API broken with reverse proxy setup

[vladaurosh]

What installation are you running?

Production (netalertx) 📦

Is there an existing issue for this?

• I have searched the existing open and closed issues and I checked the docs https://docs.netalertx.com/

The issue occurs in the following browsers. Select at least 2.

• Firefox
• Chrome
• Edge
• Safari (unsupported) - PRs welcome
• N/A - This is an issue with the backend

Current Behavior

Homepage app widget stopped working after upgrade to v26.2.6, with error:
error: <credentialedProxyHandler> HTTP Error 403 calling https://netalertx.example.com/server/devices/totals

Backend API URL is set to https://netalertx.example.com/server

Tried:
curl 'https://netalertx.example.com/server/devices/totals' -H 'Authorization: Bearer MYTOKEN'
and got:

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

Also:
curl 'http://127.0.0.1:20212/devices' -H 'Authorization: Bearer MYTOKEN'
does not work, returns:
{"error":"Forbidden","message":"ERROR: Not authorized","success":false}

What is working:

curl 'http://127.0.0.1:20212/graphql' \
  -X POST \
  -H 'Authorization: Bearer MYTOKEN' \
  -H 'Content-Type: application/json' \
  --data '{
    "query": "query GetDevices($options: PageQueryOptionsInput) { devices(options: $options) { devices { rowid devMac devName devOwner devType devVendor devLastConnection devStatus } count } }",
    "variables": {
      "options": {
        "page": 1,
        "limit": 10,
        "sort": [{ "field": "devName", "order": "asc" }],
        "search": "",
        "status": "connected"
      }
    }
  }'

So I know my token is ok.

Also /php/server/query_json.php?file=app_state.json works fine with the token,

Expected Behavior

APIs should work.

Steps To Reproduce

N/A

Relevant app.conf settings

N/A

docker-compose.yml

N/A

Debug or Trace enabled

• I have read and followed the steps in the wiki link above and provided the required debug logs and the log section covers the time when the issue occurs.

Relevant app.log section

  PASTE LOG HERE. Using the triple backticks preserves format.

Docker Logs

  PASTE DOCKER LOG HERE. Using the triple backticks preserves format.

[jokob-sk]

Hi @vladaurosh ,

Thanks for the report.

CCan you try clearing the Backend API URL setting?

@adamoutler do you have an idea what could have caused this?

[adamoutler]

1. for best results set backend to /server no https.... this accounts for changes that might happen as well as IP address access.
2. You cannot access https://netalertx.example.com/server/* as in https://netalertx.example.com/server/devices/totals. it's for internal use only. You'll need to port the 20212 port separately to a different URL.
   note: You CAN however, attach port 20212 to /server to bypass this at your proxy.
3. We could probably use a different failure message for the 403 to make this more apparent.

I suppose this is why I'm called in, for #3. Will update when complete.

[adamoutler]

I think this is what you should have seen instead of just 403

[vladaurosh]

@adamoutler Ok, setting Backend API URL to http://ip:20212/server seems to be even worse. Network tab is just loading forever.

http://ip:20212/devices/total works fine however.

I have probably misunderstood something here, I thought that
location /server/
was added in nginx to rewrite /server/* to * and proxy to backend.

[adamoutler]

just /server. no https, no ip, no 20212, just /server. that's the default. You can also leave it blank. And hit the in-app refresh button at the top of the page after changing it.

[vladaurosh]

Ok that has worked.
I guess this needs updating

What to put as url in Homepage netalertx widget? http://ip:graphql_port ?

[jokob-sk]

Unsure - I don't use Homepage myself... maybe <server:webui port>/server/devices/total