Freshrss: Using FreshRSS with Apache Reverse Proxy

Created on 16 Nov 2019  路  12Comments  路  Source: FreshRSS/FreshRSS

Hi, using the latest version of FreshRSS.

I have an issue with the auth logging in as follows:

Local IP/Name:- The auth works and logs in fine and the software works.
Apache Reverse Proxy (Another machine):- Won't get past the login page and only shows a 403 Don't have permission error. (Strangely, Edge works just fine, FF or Chrome doesn't!)

I'm using the default config file that comes with FreshRSS and my reverse proxy doesn't have much in it, only the reverse parts and my SSL info.

I know this is the auth part. If I disable it, the reverse proxy part works fine. Can anyone point me to an Apache config that works, or to the lines I'm missing to get the auth part to play nicely.

Thank you.

Documentation help wanted
Source
picture pjshots

All 12 comments

Maybe it was the cookies in my configuration (See https://github.com/FreshRSS/FreshRSS/issues/2918) of Apache. I now have:

ProxyPreserveHost On
ProxyPass /fr http://127.0.0.1:9797
ProxyPassReverse /fr http://127.0.0.1:9797

RequestHeader set X-Forwarded-Proto "https"

<Proxy http://127.0.0.1:9797>

   ProxyPassReverseCookiePath / /fr
   ProxyPassReverseCookieDomain localhost www.xxx.de

   Require all granted

   Options none

</Proxy>

And it now seems to work on https://www.xxx.de/fr

Twilek-de picture Twilek-de on 20 Apr 2020

I believe it might be due to using a subdirectory and not providing the path information via X-Forwarded-Prefix
I am making a quick test

Alkarex picture Alkarex on 20 Apr 2020

Quick test, that seems to work:

    ProxyPreserveHost On
    ProxyPass /fr/ http://127.0.0.1:8080/
    ProxyPassReverse /fr/ http://127.0.0.1:8080/
    RequestHeader set X-Forwarded-Prefix "/fr"

Could you try, without the cookie stuff?

Alkarex picture Alkarex on 20 Apr 2020
👍1

P.S. Remember to purge your local cookies between each tests

Alkarex picture Alkarex on 20 Apr 2020

I used a browser I think I haven麓t used before AND purged the cookies. Seems to work just fine.

Twilek-de picture Twilek-de on 20 Apr 2020

@Twilek-de If it works with the X-Forwarded-Prefix, would be be so kind to make a PR to add this documentation to https://github.com/FreshRSS/FreshRSS/blob/master/Docker/README.md#alternative-reverse-proxy-using-nginx

P.S. and remember to check your base_url in ./data/config.php if the URL used for installing FreshRSS is not the same than the final one.

Alkarex picture Alkarex on 20 Apr 2020
👍1

P.P.S We should also add the other headers when relevant:

X-Forwarded-Proto
X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Prefix
X-WebAuth-User
Alkarex picture Alkarex on 20 Apr 2020

I have created a PR with a sample configuration that resembles my own. The other headers are way over my head when it comes to configuring Apache and I couldn麓t competently comment on when and why to use them. My own Apache configuration is more like quick and dirty hacking (meaning copy and pasting from the net) until it works :-) .

Twilek-de picture Twilek-de on 20 Apr 2020

@Twilek-de That sounds fine :-P Please send your PR, and I will suggest a few lines to add

Alkarex picture Alkarex on 20 Apr 2020

I thought I already had, but it seems that Github hasn麓t even saved what I added. :-( I will have a look at it and redo it tonight after work.

Twilek-de picture Twilek-de on 21 Apr 2020

Ok I am officially too stupid to use Github :-). I can麓t get the repo to branch only to fork and after I rewrote the changes I found where Github had saved the changes I did yesterday... Argh... As I did this in my own fork of the repo (the only way I could edit the file) I think that you will not be able to see the changes and I cannot figure out how to do a pull request against the main repo here are the changes I added to the readme....

### Alternative reverse proxy using [apache 2.4](https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html)

Here is an example of configuration to run FreshRSS behind an Apache reverse proxy (as subdirectory).
You have to have a working SSL configuration and the apache modules proxy and proxy_http installed

INSERT CODE MARKDOWN HERE
ProxyPreserveHost On
ProxyPass /freshrss http://127.0.0.1:8080
ProxyPassReverse /freshrss http://127.0.0.1:8080



<Proxy http://127.0.0.1:8080>

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Prefix "/freshrss"

    Require all granted

    Options none

</Proxy>
INSERT CODE MARKDOWN HERE
Twilek-de picture Twilek-de on 21 Apr 2020

Woohoo look at that, I think it worked in the end. I am feeling like the grandmaster of github right now. Althought I think I spend 5 times as long to fiddle with Github than to write that little code snipped :-)

Twilek-de picture Twilek-de on 21 Apr 2020
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Glaived picture Glaived  路  5Comments
treyssatvincent picture treyssatvincent  路  5Comments
Offerel picture Offerel  路  5Comments
deanishe picture deanishe  路  4Comments
Sp3r4z picture Sp3r4z  路  4Comments