Docker Compose SSL Config

[snipe]

Discussed in #15337

^{Originally posted by Masterain98 August 20, 2024}

I'm receiving a URL error in the pre-flight page, showing Uh oh! Snipe-IT thinks your URL is http://my-domain.com/setup, but your real URL is https://my-domain.com:80/setup Please update your APP_URL settings in your .env file. If I ignore the error and continue to process, some form in the Snipe-it won't response.

Here is the docker compose file, I'm using Cloudflare Tunnel to connect the system to the Internet with SSL.

volumes:
  db_data:
  storage:

services:
  app:
    image: snipe/snipe-it:${APP_VERSION:-v6.4.1}
    restart: always
    volumes:
      - ./storage:/var/lib/snipeit
    env_file:
      - .env

  tunnel:
    container_name: Snipe-IT-Tunnel
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    environment:
      - TUNNEL_TOKEN=

Followed some other issues, added APP_TRUSTED_PROXIES=REMOTE_ADDR, SECURE_COOKIES=true in the .env environment file

[welcome]

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

[setpill]

Port mismatch might be addressed by setting the Host header in the reverse proxy. Unsure how to resolve the protocol mismatch; snipe-it seems to ignore the X-Forwarded-Proto header.

[snipe]

@setpill laravel/framework#41598

GitHub

Trusted Proxies doesn't seem to work with these headers · laravel framework · Discussion #41598

Hello, I'm attempting to setup Trusted Proxies so Laravel understands it needs to create https links when responding to requests. However this doesn't appear to be working as I'm still getting http...

[setpill]

@snipe thanks for the link, I was indeed missing one of the headers mentioned there. However, setting that does not seem to work... Perhaps something else is wrong. Excerpt from my nginx config:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;

In my docker.env I have

APP_TRUSTED_PROXIES="*"

(I have also tried with this set to 0.0.0.0/0).

[setpill]

Does it have something to do with the HEADER_X_FORWARDED_AWS_ELB in TrustProxies.php? I am selfhosting this, not using a cloud provider.

[setpill]

Delving a bit deeper, I realise that the reference there to HEADER_X_FORWARDED_AWS_ELB is entirely redundant; it is a bitwise OR of several constants set by symfony.

HEADER_X_FORWARDED_AWS_ELB, here, is defined corresponding to a bitwise OR of HEADER_X_FORWARDED_{FOR,PROTO,PORT}, which is everything already ORed in Laravel without HOST. However, since the bitwise OR only works "additive" so to say, the AWS_ELB part does not contribute anything.

Bit of a red herring there. Issue still unsolved.

[setpill]

#9179 potentially related

[Masterain98]

Thank you @setpill! I just noticed this issue, and followed the instruction in your PR, the issue is gone.