-
Welcome to the Chevereto User Community!
Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.
Please keep in mind:
- This community is user-driven. Always be polite and respectful to others.
- Support development by purchasing a Chevereto license, which also gives you priority support.
- Go further by joining the Community Subscription for even faster response times and to help sustain this space
-
Chevereto Support CLST
Support response
- Extra Support is delivered within 24-hours.
- Pro Subscription ticket response time is within 7 days on Software Support, Bug Tracking and RFC.
- Bug Tracking requires an active Chevereto self-hosted subscription.
- Community Help is user driven. Be polite with other users and do not expect official support.
Support checklist
- Got a Something went wrong message? Read this guide and provide the actual error. Do not skip this.
- Confirm that the server meets the System Requirements
- Check for any available Hotfix - your issue could be already reported/fixed
- Read documentation - It will be required to Debug and understand Errors for a faster support response
nginx reverse proxy config?
- Thread starter a9ef9a
- Start date
Oh no....I have it working locally with that exact location, thanks to the instructions which are pretty clear. Its when accessing via reverse proxy something isn't right.... this is my reverse proxy location for tinytinyrss...I assume I need to do some more rule rewriting or something to make Chevereto work via reverse proxy but Im not sure what yet...
heres my ttrss reverse proxy location block. Thanks again for your help.
heres my ttrss reverse proxy location block. Thanks again for your help.
Code:
location /ttrss/ {
proxy_pass http://192.168.20.17/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I can't help you with this one, I don't use nginx as a reverse proxy.
Maybe this could help https://www.digitalocean.com/commun...e-proxy-for-apache-on-one-ubuntu-16-04-server
Maybe this could help https://www.digitalocean.com/commun...e-proxy-for-apache-on-one-ubuntu-16-04-server
Spent a bit more time trying to make this work via my OAUTH2_PROXY setup and have got closer than before. I'm now using your default Apache server on my Chevereto machine and trying to get my Nginx reverse proxy to redirect traffic. I'm so close now as the html is loading but css is failing due to mixed content errors. Whats the right way to solve this? Try and rewriting the header so the index.php loads over HTTP too (haven't been successful yet) or promote the whole of Chevereto to work on HTTPS internally as well? I imagine that has other complexities though.
Just for added clarification, my internal proxy forwards from my external HTTPS address to chevereto at HTTP://chevereto:80 but as the access from WAN is via httpS://myserver.org/chevereto I think the HTTPS in the proxy address is confusing things. Everything seems to work fine when access internally at chevereto/ etc.
Appreciate any pointers and in the meanwhile, I'll struggle on.
Proxy redirect
my .htaccess
and my location.conf
Just for added clarification, my internal proxy forwards from my external HTTPS address to chevereto at HTTP://chevereto:80 but as the access from WAN is via httpS://myserver.org/chevereto I think the HTTPS in the proxy address is confusing things. Everything seems to work fine when access internally at chevereto/ etc.
Appreciate any pointers and in the meanwhile, I'll struggle on.
Code:
Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://guac.p1r.org/lib/Peafowl/peafowl.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):15 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://xxxx.xxx.org/lib/Peafowl/fonts/opensans/opensans.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):20 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://xxxx.xxx.org/app/themes/Peafowl/style.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):95 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure image 'http://xxxx.xxx.org/content/images/system/default/logo_homepage.png'. This content should also be served over HTTPS.Proxy redirect
Code:
location /chevereto/ {
proxy_pass http://chevereto/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SSL proxying headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}my .htaccess
Code:
# Disable server signature
ServerSignature Off
# Disable directory listing (-indexes), Multiviews (-MultiViews) and enable Follow system links (+FollowSymLinks)
Options -Indexes
Options -MultiViews
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
# RewriteCond %{HTTPS} !=on [OR]
# RewriteCond %{SERVER_PORT} 80
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
# You will also have to change the path to reflect the path to your Chevereto installation
# If you are using alias is most likely that you will need this.
# RewriteBase /
# 404 images
# If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines
# Make sure to apply the correct paths to reflect your current installation
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp) - [NC,L,R=404]
#RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/images/system/404.gif [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|d$
RewriteRule . index.php [L]
</IfModule>and my location.conf
Code:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Last edited:
I don't struggle when it comes to stuff like this. I use engintron and that does all auto. I'm afraid that I can't help you. Maybe someone else can help you here.
Please understand that this is outside the scope of Chevereto support and I will be happy to help but like I said, I don't do these reverse stuff manually.
Please understand that this is outside the scope of Chevereto support and I will be happy to help but like I said, I don't do these reverse stuff manually.
Last edited:
Finally! I've been able to make this work with oauth2_proxy for secured 2fa access behind a proxy authenticated by google / github/facebook etc. I am going to test a few more things but I think I might have a small dev request from you to make this a touch more configurable and easy to use but before I do, I just want to make sure there isn't a workaround I'm missing.
Hey Rodolfo, I spent some more time looking to optimise my setup but I don't think its possible with the current configuration.
Heres the pertinent bits of my config, and then I'd like to ask you to consider an additional feature request.
As I said before, I use oauth2_proxy to safeguard my home services behind 2FA providing an additional level of security.
Heres the auth_proxy code which deals with the 2fa bit and forwarding to the auth proxy at port 4180 and when approved, returns to a second nginx server listening on port 1080 for application routing/processing.
I run a number of services and Ive only included a few here for assistance with the base URL feature request later.
Chevereto is as far as my nginx/apache skills have been able to accomplish only able to be run from the root folder or a separate sub domain as the requests come in on several different URI's.
I wondered if it would be possible to provide an ability to append a folder to any requests which would allow me to change the location / to a location of say /chevereto/ preventing some local side gotchas. A number of other apps provide this facility.
thanks again for your wonderful script, appreciate all the support and help getting this up and running in my environment so far.
Ian
Heres the pertinent bits of my config, and then I'd like to ask you to consider an additional feature request.
As I said before, I use oauth2_proxy to safeguard my home services behind 2FA providing an additional level of security.
Heres the auth_proxy code which deals with the 2fa bit and forwarding to the auth proxy at port 4180 and when approved, returns to a second nginx server listening on port 1080 for application routing/processing.
Code:
server {
listen 443 ssl;
server_name xxx.xxx.org;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx.xxx.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.xxx.org/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:4180;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 30;
}
}I run a number of services and Ive only included a few here for assistance with the base URL feature request later.
Code:
server {
listen 1080;
server_name xxx.xxx.org;
location /couchpotato/ {
proxy_pass http://192.168.20.16:5050/couchpotato/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /sonarr/ {
proxy_pass http://192.168.20.16:8989/sonarr/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /nzbget/ {
proxy_pass http://192.168.20.16:6789/nzbget/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Chevereto
location / {
proxy_pass http://chevereto/; #not possible to use folder routing here :-(
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SSL proxying headers
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl $scheme;
}Chevereto is as far as my nginx/apache skills have been able to accomplish only able to be run from the root folder or a separate sub domain as the requests come in on several different URI's.
I wondered if it would be possible to provide an ability to append a folder to any requests which would allow me to change the location / to a location of say /chevereto/ preventing some local side gotchas. A number of other apps provide this facility.
thanks again for your wonderful script, appreciate all the support and help getting this up and running in my environment so far.
Ian
Whilst I pull some stuff together for you, you might want to take a look at the auth proxy here https://github.com/bitly/oauth2_proxy
thanks again.
thanks again.
pravynandas
Chevereto Noob
In 2020, I think I successfully configured the chevereto running on docker (port: 8081) and revere-proxied using nginx.
Thanks @Rodolfo for the great community version.
[CODE lang="nginx" title="chevereto reverse proxy on nginx" highlight="10,11,12"]server {
listen 80;
listen [::]:80;
server_name chevereto.lab;
access_log /var/log/nginx/reverse-chevereto-access.log;
error_log /var/log/nginx/reverse-chevereto-error.log;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}[/CODE]
Thanks @Rodolfo for the great community version.
[CODE lang="nginx" title="chevereto reverse proxy on nginx" highlight="10,11,12"]server {
listen 80;
listen [::]:80;
server_name chevereto.lab;
access_log /var/log/nginx/reverse-chevereto-access.log;
error_log /var/log/nginx/reverse-chevereto-error.log;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}[/CODE]
pravynandas
Chevereto Noob
Unfortunately the only think that might 'break' is uploading large images from Web UI with "413 Request Entity Too Large" from nginx. I think the size limits need to be increased similar to php.ini on apache. I will update once I find a solution for this issue.
pravynandas
Chevereto Noob
Made it to work with below addition to nginx config at /etc/nginx/nginx.conf and restart the nginx service.
[CODE lang="nginx" title="Increate nginx upload limit" highlight="2"]
# increase upload limit
client_max_body_size 10M;
[/CODE]
[CODE lang="nginx" title="Increate nginx upload limit" highlight="2"]
# increase upload limit
client_max_body_size 10M;
[/CODE]