Madsonic+nginx+https = broken buttons

Post your Server Bug Report
StalkerNOVA
Contributor
Contributor
Posts: 20
Joined: 15 Jun 2016, 08:24
Has thanked: 0
Been thanked: 6 times

Madsonic+nginx+https = broken buttons

Unread post by StalkerNOVA » 15 Jun 2016, 08:31

If you place Madsonic as HTTP backend for nginx with HTTPS frontend you get broken button "Settings" in the left tab. But "Profile" has no problem.

This bug came from Subsonic.

Chrome DevConsole:
Mixed Content: The page at 'https:...' was loaded over HTTPS, but requested an insecure resource 'http:...'. This request has been blocked; the content must be served over HTTPS.
Last edited by StalkerNOVA on 16 Jun 2016, 00:58, edited 1 time in total.

StalkerNOVA
Contributor
Contributor
Posts: 20
Joined: 15 Jun 2016, 08:24
Has thanked: 0
Been thanked: 6 times

Re: Madsonic+nginx+https = broken settings button

Unread post by StalkerNOVA » 16 Jun 2016, 00:57

Same for ranking and recommendations.

User avatar
Madsonic
Administrator
Administrator
Posts: 960
Joined: 07 Dec 2012, 03:58
Has thanked: 1146 times
Been thanked: 447 times

Re: Madsonic+nginx+https = broken buttons

Unread post by Madsonic » 16 Jun 2016, 11:07

Hi there,

i setup a example enviroment as follow:


*) install Madsonic server with default settings

*) install or update nginx

*) create selfsign cert

Code: Select all

cd /etc/nginx

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
*) edit nginx config

Code: Select all

sudo nano /etc/nginx/sites-enabled/default
*) replace nginx config

Code: Select all

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name localhost; # Replace localhost with your.domain.com

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/madsonic.access.log;
    error_log             /var/log/nginx/madsonic.error.log;

    location / {

      proxy_set_header Host              $host;
      proxy_set_header X-Real-IP         $remote_addr;
      proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      
      proxy_pass          http://localhost:4040;
      proxy_redirect      http:// https://;
      proxy_read_timeout  90;
    }
  }
*) restart services

Code: Select all

sudo service madsonic restart
sudo service nginx restart
*) try to access Madsonic local

Code: Select all

http://localhost:4040
*) try to access Madsonic over nginx

Code: Select all

http://localhost
Hope this help you to check your config!

PS: i send you a PM with a newer Madsonic build with several bug fixes.

Best regards

StalkerNOVA
Contributor
Contributor
Posts: 20
Joined: 15 Jun 2016, 08:24
Has thanked: 0
Been thanked: 6 times

Re: Madsonic+nginx+https = broken buttons

Unread post by StalkerNOVA » 16 Jun 2016, 14:58

Steps to reproduce:
  1. disable redirect from 80 to 443
  2. allow proxy from 80 to madsonic 4040
  3. open madsonic with admin user
  4. right click at settings and open in new tab
You'll get the following:
  • For short time link https /settings.view will be opened
  • Instantly you'll be redirected to http /adminSettings.view
With redirect enabled you'll get one more step and will be instantly redirected to https.

May be it would not be a problem without option for nginx (but it's the best practice if you don't ban frames completely):

Code: Select all

add_header X-Frame-Options SAMEORIGIN;

StalkerNOVA
Contributor
Contributor
Posts: 20
Joined: 15 Jun 2016, 08:24
Has thanked: 0
Been thanked: 6 times

Re: Madsonic+nginx+https = broken buttons

Unread post by StalkerNOVA » 21 Jun 2016, 06:54

There are lots of links directly to http... They got visible if you make separate logs for http and https at nginx...

Making Madsonic https behind nginx isn't a good idea because https overhead gets even bigger (Madsonic encode traffic to https, nginx decode it and encode it again to transfer to end user).

At 80 and 443 ports I've many other services so can't dedicate them to Madsonic directly. Other ports are not always available from corporate networks.

PurellAdvanced
Posts: 2
Joined: 11 Oct 2016, 20:40
Has thanked: 0
Been thanked: 1 time

Re: Madsonic+nginx+https = broken buttons

Unread post by PurellAdvanced » 11 Oct 2016, 20:54

I've also been bitten by this issue. The workaround for Nginx (using proxy_redirect) doesn't work for me since I use Caddy server to reverse proxy to Madsonic, and it doesn't have an equivalent method to rewrite the Location header going back to the client. I'd hate to have to migrate back to Nginx or Apache just because of this, so a bug fix would be really appreciated.

Looks like Subsonic also has this problem and it even has an outstanding patch to fix it, maybe that could come in handy? (Patch #23 on Sourceforce, sorry I can't link it).
These users thanked the author PurellAdvanced for the post:
Madsonic

User avatar
Madsonic
Administrator
Administrator
Posts: 960
Joined: 07 Dec 2012, 03:58
Has thanked: 1146 times
Been thanked: 447 times

Re: Madsonic+nginx+https = broken buttons

Unread post by Madsonic » 15 Oct 2016, 05:25

Hi there,

i will include that fix in the next 6.2 branch. :thumbsup:

PurellAdvanced
Posts: 2
Joined: 11 Oct 2016, 20:40
Has thanked: 0
Been thanked: 1 time

Re: Madsonic+nginx+https = broken buttons

Unread post by PurellAdvanced » 26 Oct 2016, 19:56

Thanks so much Madevil!

StalkerNOVA
Contributor
Contributor
Posts: 20
Joined: 15 Jun 2016, 08:24
Has thanked: 0
Been thanked: 6 times

Re: Madsonic+nginx+https = broken buttons

Unread post by StalkerNOVA » 19 Nov 2016, 12:19

BTW "Settings" button do not work. "Userprofile" has no problem.

When you rate smth stars do not show new rating until you refresh page (or go somewhere else and than return back to the page).

Post Reply