• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

nginx reverse proxy config?

a9ef9a

Chevereto Member
Could anyone who successfully reverse proxies to a Chevereto install behind Nginx post their config file please? Need some pointers...
 
You meant the nginx rules right? Because the reverse proxy stuff is universal, not only tied to Chevereto.
 
Last edited:
yes please, the rules for chevereto, I have my reverse proxy working for other services like Guacamole but struggling to make Chevereto work correctly. Noticed a few threads on here discussing but nothing that was prescriptive enough for me to get it working.
 
Code:
location / {
    try_files $uri $uri/ /index.php?$query_string;
}
 
Oh no....I have it working locally with that exact location, thanks to the instructions which are pretty clear. Its when accessing via reverse proxy something isn't right.... this is my reverse proxy location for tinytinyrss...I assume I need to do some more rule rewriting or something to make Chevereto work via reverse proxy but Im not sure what yet...

heres my ttrss reverse proxy location block. Thanks again for your help.

Code:
    location /ttrss/        {
                proxy_pass http://192.168.20.17/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
 
Spent a bit more time trying to make this work via my OAUTH2_PROXY setup and have got closer than before. I'm now using your default Apache server on my Chevereto machine and trying to get my Nginx reverse proxy to redirect traffic. I'm so close now as the html is loading but css is failing due to mixed content errors. Whats the right way to solve this? Try and rewriting the header so the index.php loads over HTTP too (haven't been successful yet) or promote the whole of Chevereto to work on HTTPS internally as well? I imagine that has other complexities though.

Just for added clarification, my internal proxy forwards from my external HTTPS address to chevereto at HTTP://chevereto:80 but as the access from WAN is via httpS://myserver.org/chevereto I think the HTTPS in the proxy address is confusing things. Everything seems to work fine when access internally at chevereto/ etc.

Appreciate any pointers and in the meanwhile, I'll struggle on.

Code:
Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://guac.p1r.org/lib/Peafowl/peafowl.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):15 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://xxxx.xxx.org/lib/Peafowl/fonts/opensans/opensans.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):20 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure stylesheet 'http://xxxx.xxx.org/app/themes/Peafowl/style.min.css?5e8f2ace5729399f47cc9b4e25d0e198'. This request has been blocked; the content must be served over HTTPS.
(index):95 Mixed Content: The page at 'https://xxxx.xxx.org/chevfree/' was loaded over HTTPS, but requested an insecure image 'http://xxxx.xxx.org/content/images/system/default/logo_homepage.png'. This content should also be served over HTTPS.

Proxy redirect

Code:
        location /chevereto/ {
                proxy_pass          http://chevereto/;
                proxy_set_header    Host                $host;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-Host    $server_name;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                # SSL proxying headers
                proxy_set_header    X-Forwarded-Proto   $scheme;
                proxy_set_header    X-Forwarded-Ssl     on;
        }

my .htaccess

Code:
# Disable server signature
ServerSignature Off

# Disable directory listing (-indexes), Multiviews (-MultiViews) and enable Follow system links (+FollowSymLinks)
Options -Indexes
Options -MultiViews
Options +FollowSymLinks

<IfModule mod_rewrite.c>

        RewriteEngine On

        # RewriteCond %{HTTPS} !=on [OR]
        # RewriteCond %{SERVER_PORT} 80
        # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

        # If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
        # You will also have to change the path to reflect the path to your Chevereto installation
        # If you are using alias is most likely that you will need this.
        # RewriteBase /

        # 404 images
        # If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines
        # Make sure to apply the correct paths to reflect your current installation
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule images/.+\.(gif|jpe?g|png|bmp) - [NC,L,R=404]
        #RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/images/system/404.gif [NC,L]

        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|d$
        RewriteRule . index.php [L]

</IfModule>

and my location.conf

Code:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory /var/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

161029-Chevereto - Chevereto image hosting-.png
 
Last edited:
I don't struggle when it comes to stuff like this. I use engintron and that does all auto. I'm afraid that I can't help you. Maybe someone else can help you here.

Please understand that this is outside the scope of Chevereto support and I will be happy to help but like I said, I don't do these reverse stuff manually.
 
Last edited:
No worries Rodolfo - Ill work through and once its done put a guide together for others to follow. I reviewed a number of other photo hosting solutions and this is the one I really want to make work. Thanks for all your hard work.
 
Finally! I've been able to make this work with oauth2_proxy for secured 2fa access behind a proxy authenticated by google / github/facebook etc. I am going to test a few more things but I think I might have a small dev request from you to make this a touch more configurable and easy to use but before I do, I just want to make sure there isn't a workaround I'm missing.
 
Hey Rodolfo, I spent some more time looking to optimise my setup but I don't think its possible with the current configuration.
Heres the pertinent bits of my config, and then I'd like to ask you to consider an additional feature request.

As I said before, I use oauth2_proxy to safeguard my home services behind 2FA providing an additional level of security.

Heres the auth_proxy code which deals with the 2fa bit and forwarding to the auth proxy at port 4180 and when approved, returns to a second nginx server listening on port 1080 for application routing/processing.

Code:
server {
        listen 443 ssl;
        server_name xxx.xxx.org;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/xxx.xxx.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xxx.xxx.org/privkey.pem;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        location / {
                proxy_pass  http://127.0.0.1:4180;
                proxy_buffering off;
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $http_connection;
                proxy_connect_timeout 1;
                proxy_send_timeout 30;
                proxy_read_timeout 30;
}
}

I run a number of services and Ive only included a few here for assistance with the base URL feature request later.

Code:
server {
        listen 1080;
        server_name xxx.xxx.org;

        location /couchpotato/ {
                proxy_pass http://192.168.20.16:5050/couchpotato/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /sonarr/ {
                proxy_pass http://192.168.20.16:8989/sonarr/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        location /nzbget/ {
                proxy_pass http://192.168.20.16:6789/nzbget/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        # Chevereto
        location / {
                proxy_pass          http://chevereto/;      #not possible to use folder routing here :-(
                proxy_set_header    Host                $host;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                # SSL proxying headers
                proxy_set_header    X-Forwarded-Proto   https;
                proxy_set_header    X-Forwarded-Ssl     $scheme;
        }

Chevereto is as far as my nginx/apache skills have been able to accomplish only able to be run from the root folder or a separate sub domain as the requests come in on several different URI's.

I wondered if it would be possible to provide an ability to append a folder to any requests which would allow me to change the location / to a location of say /chevereto/ preventing some local side gotchas. A number of other apps provide this facility.

sonarr.png

couch.png

thanks again for your wonderful script, appreciate all the support and help getting this up and running in my environment so far.
Ian
 
I'm not following you here, send me a documentation guide or something to understand this stuff.

First time I read about that weird stuff you are doing.
 
In 2020, I think I successfully configured the chevereto running on docker (port: 8081) and revere-proxied using nginx.

Thanks @Rodolfo for the great community version.

[CODE lang="nginx" title="chevereto reverse proxy on nginx" highlight="10,11,12"]server {
listen 80;
listen [::]:80;
server_name chevereto.lab;

access_log /var/log/nginx/reverse-chevereto-access.log;
error_log /var/log/nginx/reverse-chevereto-error.log;

location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}[/CODE]
 
Unfortunately the only think that might 'break' is uploading large images from Web UI with "413 Request Entity Too Large" from nginx. I think the size limits need to be increased similar to php.ini on apache. I will update once I find a solution for this issue.
 
Made it to work with below addition to nginx config at /etc/nginx/nginx.conf and restart the nginx service.

[CODE lang="nginx" title="Increate nginx upload limit" highlight="2"]
# increase upload limit
client_max_body_size 10M;
[/CODE]
 
Back
Top