• Welcome to the Chevereto User Community!

    Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.

    Please keep in mind:

    • This community is user-driven. Always be polite and respectful to others.
    • Support development by purchasing a Chevereto license, which also gives you priority support.
    • Go further by joining the Community Subscription for even faster response times and to help sustain this space
  • Chevereto Support CLST

    Support response

    Support checklist

    • Got a Something went wrong message? Read this guide and provide the actual error. Do not skip this.
    • Confirm that the server meets the System Requirements
    • Check for any available Hotfix - your issue could be already reported/fixed
    • Read documentation - It will be required to Debug and understand Errors for a faster support response

Not seeing all the uploaded images through reverse proxy

David Field

David Field

Chevereto Member
👉Fill out this template accordingly with the issue you are experiencing. Add relevant files if needed. 🚧🚦Don't @mention to grab attention. Don't edit the titles of this template. Remove this paragraph when done.

🎯Description of the issue
I don't see the same thing from an internal IP and an external url (through nginx reverse proxy


▶🚶‍Reproduction steps

I have installed the chevereto software using the installer.php script on an ubuntu 2004 server running NGINX and PHP and when i access the server from the internal ip https://192.168.86.20 life is good.
I uploaded two photos as a test and I can see this as my setup homepage (persnal rather than community option)

internal.png
When I access the same server externally from https://www.photowalktheworld.com I see this
external.png
I only ever see the last photo I uploaded
Something else worth noting as well when i click on the image internally i see the full res image, when i do the same thing from the external address I just see the image expanded (so fuzzy, stretched and blocky)

My NGINX rev proxy config looks like this

[CODE title="photowaltheworld.conf"]server {

large_client_header_buffers 4 16k;
server_name www.photowalktheworld.com;
# The internal IP of the VM that hosts your Apache config
set $upstream 192.168.86.20;
location / {
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
#proxy_redirect off;
#real_ip_header X-Forwarded-For;
#real_ip_header X-Real-IP;
}

location /app/lib/ {
proxy_pass https://$upstream/app/lib/;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.photowalktheworld.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.photowalktheworld.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = www.photowalktheworld.com) {
return 301 https://$host$request_uri;
} # managed by Certbot


server_name www.photowalktheworld.com;
listen 80;
return 404; # managed by Certbot


}[/CODE]


😢Unexpected result
I'd expect to see the same page logged in, logged out, with the images i've uploaded internally or externally

📃Error log message

from /var/log/nginx/error.log on the server hosting cheverto
Code: 
2020/08/14 16:56:31 [error] 343215#343215: *485 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"
2020/08/14 16:56:34 [error] 343215#343215: *488 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/login"
2020/08/14 16:56:37 [error] 343215#343215: *491 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/plugin"
2020/08/14 16:57:08 [error] 343215#343215: *498 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"
2020/08/14 16:57:11 [error] 343215#343215: *503 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/image/20200726-081705-01.KmF"
2020/08/14 16:58:54 [error] 343214#343214: *513 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/image/20200726-081705-01.KmF"
2020/08/14 16:59:08 [error] 343214#343214: *520 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/image/20200726-081705-01.KmF"
2020/08/14 17:14:38 [error] 343215#343215: *534 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"
2020/08/14 17:14:54 [error] 343215#343215: *538 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"
2020/08/14 17:14:54 [error] 343215#343215: *540 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"
 
Sort by date Sort by votes
I'd agree except that the second i upload a new photo that shows up as immediately the new only displayed photo on the public url

is there something i can add in settings.php or htaccess which will solve this in the log?

2020/08/14 17:14:54 [error] 343215#343215: *538 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/"

2020/08/14 16:59:08 [error] 343214#343214: *520 directory index of "/var/www/html/app/lib/" is forbidden, client: 192.168.86.49, server: _, request: "GET /app/lib/ HTTP/1.0", host: "192.168.86.20", referrer: "https://www.photowalktheworld.com/image/20200726-081705-01.KmF"

the "forbidden, client: 192.168.86.49, server" is the internal IP of my nginx reverese proxy, and i suspect THIS not a cach is my issue.

These logs are from the chevereto server NOT The Ngin Reverse proxy.
 
Upvote 0 Downvote
I have removed the issues in the local nginx log by changing the line

Code: 
#  try_files $uri $uri/ /index.php$is_args$query_string;

to

Code: 
 try_files $uri /index.php$is_args$query_string;

so removing the $uri/ from the line

This has stopped the above error messages however this has launched a new issues i get in yellow on the public page

Error: Request denied (auth_token)

And now in the local nginx log i can see

2020/08/16 18:27:08 [error] 516664#516664: *36 FastCGI sent in stderr: "PHP message: Request denied (auth_token)" while reading response header from upstream, client: 192.168.86.49, server: _, request: "GET /json HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.4-fpm.sock:", host: "www.photowalktheworld.com", referrer: "https://www.photowalktheworld.com/?list=images&sort=date_asc&page=1"

So i'm working through this error now, i'll keep updating as it might help someone else
 
Upvote 0 Downvote
I'm solved (not a caching issue) I was being waaaay to locked down on my files. Foe the sake of completeness and because i hate finding posts like this and then no exampels

on my public facing nginx reverse proxy my nginx config looks as follows

[CODE title="photowalk.cong"]server {

large_client_header_buffers 4 16k;
server_name www.photowalktheworld.com;
# The internal IP of the VM that hosts your Apache config
set $upstream 192.168.1.20;
location / {
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 20000;
proxy_read_timeout 36000s;
#proxy_redirect off;
#real_ip_header X-Forwarded-For;
#real_ip_header X-Real-IP;
}

# location /app/lib/ {
# proxy_pass https://$upstream/app/lib/;
# }


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.photowalktheworld.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.photowalktheworld.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = www.photowalktheworld.com) {
return 301 https://$host$request_uri;
} # managed by Certbot


server_name www.photowalktheworld.com;
listen 80;
return 404; # managed by Certbot


}[/CODE]

This forwards to in this example 192.168.1.20 my chevereto server running also nginx

There are 3 files i've been editing

/var/www/html.htaccess
[CODE title="htaccess"]# Disable server signature
ServerSignature Off

# Enable CORS across all your subdomains (replace dev\.local with your domain\.com)
SetEnvIf Origin ^(https?://.+\.dev\.local(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header merge Vary "Origin"

# Disable directory listing (-indexes), Multiviews (-MultiViews)
#Options -Indexes
#Options -MultiViews

<IfModule mod_rewrite.c>

RewriteEngine On

# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
# You will also have to change the path to reflect the path to your Chevereto installation
# If you are using alias is most likely that you will need this.
RewriteBase /var/www/html

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# 404 images
# If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines
# Make sure to apply the correct paths to reflect your current installation
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp|webp) - [NC,L,R=404]
#RewriteRule images/.+\.(gif|jpe?g|a?png|bmp|webp) content/images/system/default/404.gif [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpe?g|
jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|webp|wma|wri|xla|xls
|xlsx|xlt|xlw|zip)$ [NC]
RewriteRule . index.php [L]

</IfModule>[/CODE]

the app/settings.php (removed password information)

[CODE title="settings.php"]<?php
$settings['db_host'] = '192.168.1.100';
$settings['db_port'] = '3306';
$settings['db_name'] = 'cheveretodb';
$settings['db_user'] = 'cheveretouser';
$settings['db_pass'] = '*************';
$settings['db_table_prefix'] = 'chv_';
$settings['db_driver'] = 'mysql';
$settings['db_pdo_attrs'] = [];
$settings['debug_level'] = 1;
$settings['https'] = TRUE;
// Use X-Forwarded-For HTTP Header to Get Visitor's Real IP Address
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$http_x_headers = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );

$_SERVER['REMOTE_ADDR'] = $http_x_headers[0];
}[/CODE]

and my /etc/nginx/sites-enabled/default.conf for Nginx

[CODE title="default.conf"]server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;

server_name _;

root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

# kill cache
# add_header Last-Modified $date_gmt;
# add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
# if_modified_since off;
# expires off;
# etag off;
}

# location ~ /\.ht {
# deny all;
# }


# Context limits
client_max_body_size 20M;

# Disable access to sensitive files
#location ~* /(app|content|lib)/.*\.(po|php|lock|sql)$ {
# deny all;
#}

# Image not found replacement
#location ~ \.(jpe?g|png|gif|webp)$ {
# log_not_found off;
# error_page 404 /content/images/system/default/404.gif;
#}

# CORS header (avoids font rendering issues)
location ~* /.*\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
add_header Access-Control-Allow-Origin "*";
}

# Pretty URLs
location / {
index index.php;
try_files $uri /index.php$is_args$query_string;
# try_files $uri $uri/ /index.php$is_args$query_string;
}

}[/CODE]
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top