3.00 beta2 reverse proxy issues
Forum rules
Help us help you:
Help us help you:
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
3.00 beta2 reverse proxy issues
Hi all, first time poster.
I just upgraded my server from Ubuntu 18.04 to 20.04 and sabnzbd from 2.3.9 to 3.0.0Beta2 [faedd22]. I have apache2 setup with a virtual host for sab, and it's always worked flawlessly until the upgrade to sab 3.0.0. But now I'm getting redirects from https to http, and pages won't load. If I manually type in URLs, they do load properly. Example:
Entering https://sabnzbd.[mydomain].com/ will redirect to http://sabnzbd.[mydomain].com/login/ and the page fails to load. Manually changing the URL to https will get the login screen to appear. After entering credentials and clicking login, it again drops the https and tries to load http://sabnzbd.[mydomian].com and fails. And again, manually changing the URL to https gets the page to load. Once logged it, browsing through sab's different pages works as expected.
My sab installation is using defaults (host 0.0.0.0, port 8085, base URL /sabnzbd). I've tried changing the base URL to just / but that had no effect. My apache2 virtual host entry is below:
<VirtualHost *:443>
SSLEngine on
ServerAdmin [redacted]
ServerName sabnzbd.[mydomain].com
DocumentRoot /var/www/[redacted]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8085/"
ProxyPassReverse "/" "http://127.0.0.1:8085/"
</VirtualHost>
(In case anyone asks why there are no SSL cert/key entries in the virtual host, it's because the SSL cert is provided by Let's Encrypt through the mod_md module.)
To reiterate, this setup has worked perfectly for years. It's only since the upgrade from sab 2.3.9 to 3.0.0 that I've encountered issues. And my reverse proxies for other services are all still working correctly with the upgrade to Ubuntu 20.04.
Any ideas on what the issue is and how to resolve it? Any help is appreciated!
I just upgraded my server from Ubuntu 18.04 to 20.04 and sabnzbd from 2.3.9 to 3.0.0Beta2 [faedd22]. I have apache2 setup with a virtual host for sab, and it's always worked flawlessly until the upgrade to sab 3.0.0. But now I'm getting redirects from https to http, and pages won't load. If I manually type in URLs, they do load properly. Example:
Entering https://sabnzbd.[mydomain].com/ will redirect to http://sabnzbd.[mydomain].com/login/ and the page fails to load. Manually changing the URL to https will get the login screen to appear. After entering credentials and clicking login, it again drops the https and tries to load http://sabnzbd.[mydomian].com and fails. And again, manually changing the URL to https gets the page to load. Once logged it, browsing through sab's different pages works as expected.
My sab installation is using defaults (host 0.0.0.0, port 8085, base URL /sabnzbd). I've tried changing the base URL to just / but that had no effect. My apache2 virtual host entry is below:
<VirtualHost *:443>
SSLEngine on
ServerAdmin [redacted]
ServerName sabnzbd.[mydomain].com
DocumentRoot /var/www/[redacted]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:8085/"
ProxyPassReverse "/" "http://127.0.0.1:8085/"
</VirtualHost>
(In case anyone asks why there are no SSL cert/key entries in the virtual host, it's because the SSL cert is provided by Let's Encrypt through the mod_md module.)
To reiterate, this setup has worked perfectly for years. It's only since the upgrade from sab 2.3.9 to 3.0.0 that I've encountered issues. And my reverse proxies for other services are all still working correctly with the upgrade to Ubuntu 20.04.
Any ideas on what the issue is and how to resolve it? Any help is appreciated!
Re: 3.00 beta2 reverse proxy issues
Hi,
I followed https://sabnzbd.org/wiki/extra/howto-apache and that works beatifully with my SABnzbd-3 running HTTP on port 8080, from Internet. (Not from within my LAN ... apparantly my router does not support u-turn routing).
So ... you have a different apache config. And you use SSL, which might be confusing it?
So:
I followed https://sabnzbd.org/wiki/extra/howto-apache and that works beatifully with my SABnzbd-3 running HTTP on port 8080, from Internet. (Not from within my LAN ... apparantly my router does not support u-turn routing).
So ... you have a different apache config. And you use SSL, which might be confusing it?
So:
Code: Select all
<Location /sabnzbd>
order deny,allow
deny from all
allow from all
ProxyPass http://192.168.1.4:8080/sabnzbd
ProxyPassReverse http://192.168.1.4:8080/sabnzbd
</Location>
Re: 3.00 beta2 reverse proxy issues
And after installing letsencrypt / certbot, sabnzbd is also reachable via HTTPS on the rerverse proxy: certbot (or apache2) automatically filled out the above reverse proxy settings for sabnzbd in 000-default-le-ssl.conf
It was as easy as
It was as easy as
Code: Select all
sudo apt-get install certbot python-certbot-apache
upnpc -a 192.168.1.3 80 80 tcp
upnpc -a 192.168.1.3 443 443 tcp
sudo certbot --apache -d myhostsomewhereduckdns.org
Re: 3.00 beta2 reverse proxy issues
I've been doing some more testing today, and I've been able to get it working. If I add a second virtual host for sabnzbd running on port 80 (in addition to the virtual host on port 443), then the reverse proxy works as it did on 2.3.9 and all https requests remain https. It's strange because none of my other virtual hosts require a second/dummy virtual host on port 80, and sabnzbd never required it before moving to 3.0.0. It would be interesting to figure out what's changed in 3.0.0 and/or with the move to python3 that's changed the behaviour.
Re: 3.00 beta2 reverse proxy issues
We didn't really change anything about that. Isn't it the browser that changed maybe?
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: 3.00 beta2 reverse proxy issues
Nothing has changed in my setup except the upgrade to Ubuntu 20.04 and sabnzbd 3.0.0b2. Apache version and config is the same, tested on multiple browsers, etc.
Re: 3.00 beta2 reverse proxy issues
Check the apache error logs and where you see errors use the timestamp of those errors to check around the same time in the sabnzbd log. Your configuration looks similar to mine. It's kind of hard to guessing what's wrong without seeing the logsstoli412 wrote: ↑June 7th, 2020, 12:32 pm I've been doing some more testing today, and I've been able to get it working. If I add a second virtual host for sabnzbd running on port 80 (in addition to the virtual host on port 443), then the reverse proxy works as it did on 2.3.9 and all https requests remain https. It's strange because none of my other virtual hosts require a second/dummy virtual host on port 80, and sabnzbd never required it before moving to 3.0.0. It would be interesting to figure out what's changed in 3.0.0 and/or with the move to python3 that's changed the behaviour.
Re: 3.00 beta2 reverse proxy issues
I experience redirecting to http on port 80 when upgrading to 3 as well, though I'm using nginx for the reverse proxy with lets encrypt. I manually edited the url each time I ended up on the wrong scheme and port and it eventually got the sab interface. API requests seem to be working normally. My OS is Windows 10.
Re: 3.00 beta2 reverse proxy issues
Could you give more examples? Is this happening on every page? Or just a few?
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: 3.00 beta2 reverse proxy issues
I ended up changing my nginx config to rewrite redirects with `proxy_redirect http://my-domain/ https://my-domain:8080/;` to work around the issue so I could disable that if you need more detail. Previous to that hitting the index page would redirect, logging in would rediect, and logged out would redirect. I was able to hit all the config pages but I assume those are SPA style pages and so it's different. I tried adding X-Forwarded-Port but that didn't help sab figure out the port to use. I started sending X-Forwarded-Proto and sab started redirecting to the right scheme. Sab would also have the host header so between the host, scheme, and port it should be able to figure out how to redirect.
Re: 3.00 beta2 reverse proxy issues
I thought the problem was redirect to the wrong scheme?
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: 3.00 beta2 reverse proxy issues
I use a nonstandard port as well which is lost, but the scheme is wrong as well. I removed the redirect rewriting, and this is the relevant nginx config (I think):
I click logout:
I hit the index page:
sab is getting the domain but losing the sheme and port - this worked on the 2.x builds.
Code: Select all
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port 8080;
Code: Select all
GET https://my-domain.com:8080/sabnzbd/login/?logout=1
Status Code: 303 See Other
Location: http://my-domain.com/sabnzbd
Code: Select all
https://my-domain.com:8080/sabnzbd/
Status Code: 303 See Other
Location: http://my-domain.com/sabnzbd/login/
Re: 3.00 beta2 reverse proxy issues
This seems to be an issue with CherryPy that doesn't allow relative redirects. Will submit a ticket.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: 3.00 beta2 reverse proxy issues
Actually, what happens if you just fill your whole url in the Config > Special > url_base setting?
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: 3.00 beta2 reverse proxy issues
I couldn't get any pages to load after changing that config, everything was a 404. I had to edit the .ini file directly to get things working. Another weird thing about that was right clicking the system tray icon and choosing "show interface" opened internet explorer instead of my default browser chrome.