Container behind reverse proxy forwards to localhost

[merspieler]

I've got the container running with -p 8084:8080.
Traffic goes through an apache2 web server which handles ssl.
This works initially but at times I get forwarded to https://localhost:8084/ instead of my domain.
Editing the url, replacing localhost:8084 with the domain gets me to that site but on some actions I get redirected again to localhost:8084

BASE_URL is set to https://survey.<my.domain>
Apache2 config:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName survey.my.domain
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/lime-mer-error.log
                CustomLog ${APACHE_LOG_DIR}/lime-mer-access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/letsencrypt/live/survey.my.domain/fullchain.pem
                SSLCertificateKeyFile   /etc/letsencrypt/live/survey.my.domain/privkey.pem

                ProxyPass "/" "http://localhost:8084/" connectiontimeout=5 timeout=30
                ProxyPassReverse "/" "http://localhost:8084/"

                # LetsEncrypt ACME
                <Location /.well-known>
                        ProxyPass !
                </Location>
        </VirtualHost>
</IfModule>

What am I doing wrong?

[martialblog]

Hi, have you tried also setting the PUBLIC_URL variable to https://survey.<my.domain>?

[merspieler]

I didn't before as the description said something about scripts (Public URL for public scripts) so I wasn't sure.
Adding it didn't help tho, I keep getting redirected.
I Even wiped the database in case something did persist in there but no luck.

[martialblog]

Ok, another thing could be the Alias in the Apache config inside the Container. The docker-compose.traefik.yml has an example for that:

    volumes:
      # Unfortunately the StripPrefix Function in Traefik won't work;
      # Meaning, we will have to set 'Alias /limesurvey "/var/www/html"' in the Apache Config
      - "./examples/apache-example.conf:/etc/apache2/sites-available/000-default.conf:ro"

You can find the apache-example.conf in this repo.

[merspieler]

Not sure how an alias should help me as it's already located at the document root.
Tried it anyways with Alias / "/var/www/html" but no change as I expected.

[martialblog]

Hi, I just added an example on a new branch: https://github.com/martialblog/docker-limesurvey/tree/docs/apache-proxy

It is somehwat working, however we run into an old issue in which the application doesn't know it's behind a proxy: #49 when you call the /admin area.

I'll try some more the coming days, if you have any progress let me know.

[merspieler]

Thanks.

Since you said it only affects the admin area, I went ahead, with that inconvenience and created the small survey I needed just now.

Participating in the survey works without that issue.

Would be great tho if it'd fully work in the future.

Thanks for your work.

[jimartinezabadias]

Hi everyone!
Had the same issue running the fpm version behind a nginx reverse proxy.
Setting the PUBLIC_URL and BASE_URL variables didn't work.

The solution I found was adding the HTTP_HOST fastcgi_param in the nginx.conf file that the docker-compose service uses.

location ~ \.php$ { include fastcgi_params; fastcgi_param HTTP_HOST <my.domain>; }

Hopefully this will be helpful.

[martialblog]

@jimartinezabadias You hint was on point!

In Apache the ProxyPreserveHost On option can be used and it works.

Thanks a lot! This issue has been open for a while.

[foofoo-kev]

Hi everyone! Had the same issue running the fpm version behind a nginx reverse proxy. Setting the PUBLIC_URL and BASE_URL variables didn't work.

The solution I found was adding the HTTP_HOST fastcgi_param in the nginx.conf file that the docker-compose service uses.

location ~ \.php$ { include fastcgi_params; fastcgi_param HTTP_HOST <my.domain>; }

Hopefully this will be helpful.

I am running in the exact same problem. Could you post your complete (sanitized) nginx config?

[martialblog]

@Kartoffelhumpen I updated the nginx.conf in the examples folder. Can you try this one and see if it works?

https://github.com/martialblog/docker-limesurvey/blob/master/examples/nginx.conf

[foofoo-kev]

Unfortunately this does not work at all. I'm getting a 500 internal Server Error
Nginx Error-Log:

2023/03/20 15:43:37 [error] 8#8: *16 rewrite or internal redirection cycle while internally redirecting to "index.php", client: <My IP>, server: <FQDN>, request: "GET / HTTP/1.1", host: "<FQDN>:8080"

[martialblog]

@Kartoffelhumpen I just tried to recreate issue with the docker-compose.fpm.alpine.yml from the repo. With my.survey.localhost as an example domain pointing to localhost.

As far as I can tell this works as expected.

Can you give some details on how you run the Container and what the Reverse Proxy config looks like?

[foofoo-kev]

I tried again all morning and still got the same result. I also used fpm.alpine version.
My domain is: survey.my.example.com

Compose file:

version: '2.0'

# networks
# create a network 'limenetwork_compose' in mode 'bridged'
networks:
  limenetwork_compose:
    driver: bridge

# services
services:
  # mariadb
  mariadb:
    image: mariadb:10.7.8
    container_name: limesurvey_mariadb
    restart: always
    volumes:
    - /opt/limesurvey/database:/var/lib/mysql
    networks:
      limenetwork_compose:
    environment:
      - "MYSQL_USER=limesurvey"
      - "MYSQL_DATABASE=limesurvey"
      - "MYSQL_PASSWORD=changeme"
      - "MYSQL_ROOT_PASSWORD=changeme"

  limesurvey:
    build: .
    volumes:
      - /tmp/upload/surveys:/var/www/html/upload/surveys
      - lime:/var/www/html
    links:
      - mariadb
    depends_on:
      - mariadb
    environment:
      - "DB_HOST=mariadb"
      - "DB_PASSWORD=changeme"
      - "ADMIN_PASSWORD=changeme"
      - "DB_TABLE_PREFIX=limesurvey"
    networks:
      limenetwork_compose:

  lime-web:
    image: docker.io/nginx:alpine
    links:
      - limesurvey
    depends_on:
      - limesurvey
    ports:
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - /etc/containers/limesurvey/certs/:/etc/nginx/certs/
      - lime:/var/www/html
    networks:
      limenetwork_compose:

volumes:
  lime:

Nginx Config:

worker_processes 1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    server {
        listen       443 ssl http2;
        server_name   survey.my.example.com;

        ssl_certificate     /etc/nginx/certs/crt.pem;
        ssl_certificate_key /etc/nginx/certs/key.pem;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "HIGH:!aNULL:!MD5;";
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        ssl_stapling off;
        ssl_stapling_verify off;

        index index.php;
        set $host_path "/var/www/html";
        include /etc/nginx/mime.types;
        root /var/www/html;
        charset utf-8;
        location / {
            try_files $uri /index.php?$args;
        }
        location ~ ^/(protected|application|framework|themes/\w+/views) {
            deny  all;
        }
        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
            try_files $uri =404;
        }
        location ~ \.php$ {
            fastcgi_split_path_info  ^(.+\.php)(.*)$;
            try_files $uri index.php;
            include fastcgi_params;
            fastcgi_index index.php;
            fastcgi_pass  limesurvey:9000;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
            # For Subdomains like https://survey.example.com
            fastcgi_param  HTTP_HOST survey.my.example.com;
        }
    }
}

Some result: https://survey.my.example.com works fine. Opening https://survey.my.example.com/admin redirects to http://limesurvey/admin/

[martialblog]

I used your nginx.conf (without SSL) and the docker-compose.fpm.alpine.yml from the repo. survey.my.example.com/admin worked alright.

Maybe there's some old Containers/Volumes or config lying around and being used? Maybe exec into the Containers and see what's files are being used.

[foofoo-kev]

I also tried again with a completely new installation.
Opening https://survey.my.example.com/admin still does not work after the initial deployment.

But: when I use the complete URL https://survey.my.example.com/index.php/admin/authentication/sa/login everything works as expected and I can log in without any problems.

After logging in the redirect for https://survey.my.example.com/admin also works.
Looks like some kind of limesurvey .htaccess problem or something similar.

In short: works for me

[martialblog]

Interesting. Thanks for the feedback

[martialblog]

Since we now some more insight on this issue and have some working examples I will close this issue.

Thanks everyone for the help and for your feedback!