starred/snibox
1
0
Fork 0
mirror of https://github.com/snibox/snibox.git synced 2026-04-25 15:56:04 +03:00
Code Issues 44 Projects Releases Packages Wiki Activity

[GH-ISSUE #84] Snibox redirects without port on SSL? #59

New issue
Closed
opened 2026-02-27 23:18:42 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 23:18:42 +03:00
Owner
Copy link

Originally created by @nitobuendia on GitHub (May 21, 2022).
Original GitHub issue: https://github.com/snibox/snibox/issues/84

Context and Issue Explanation

I have a copy of Snibox running on docker. Snibox runs on port XX80 (e.g. 6080) on HTTP, which is mapped to snibox port 80. I have a nginx proxy on top of it to enable HTTPS on a port other than 443 or 80 (e.g. 95). On top of this, I have my domain pointing to the right IPs for Snibox and/or NGINX as needed.

This does not happen with the other docker apps I have under the same NGINX configuration, so I don't think it's related to the NGINX configuration, but I could be wrong.

Expected Behaviour

Accessing https://snibox.mydomain.com:95 should redirect to https://snibox.mydomain.com:95/login

Actual Behaviour

Accessing https://snibox.mydomain.com:95 redirects to https://snibox.mydomain.com/login and fails to load.

Questions

Is there a way to modify this redirect to include the port?

Snibox Docker Configuration
This is my docker-compose.yaml for Snibox:

version: "3"

services:
  frontend:
    container_name: snibox_frontend
    image: snibox/nginx-puma:latest
    restart: unless-stopped
    ports:
      - 6080:80
    environment:
      - TZ=Asia/Singapore
    volumes:
      - ./static-files:/var/www/html
    depends_on:
      - backend

  backend:
    container_name: snibox_backend
    image: snibox/snibox:latest
    restart: unless-stopped
    command: sh -c "rm -rf tmp/pids && ./bin/rails s -p 3000 -b '0.0.0.0'"
    env_file:
      - ./secrets.env
    environment:
      TZ: Asia/Singapore
      FORCE_SSL: "false"
    volumes:
      - ./static-files:/app/public

NGINX Site Configuration
This is my NGINX configuration:

server {
    server_name snibox-through-nginx.mydomain.com;
    # Base ports.
    listen              80 ssl http2;
    listen              [::]:80 ssl http2;
    
    listen              90 ssl http2;
    listen              [::]:90 ssl http2;
    
    listen              443 ssl http2;
    listen              [::]:443 ssl http2;
    
    listen              95 ssl http2;
    listen              [::]:95 ssl http2;
    
    # SSL
    ssl_certificate     /etc/ssl/private/fullchain.pem;
    ssl_certificate_key /etc/ssl/private/privkey.pem;
    
    # Security
    # security headers
    add_header X-Frame-Options           "SAMEORIGIN" always;
    add_header X-XSS-Protection          "1; mode=block" always;
    add_header X-Content-Type-Options    "nosniff" always;
    add_header Referrer-Policy           "no-referrer-when-downgrade" always;
    # add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    
    # . files
    location ~ /\.(?!well-known) {
        deny all;
    }

    # favicon.ico
    location = /favicon.ico {
        log_not_found off;
        access_log    off;
    }
    
    # robots.txt
    location = /robots.txt {
        log_not_found off;
        access_log    off;
    }
    
    # gzip
    gzip            on;
    gzip_vary       on;
    gzip_proxied    any;
    gzip_comp_level 6;
    gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;


    location / {
        proxy_pass http://snibox-directly.mydomain.com:6080;
        proxy_http_version                 1.1;
        proxy_cache_bypass                 $http_upgrade;
        
        # Proxy headers
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_set_header Origin '';
        
        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 128;
        
        # Proxy timeouts
        proxy_connect_timeout              60s;
        proxy_send_timeout                 60s;
        proxy_read_timeout                 60s;

        # Proxy headers
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        "upgrade";

    }
}
Originally created by @nitobuendia on GitHub (May 21, 2022). Original GitHub issue: https://github.com/snibox/snibox/issues/84 **Context and Issue Explanation** I have a copy of Snibox running on docker. Snibox runs on port XX80 (e.g. 6080) on HTTP, which is mapped to snibox port 80. I have a nginx proxy on top of it to enable HTTPS on a port other than 443 or 80 (e.g. 95). On top of this, I have my domain pointing to the right IPs for Snibox and/or NGINX as needed. * When I access http://snibox-directly.mydomain.com:6080 - it redirects to http://snibox-directly.mydomain.com:6080/login and it works fine. * However, when I access https://snibox-through-nginx.mydomain.com:95, it automatically redirects to https://snibox.mydomain.com/login, which ignores the port and fails because my port 443 is not configured (on purpose). If I manually change it to https://snibox.mydomain.com:95/login - then I can login normally. This does not happen with the other docker apps I have under the same NGINX configuration, so I don't think it's related to the NGINX configuration, but I could be wrong. **Expected Behaviour** Accessing https://snibox.mydomain.com:95 should redirect to https://snibox.mydomain.com:95/login **Actual Behaviour** Accessing https://snibox.mydomain.com:95 redirects to https://snibox.mydomain.com/login and fails to load. **Questions** Is there a way to modify this redirect to include the port? **Snibox Docker Configuration** This is my docker-compose.yaml for Snibox: ```yaml version: "3" services: frontend: container_name: snibox_frontend image: snibox/nginx-puma:latest restart: unless-stopped ports: - 6080:80 environment: - TZ=Asia/Singapore volumes: - ./static-files:/var/www/html depends_on: - backend backend: container_name: snibox_backend image: snibox/snibox:latest restart: unless-stopped command: sh -c "rm -rf tmp/pids && ./bin/rails s -p 3000 -b '0.0.0.0'" env_file: - ./secrets.env environment: TZ: Asia/Singapore FORCE_SSL: "false" volumes: - ./static-files:/app/public ``` **NGINX Site Configuration** This is my NGINX configuration: ``` server { server_name snibox-through-nginx.mydomain.com; # Base ports. listen 80 ssl http2; listen [::]:80 ssl http2; listen 90 ssl http2; listen [::]:90 ssl http2; listen 443 ssl http2; listen [::]:443 ssl http2; listen 95 ssl http2; listen [::]:95 ssl http2; # SSL ssl_certificate /etc/ssl/private/fullchain.pem; ssl_certificate_key /etc/ssl/private/privkey.pem; # Security # security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; # add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # . files location ~ /\.(?!well-known) { deny all; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; location / { proxy_pass http://snibox-directly.mydomain.com:6080; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; # Proxy headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header Origin ''; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; # Proxy timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Proxy headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } ```
kerem closed this issue 2026-02-27 23:18:42 +03:00
kerem commented 2026-02-27 23:18:43 +03:00
Author
Owner
Copy link

@nitobuendia commented on GitHub (May 21, 2022):

I am not very savvy with Ruby, but I have a hypothesis of what may be happening.

I would assume the culprit might be this line here where the redirects happens for logged out users.

The issue seems similar than here. Since Snibox within the docker container is listening on port 80, when the redirect happens, it sends the user to port 80. Instead, we should be checking the port that has been called and add it to the redirect so it gets sent to the right port from where it came.

<!-- gh-comment-id:1133529272 --> @nitobuendia commented on GitHub (May 21, 2022): I am not very savvy with Ruby, but I have a hypothesis of what may be happening. I would assume the culprit might be [this line here where the redirects happens for logged out users](https://github.com/snibox/snibox/blob/c756dfffbf2cda8a33a66c2bc4d7da0584fcbcbe/app/controllers/registrations_controller.rb#L15). The issue seems [similar than here](https://stackoverflow.com/questions/3011715/send-redirects-to-specific-ports). Since Snibox within the docker container is listening on port 80, when the redirect happens, it sends the user to port 80. Instead, we should be checking the port that has been called and add it to the redirect so it gets sent to the right port from where it came.
kerem commented 2026-02-27 23:18:43 +03:00
Author
Owner
Copy link

@nitobuendia commented on GitHub (May 23, 2022):

I think I fixed the issue replacing proxy_set_header Host $host;
with proxy_set_header Host $host:$server_port;

<!-- gh-comment-id:1134929386 --> @nitobuendia commented on GitHub (May 23, 2022): I think I fixed the issue replacing `proxy_set_header Host $host;` with `proxy_set_header Host $host:$server_port;`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/websocket-extensions-0.1.4
dependabot/bundler/websocket-extensions-0.1.5
dependabot/npm_and_yarn/acorn-6.4.1
dependabot/bundler/puma-3.12.4
dependabot/bundler/rake-13.0.1
dependabot/bundler/nokogiri-1.10.8
dependabot/bundler/rack-2.0.8
dependabot/bundler/loofah-2.3.1
dependabot/bundler/rubyzip-1.3.0
dependabot/npm_and_yarn/mixin-deep-1.3.2
dependabot/bundler/devise-4.7.1
No results found.
Labels
Clear labels   
bug

   
docs request

   
enhancement

   
feature request

   
feature request

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
docs request
enhancement
feature request
feature request
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/snibox#59
No description provided.