Webauthn - Reverse proxy + additionnal

[novakin]

Describe the bug
Using reverse proxy cant configure webauthn have following error: Cannot read properties of undefined (reading 'challenge')
Without reverse proxy on direct external IP mentions Passkeys are not supported on browser : tested with latest chrome and chromium: WebAuthn is not supported in this browser

To Reproduce
Steps to reproduce the behavior:

1. Go to Preferences > Auth
2. Click on Add passkey > input name click ok

Expected behavior
Expected to have passkey configuration window

Info (please complete the following information):

• Server OS: Debian 12.8
• Server Arch: x64
• Nginx UI Version: 2.0.0-beta.40 (2)
• Your Browser: Chrome, Chromium

Additional context
With reverse proxy, I guess im missing something on config for 3002 port

Nginx-ui

[server]
Host    = 127.0.0.1
Port    = 9000
RunMode = release

[webauthn]
# This is the display name
RPDisplayName = Nginx UI
# The domain name of Nginx UI
RPID          = XXX.XXX.net
# The list of origin addresses
RPOrigins     = https://XXX.XXX.net:3002

Nginx reverse proxy conf

upstream nginxui-default {
  zone nginxui-default 64k;
  server 127.0.0.1:9000;
  keepalive 2;
}
upstream nginxui-ws {
  zone nginxui-ws 64k;
  server 127.0.0.1:3002;
  keepalive 2;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      "";

#------------------------------------------------------------------------
# REDIRECTION HTTPS
#

server {
        listen 80;
        listen [::]:80;
        server_name XXX.XXX.net;

        location '/.well-known/acme-challenge' {
        allow all;
        try_files $uri /$1;}

        location / {
        return 301 https://$server_name$request_uri;}
        }

#------------------------------------------------------------------------
# BLOCK SERVEUR HTTPS
#
server {
        server_name XXX.XXX.XX;

        listen 443 quic;
        listen [::]:443 quic;
        listen 443 ssl;
        listen [::]:443 ssl;
        http2 on;

        index index.php index.html index.htm;
        client_max_body_size 10G;

        add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
        include common/ssl-XXX.net.conf;

        add_header Strict-Transport-Security "max-age=15768000";

  location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass http://nginxui-default;
    }

}

[0xJacky]

If you are using a reverse proxy, the RPOrigins should be the base path of your reverse proxy server, in your case, you should set it to https://admin.xxx.xxx not https://admin.xxx.xxx:3002.

[novakin]

Done, and still have the same issue : "Cannot read properties of undefined (reading 'challenge')"

[webauthn]
# This is the display name
RPDisplayName = Nginx UI
# The domain name of Nginx UI
RPID          = XXX.XXX.net
# The list of origin addresses
RPOrigins     = https://XXX.XXX.net

[0xJacky]

Did you try to restart nginx-ui after modify the app.ini?

[novakin]

Yes, it shows same config in panel

EDIT: In case restarted both nginx-ui and nginx

[0xJacky]

Fixed in 6abf682, will be released in beta.41. Thanks for your report.