Login attempts just redirect to home page

rhedgeco · December 7, 2023, 7:51pm

My version of HedgeDoc is: 1.9.9

What I expected to happen:

I set up my hedgedoc instance using a docker-compose file. Here is the current revision with default passwords:

version: '3'
services:
  database:
    image: postgres:13.4-alpine
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=hedgedoc
    volumes:
      - database:/var/lib/postgresql/data
    restart: always
  app:
    # Make sure to use the latest release from https://hedgedoc.org/latest-release
    image: quay.io/hedgedoc/hedgedoc:1.9.9
    environment:
      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
      - CMD_DOMAIN=docs.hedgecock.dev
      - CMD_URL_ADDPORT=false
      - CMD_PROTOCOL_USESSL=true
      - CMD_ALLOW_ORIGIN=[‘docs.hedgecock.dev’]
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_ALLOW_ANONYMOUS=false
      - CMD_ALLOW_ANONYMOUS_EDITS=true
    volumes:
      - uploads:/hedgedoc/public/uploads
    ports:
      - "3000:3000"
    restart: always
    depends_on:
      - database
    stdin_open: true
    tty: true
volumes:
  database:
  uploads:

The docker container serves itself on port 3000. The next layer is a nginx-reverse proxy. I found the docs on how to set that up but I had to change it from using port 443 to port 80 because I don’t have any certs on my server. Here is the relevant nginx proxy file:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}
server {
        listen 80;
        listen [::]:80;
        server_name docs.hedgecock.dev;

        location / {
                proxy_pass http://0.0.0.0:3000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /socket.io/ {
                proxy_pass http://0.0.0.0:3000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }
}

The last layer here is from cloudflare. All of my traffic routes through there before being proxied to my server. Cloudflare handles all the ssl certs and communicates directly with my server over http. This allows me to have minimal setups on my server but still expose it as https through cloudflare on https://docs.hedgecock.dev

The site works and is up and running. I ensure a user is added through the ./manage_users script. I expect that when I try to log in, everything will route successfully and log me in.

What actually happened:

When I log in with the user I added, it pings the /login route and I can see it in the server logs, but it returns a 302 error and sends me back to the homepage.

I already tried:

Reading the docs on reverse proxy with nginx. That is how I got here.

rhedgeco · December 7, 2023, 11:32pm

Update!!!

I fixed the problem. It seems where every single other person on here needed to have X-Forwarded-Proto set in their reverse proxy, I needed to remove it. This is because the communication between cloudflare and my server was not https and should not be forwarded. Everything works now. As for whether or not the data SHOULD be using https between cloudflare and my server is another story.