy_pass http://localhost:4000;
}
location / {
proxy_pass http://localhost:4000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Port $server_port;
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
Why is Rails trying to compare the header with two values?
request.base_url (https://agro2business.com.br, agro2business.com.br)
My problem was that in my nginx config I was setting header Host two times and this was causing url generation misleadings, which in turn was invalidating form submissions.
proxy_pass http://localhost:4000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
**proxy_set_header Host $http_host;**
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
**proxy_set_header Host $http_host;**
proxy_set_header X-Real-Port $server_port;
proxy_set_header X-Real-Scheme $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
Just removing one the two proxy_set_header Host $http_host; did the trick
Related
Nginx Setup
AKAMAI
| +---> Nginx port 82
| |
-> AWS ELB/ALB -> Nginx Server(Port 80) -> Docker (Nginx Port 81) --|
|
+----> Nginx port 83
Browser sents request on HTTPS but Nginx server running on port 82/83 receiving x-forwarded-proto/scheme as http instead of https
Nginx Port 80 config
http {
...
server {
...
listen 80;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:81";
}
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}
Nginx Port 81 config
server {
listen 81;
location ~ ^/v1/test {
proxy_pass http://127.0.0.1:82;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
break;
}
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://127.0.0.1:83;
}
}
Nginx Port 82 Config
server {
...
listen 82;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
Nginx Port 83 Config
server {
...
listen 83;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
Applications running on port 82/83 are rails applications and use Passenger to serve the traffic.
Even we tried setting as below in 82/83 Nginx server configs
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Scheme https;
I am creating an app which has two parts:
Backend (with Rails 6)
FrontEnd (with React)
So, locally I setup nginx server for proxying.
But when I try to do a POST request, I got this error:
HTTP Origin header (http://app.example.local:8080) didn't match request.base_url (http://app.example.local)
The nginx host (app.example.local) has the following configuration:
server {
listen 8080;
listen [::]:8080;
server_name app.example.local;
access_log /usr/local/var/log/nginx/app.example.local_access.log;
error_log /usr/local/var/log/nginx/app.example.local_error.log;
location / {
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://127.0.1:3001;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api {
proxy_pass http://app.example.local:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Making a GET request to http://app.example.com:8080/api/posts, for example, works fine.
But when I try a POST request to http://app.example.com:8080/api/posts I am getting the following error:
Started POST "/api/posts" for 127.0.0.1 at 2020-07-29 15:20:11 +0100
Processing by API::PostsController#create as JSON
Parameters: {"post"=>{"title"=>"Demo 2", "content"=>"Post Demo 2"}}
HTTP Origin header (http://app.example.local:8080) didn't match request.base_url (http://app.example.local)
Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms | Allocations: 432)
ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
actionpack (6.0.3.2) lib/action_controller/metal/request_forgery_protection.rb:215:in `handle_unverified_request'
...
I setup backend CORs like this:
allow do
origins %r{https?://(.*?)\.example\.local:8080$}
resource '*',
headers: :any,
methods: %i[get post put patch delete options head],
credentials: true
end
And I am sending correctly the CSRF_TOKEN.
I already saw similar error here but the solutions are not fixing my problem. Most of them the problem are being caused by SSL. But since I am not using SSL this should not be the cause.
What am I missing?
I have 2 docker containers that contain 2 websites, a new website and an old website.
New website run on port 8000 (Laravel) and the old website run on port 8001 (VueJS).
I want the location / proxy pass to the new website and the location /old proxy pass to the old website.
For new website, it can be accessed properly.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8000;
}
but for the old website, assets, images, fonts are still 404.
location /old {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8001;
}
404 because when access https://my.domain.net/old/, the asset that should be called is https://my.domain.net/old/asset/images/logo.png
But this is still https://my.domain.net/asset/images/logo.png so that 404 is not found.
Please help.
location ~* '^/(assets|images|fonts)/' {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8001;
}
I inspect element, for location /old the assets redirect to my.domain.net/asset.css. (absolutely 404 not found)
It looks like your localhost:8001 redirects.
I have 3 website and running on docker port 8000, 8001, and 8002.
I'm configuring nginx with this config:
server {
server_name my.domain.net;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /old {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /new {
proxy_pass http://127.0.0.1:8002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
It works for location /, but for location /old and /new without all assets. I inspect element, for location /old the assets redirect to http://my.domain.net (absolutely 404 not found), where it should be http://my.domain.net/old/asset.css.
Need advice
Please help.
In your new and old applications hosted at 8081 and 8082 respectively, add assetsDir in your configuration.
vue.config.js:
module.exports = {
assetsDir: 'new'
}
This question has been asked many times but I am not able to figure out problem even after trying all solutions.
I am getting
[a9736d85-6b19-425f-b9b0-50070ad6ca5f] Started GET "/api/v1/notifications/"[non-WebSocket] for 172.18.0.8 at 2017-10-16 18:30:31 +0000
[a9736d85-6b19-425f-b9b0-50070ad6ca5f] Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: close, HTTP_UPGRADE: )
[a9736d85-6b19-425f-b9b0-50070ad6ca5f] Finished "/api/v1/notifications/"[non-WebSocket] for 172.18.0.8 at 2017-10-16 18:30:31 +0000
In my development.rb I have
config.action_cable.allowed_request_origins = [ 'http://172.18.0.8:3000', 'http://0.0.0.0:3000', '0.0.0.0', '0.0.0.0:3000']
In nginx.config, I have
location #rails {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
location /cable {
proxy_pass http://unicorn;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
cable.yml looks like
development:
adapter: redis
url: redis://localhost:6379/1
Please tell me why I am getting this error?
Thanks in advance.
I got it running (with Puma) using the following nginx.conf:
upstream app {
server app:3000 fail_timeout=0;
}
server {
listen 80;
server_name localhost;
root /usr/src/app/public;
location / {
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /cable {
proxy_pass http://app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
break;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}