Configuring a reverse proxy

Hi,

I’m still unclear as to how I go about resolving this error message despite reviewing the user guide and forum especially this particular entry: Version 3.0.1 Debian - Oops! Something went wrong!
which I have followed verbatim.

I have checked config.yml and the public URL and port address are correct.

I have re-run the install script using the following command: sudo ./install https://groove-genie.co.uk:8082 --listen-port 8082 --update-nginx in the hope that this would rectify the issue but that appears to have been unsuccessful.

I’m not quite sure what my next step is and wanted to ask can I not just add the url and port address to the config.yml file and re-initialise it?

Below is the entry from the legacy.log file:

2023-04-28T10:08:12+01:00 ERR (3): [CORSHelper.php:14 - enableCrossOriginRequests()] - request origin 'https://groove-genie.co.uk' is not in the configured 'allowed_cors_origins' 'https://groove-genie.co.uk:8082, '
2023-04-28T10:08:12+01:00 NOTICE (5): Trying to get property 'id' of non-object
2023-04-28T10:08:12+01:00 ERR (3): [ErrorController.php:28 - errorAction()] - Forbidden
2023-04-28T10:08:12+01:00 ERR (3): [ErrorController.php:29 - errorAction()] - #0 /usr/share/libretime/legacy/application/controllers/LoginController.php(24): CORSHelper::enableCrossOriginRequests()
#1 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Action.php(516): LoginController->indexAction()
#2 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Dispatcher/Standard.php(308): Zend_Controller_Action->dispatch()
#3 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch()
#4 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application/Bootstrap/Bootstrap.php(105): Zend_Controller_Front->dispatch()
#5 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application.php(391): Zend_Application_Bootstrap_Bootstrap->run()
#6 /usr/share/libretime/legacy/application/airtime-boot.php(77): Zend_Application->run()
#7 /usr/share/libretime/legacy/public/index.php(56): require_once('/usr/share/libr...')
#8 {main}
2023-04-28T10:08:12+01:00 ERR (3): [ErrorController.php:62 - errorAction()] - An internal application error has occurred.: Zend_Controller_Action_Exception: Forbidden in /usr/share/libretime/legacy/application/common/CORSHelper.php:17
Stack trace:
#0 /usr/share/libretime/legacy/application/controllers/LoginController.php(24): CORSHelper::enableCrossOriginRequests()
#1 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Action.php(516): LoginController->indexAction()
#2 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Dispatcher/Standard.php(308): Zend_Controller_Action->dispatch()
#3 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch()
#4 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application/Bootstrap/Bootstrap.php(105): Zend_Controller_Front->dispatch()
#5 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application.php(391): Zend_Application_Bootstrap_Bootstrap->run()
#6 /usr/share/libretime/legacy/application/airtime-boot.php(77): Zend_Application->run()
#7 /usr/share/libretime/legacy/public/index.php(56): require_once('/usr/share/libr...')
#8 {main}

Thanks in advance.

Hi,

You need to consider the following points:

  • What is the URL used to access LibreTime in the browser ? This URL should be set in the general.public_url field in the config.yml file.
  • Your listen-port should only be different from the port in the public_url if you use a reverse proxy between the internet and LibreTime, since the reverse proxy will do the routing from one port to the other. See the newer reverse proxy documentation
  • You shouldn’t need to configure additional allowed cors origins unless you have a website on some other domain name that consume the data from LibreTime.

From the logs, I understand that you are accessing LibreTime (in your browser) using the https://groove-genie.co.uk url, but you have configured your public url to https://groove-genie.co.uk:8082. So there is a mismatch in the origins.

Hi Joola,

Thanks!

The URL set in the general.public_url field to access LibreTime is: https://groove-genie.co.uk:8082

The listen-port is set to 8082 (as I’m running on the same host as the reverse proxy) so I’ve left port 80 and 443 free. I note the updated reverse proxy documentation and will review the documentation and apply to my configuration (fingers crossed!)

So am I right in assuming if I remove the port address reference (8082) this will resolve the mismatch error?

Hi Joola,

I have systematically gone through your helpful suggestions and still can’t resolve my problem.

To confirm the URL used to access the browser is: https://groove-genie.co.uk

I have run the install script a number of times incorporating the --listen port 8082 argument and this corresponds with the general.public_url field entry in config.yml.

The Nginx reverse proxy appears to be functioning as expected as I’m able to run nginx -t with no errors and dry-run certificate renewal with no issues; the resulting certificate has been generated and is valid.

I’m completely at a loss as to resolution; if I can’t manually amend CORS what are my options?

Thanks for your valuable help to date.

Have you configured a reverse proxy ? If so, please paste the configuration file here.

If not you have to connect the reverse proxy listenning at port 80 on you server, to the backend listenning at 8002, based on the domain name.

Hi Joola,
I did add the additional lines of code to implement the reverse proxy copying the amended libretime.conf to /etc/nginx/sites-enabled/ I run nginx -t prior to restarting nginx at which point I get a failure.
I remove the additional lines of code relating to the reverse proxy and everything appears to function (I’m able to verify the certbot auto-renewal) no joy in terms of CORS authentication.
Here are the configuration files in question:

libretime.conf:

server {
listen 8082;
listen [::]:8082;

access_log /var/log/nginx/libretime.access.log;
error_log /var/log/nginx/libretime.error.log;

root /usr/share/libretime/legacy/public;

index index.php index.html index.htm;

client_max_body_size 512M;
client_body_timeout 300s;

location ~ \.php$ {
fastcgi_buffers 64 4K;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# try_files $uri =404;
try_files $fastcgi_script_name =404;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;

fastcgi_index index.php;
fastcgi_pass unix:/run/libretime-legacy.sock;
}

location / {
try_files $uri $uri/ /index.php$is_args$args;
}

location ~ ^/api/(v2|browser) {
include proxy_params;
proxy_redirect off;
proxy_pass http://unix:/run/libretime-api.sock;
}
}

groove-genie.co.uk.conf:

server {
root /var/www/groove-genie.co.uk/html;
index index.html index.htm index.nginx-debian.html;

server_name groove-genie.co.uk www.groove-genie.co.uk;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;

proxy_pass http://groove-genie.co.uk:8082/;
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/groove-genie.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/groove-genie.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
if ($host = www.groove-genie.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = groove-genie.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
listen [::]:80;

server_name groove-genie.co.uk www.groove-genie.co.uk;
return 404; # managed by Certbot
}

Regards,

Originalsoulbwoy

Why not use ?

proxy_pass http://localhost:8082/;

Hi Joola,

I tried the suggested change but still encounter the same issue; here is the legacy.log error message:

2023-05-08T13:45:23+01:00 ERR (3): [CORSHelper.php:14 - enableCrossOriginRequests()] - request origin ‘https://groove-genie.co.uk’ is not in the configured ‘allowed_cors_origins’ ‘http://groove-genie.co.uk:8082, ’
2023-05-08T13:45:23+01:00 NOTICE (5): Trying to get property ‘id’ of non-object
2023-05-08T13:45:23+01:00 ERR (3): [ErrorController.php:28 - errorAction()] - Forbidden
2023-05-08T13:45:23+01:00 ERR (3): [ErrorController.php:29 - errorAction()] - #0 /usr/share/libretime/legacy/application/controllers/LoginController.php(24): CORSHelper::enableCrossOriginRequests()
#1 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Action.php(516): LoginController->indexAction()
#2 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Dispatcher/Standard.php(308): Zend_Controller_Action->dispatch()
#3 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch()
#4 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application/Bootstrap/Bootstrap.php(105): Zend_Controller_Front->dispatch()
#5 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application.php(391): Zend_Application_Bootstrap_Bootstrap->run()
#6 /usr/share/libretime/legacy/application/airtime-boot.php(77): Zend_Application->run()
#7 /usr/share/libretime/legacy/public/index.php(56): require_once(’/usr/share/libr…‘)
#8 {main}
2023-05-08T13:45:23+01:00 ERR (3): [ErrorController.php:62 - errorAction()] - An internal application error has occurred.: Zend_Controller_Action_Exception: Forbidden in /usr/share/libretime/legacy/application/common/CORSHelper.php:17
Stack trace:
#0 /usr/share/libretime/legacy/application/controllers/LoginController.php(24): CORSHelper::enableCrossOriginRequests()
#1 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Action.php(516): LoginController->indexAction()
#2 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Dispatcher/Standard.php(308): Zend_Controller_Action->dispatch()
#3 /usr/share/libretime/legacy/vendor/zf1s/zend-controller/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch()
#4 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application/Bootstrap/Bootstrap.php(105): Zend_Controller_Front->dispatch()
#5 /usr/share/libretime/legacy/vendor/zf1s/zend-application/library/Zend/Application.php(391): Zend_Application_Bootstrap_Bootstrap->run()
#6 /usr/share/libretime/legacy/application/airtime-boot.php(77): Zend_Application->run()
#7 /usr/share/libretime/legacy/public/index.php(56): require_once(’/usr/share/libr…')
#8 {main}

I know you’ve previously stated that adding https://groove-genie.co.uk to the allowed_cors_origin list isn’t advised but that’s the only thing I haven’t tried so far; I’m wondering whether I should give this a go out of curiosity?

If the default is how would you add additional entries? Can I add additional entries delimited with a comma to the code block in the config.yml file?

Regards,

Please configure your public_url properly.

With all due respect; the public_url property has been configured correctly as you’ll see from the attached extract of the config.yml.

general:

The public url.

> this field is REQUIRED

public_url: http://groove-genie.co.uk:8082

Change your public_url to https://groove-genie.co.uk

I wrote this in some previous answer.