Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to permit all hosts using ALLOWED_HOSTS #78

Open
virdb opened this issue Sep 17, 2024 · 8 comments
Open

How to permit all hosts using ALLOWED_HOSTS #78

virdb opened this issue Sep 17, 2024 · 8 comments

Comments

@virdb
Copy link

virdb commented Sep 17, 2024

I noticed the new variable, but I don't understand how to use it to enable all hosts.
I commented it out , but still no login is possible from outside.

How can I enable all hosts or subnets?

Thanks a lot and best regards
@nickthecook
Copy link
Owner

Try ALLOWED_HOSTS=[\"*\"] in your local.env file.

@virdb
Copy link
Author

virdb commented Sep 18, 2024

I did, but unsuccessfully.

This is what I found in the log of archyve-archyve-1:

I, [2024-09-18T07:23:12.216652 #62]  INFO -- : [f29be021-4264-4811-999d-a3e4a94c2e70] Started GET "/" for 192.168.3.222 at 2024-09-18 07:23:12 +0000
I, [2024-09-18T07:23:37.773307 #34]  INFO -- : [ce1d62c2-9adb-4b7c-8ea1-04155ba5220b] Started GET "/" for 192.168.3.222 at 2024-09-18 07:23:37 +0000
I, [2024-09-18T07:23:58.901556 #62]  INFO -- : [f29be021-4264-4811-999d-a3e4a94c2e70] Processing by CollectionsController#index as HTML
I, [2024-09-18T07:23:58.901571 #34]  INFO -- : [ce1d62c2-9adb-4b7c-8ea1-04155ba5220b] Processing by CollectionsController#index as HTML
I, [2024-09-18T07:24:04.180216 #34]  INFO -- : [ce1d62c2-9adb-4b7c-8ea1-04155ba5220b] Completed 401 Unauthorized in 5155ms (ActiveRecord: 0.0ms | Allocations: 2294)
I, [2024-09-18T07:24:04.180207 #62]  INFO -- : [f29be021-4264-4811-999d-a3e4a94c2e70] Completed 401 Unauthorized in 5155ms (ActiveRecord: 0.0ms | Allocations: 2294)
I, [2024-09-18T07:24:06.845087 #34]  INFO -- : [c01d3276-18d6-4722-ae2d-11ac66de2e80] Started GET "/" for 192.168.3.222 at 2024-09-18 07:24:06 +0000
I, [2024-09-18T07:24:07.008232 #34]  INFO -- : [c01d3276-18d6-4722-ae2d-11ac66de2e80] Processing by CollectionsController#index as HTML
I, [2024-09-18T07:24:07.124047 #34]  INFO -- : [c01d3276-18d6-4722-ae2d-11ac66de2e80] Completed 401 Unauthorized in 116ms (ActiveRecord: 0.0ms | Allocations: 731)
I, [2024-09-18T07:24:09.521661 #34]  INFO -- : [a1870165-c6c3-4ed9-8c45-50ba2c2d744d] Started GET "/users/sign_in" for 192.168.3.222 at 2024-09-18 07:24:09 +0000
I, [2024-09-18T07:24:10.181405 #34]  INFO -- : [a1870165-c6c3-4ed9-8c45-50ba2c2d744d] Processing by Devise::SessionsController#new as HTML
I, [2024-09-18T07:24:25.585651 #34]  INFO -- : [a1870165-c6c3-4ed9-8c45-50ba2c2d744d]   Rendered layout layouts/application.html.erb (Duration: 4368.3ms | Allocations: 4501)
I, [2024-09-18T07:24:25.783197 #34]  INFO -- : [a1870165-c6c3-4ed9-8c45-50ba2c2d744d] Completed 200 OK in 15553ms (Views: 7730.8ms | ActiveRecord: 193.6ms | Allocations: 25249)
I, [2024-09-18T07:24:35.812979 #34]  INFO -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] Started POST "/users/sign_in" for 192.168.3.222 at 2024-09-18 07:24:35 +0000
I, [2024-09-18T07:24:36.218976 #34]  INFO -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] Processing by Devise::SessionsController#create as TURBO_STREAM
I, [2024-09-18T07:24:36.219124 #34]  INFO -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc]   Parameters: {"authenticity_token"=>"[FILTERED]", "user"=>{"email"=>"admin@archyve.io", "password"=>"[FILTERED]", "remember_me"=>"true"}, "commit"=>"Sign in"}
W, [2024-09-18T07:24:36.624243 #34]  WARN -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] HTTP Origin header (http://192.168.1.4) didn't match request.base_url (http://192.168.1.4:3300)
I, [2024-09-18T07:24:37.033260 #34]  INFO -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] Completed 422 Unprocessable Entity in 794ms (ActiveRecord: 0.0ms | Allocations: 961)
E, [2024-09-18T07:24:37.270424 #34] ERROR -- : [e0b2cede-71bc-4f1d-9c7a-45133d9f37dc]   
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] ActionController::InvalidAuthenticityToken (HTTP Origin header (http://192.168.1.4) didn't match request.base_url (http://192.168.1.4:3300)):
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc]   
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/request_forgery_protection.rb:293:in `handle_unverified_request'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/request_forgery_protection.rb:388:in `handle_unverified_request'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] devise (4.9.3) lib/devise/controllers/helpers.rb:255:in `handle_unverified_request'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/request_forgery_protection.rb:377:in `verify_authenticity_token'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:403:in `block in make_lambda'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:202:in `block (2 levels) in halting'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:203:in `block in halting'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:598:in `block in invoke_before'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:598:in `each'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:598:in `invoke_before'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:119:in `block in run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] turbo-rails (2.0.5) lib/turbo-rails.rb:24:in `with_request_id'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] turbo-rails (2.0.5) app/controllers/concerns/turbo/request_id_tracking.rb:10:in `turbo_tracking_request_id'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] audited (5.6.0) lib/audited/sweeper.rb:16:in `around'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] audited (5.6.0) lib/audited/sweeper.rb:16:in `around'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actiontext (7.1.3.2) lib/action_text/rendering.rb:23:in `with_renderer'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actiontext (7.1.3.2) lib/action_text/engine.rb:69:in `block (4 levels) in <class:Engine>'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:130:in `instance_exec'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:141:in `run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/abstract_controller/callbacks.rb:258:in `process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/rescue.rb:25:in `process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/instrumentation.rb:74:in `block in process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/notifications.rb:206:in `block in instrument'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/notifications.rb:206:in `instrument'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/instrumentation.rb:73:in `process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal/params_wrapper.rb:261:in `process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activerecord (7.1.3.2) lib/active_record/railties/controller_runtime.rb:32:in `process_action'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/abstract_controller/base.rb:160:in `process'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionview (7.1.3.2) lib/action_view/rendering.rb:40:in `process'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal.rb:227:in `dispatch'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_controller/metal.rb:309:in `dispatch'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/routing/route_set.rb:32:in `serve'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/routing/mapper.rb:21:in `block in <class:Constraints>'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/routing/mapper.rb:51:in `serve'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/journey/router.rb:51:in `block in serve'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/journey/router.rb:131:in `block in find_routes'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/journey/router.rb:124:in `each'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/journey/router.rb:124:in `find_routes'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/journey/router.rb:32:in `serve'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/routing/route_set.rb:882:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack-pjax (1.1.0) lib/rack/pjax.rb:12:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] warden (1.2.9) lib/warden/manager.rb:36:in `block in call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] warden (1.2.9) lib/warden/manager.rb:34:in `catch'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] warden (1.2.9) lib/warden/manager.rb:34:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/tempfile_reaper.rb:20:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/etag.rb:29:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/conditional_get.rb:43:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/head.rb:15:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/http/permissions_policy.rb:36:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/http/content_security_policy.rb:33:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack-session (2.0.0) lib/rack/session/abstract/id.rb:272:in `context'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack-session (2.0.0) lib/rack/session/abstract/id.rb:266:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/cookies.rb:689:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activegraph (11.5.0.beta.2) lib/active_graph/migrations/check_pending.rb:16:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/callbacks.rb:101:in `run_callbacks'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/callbacks.rb:28:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] sentry-rails (5.18.1) lib/sentry/rails/rescued_exception_interceptor.rb:9:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] sentry-ruby (5.18.1) lib/sentry/rack/capture_exceptions.rb:15:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] railties (7.1.3.2) lib/rails/rack/logger.rb:37:in `call_app'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] railties (7.1.3.2) lib/rails/rack/logger.rb:24:in `block in call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/tagged_logging.rb:135:in `block in tagged'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/tagged_logging.rb:39:in `tagged'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/tagged_logging.rb:135:in `tagged'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] activesupport (7.1.3.2) lib/active_support/broadcast_logger.rb:240:in `method_missing'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] railties (7.1.3.2) lib/rails/rack/logger.rb:24:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/remote_ip.rb:92:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/request_id.rb:28:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/method_override.rb:28:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/runtime.rb:24:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/executor.rb:14:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] actionpack (7.1.3.2) lib/action_dispatch/middleware/static.rb:25:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] rack (3.0.9.1) lib/rack/sendfile.rb:114:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] railties (7.1.3.2) lib/rails/engine.rb:536:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/configuration.rb:272:in `call'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/request.rb:100:in `block in handle_request'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/thread_pool.rb:378:in `with_force_shutdown'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/request.rb:99:in `handle_request'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/server.rb:464:in `process_client'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/server.rb:245:in `block in run'
[e0b2cede-71bc-4f1d-9c7a-45133d9f37dc] puma (6.4.2) lib/puma/thread_pool.rb:155:in `block in spawn_thread'

192.168.1.4 is the address of the docker box where archyve is runnin on.

@nickthecook
Copy link
Owner

Interesting... I don't think this issue is caused by ALLOWED_HOSTS.

It looks like you were hitting /, getting redirected to /users/sign_in, then getting rejected. The API is under /v1, e.g. /v1/collections to list collections. You'll need to set the API auth headers if you haven't already.

Are you writing a client, trying to connect another, existing app, or something else?

@virdb
Copy link
Author

virdb commented Sep 18, 2024
edited
Loading

Interesting... I don't think this issue is caused by ALLOWED_HOSTS.

It looks like you were hitting /, getting redirected to /users/sign_in, then getting rejected. The API is under /v1, e.g. /v1/collections to list collections. You'll need to set the API auth headers if you haven't already.

Are you writing a client, trying to connect another, existing app, or something else?

Just try to login into archyve web server from my laptop web browser pointing http://xxx.xxx.xxx.xxx:3300/

@nickthecook
Copy link
Owner

Ah, I see.

I have found a few other people with the same error in other apps, and in all cases they seem to be accessing the app through a reverse proxy, like NGINX.

Are you accessing Archyve through NGINX or another reverse proxy?

@virdb
Copy link
Author

virdb commented Sep 19, 2024

Ah, I see.

I have found a few other people with the same error in other apps, and in all cases they seem to be accessing the app through a reverse proxy, like NGINX.

Are you accessing Archyve through NGINX or another reverse proxy?

Actually not yet. I'directly connect via LAN address

@nickthecook
Copy link
Owner

I'm trying to reproduce, so I ran Archyve in the container on another machine, but I was able to connect without issue. I added the ALLOWED_HOSTS entry I posted above and was still able to connect.

I've just cloned the repo and run docker compose up -d on the other machine, and connected to http://192.168.1.20:3300 and http://othermachinehostname:3300 and had no issues.

I also had docker listen on :80 instead of :3300 so I could just type the URL without port into the address bar in a browser to see if that generated an issue, but everything still worked.

Questions:

  1. In your browser, do you put http://192.168.1.4:3300 in the URL bar, or just http://192.168.1.4? If the latter, what is taking a request on port 80 and mapping it to 3300 in the rails container?

  2. Have you modified the compose file at all, or just run it as is on your docker box?

  3. Are you starting the containers with docker compose up -d, or using some orchestration software?

  4. What browser are you using? The error logs complain about an Origin header, but when I send a request in Firefox it's not sending that header at all.

@oxaronick
Copy link
Collaborator

@virdb Did you get it to work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickthecook @virdb @oxaronick