Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Booksonic and reverse proxy #34

Open
robflate opened this issue Apr 12, 2018 · 7 comments
Open

Booksonic and reverse proxy #34

robflate opened this issue Apr 12, 2018 · 7 comments

Comments

@robflate
Copy link

I have Booksonic running in Docker. All services go through Traefik (reverse proxy) using the following Docker Compose;

version: '3'

services:
  
  booksonic:
    image: linuxserver/booksonic:latest
    container_name: booksonic
    hostname: booksonic
    ports:
      - "4040:4040"
    environment:
      - PUID
      - PGID
      - TZ
    volumes:
      - ${CONFIG}/booksonic:/config
      - ${DATA}/audiobooks:/books
      - ${DATA}/podcasts:/podcasts
    labels:
      traefik.enable: "true"
      traefik.port: "4040"
      traefik.frontend.rule: "Host:booksonic.${DOMAIN}"
      com.centurylinklabs.watchtower.enable: "true"
    restart: unless-stopped

I can access Booksonic on localhost:4040 but not through the reverse proxy using booksonic.domain.com. I get the normal basicauth username and password prompt from traefik but when I enter the correct details it just loops back and shows the username and password prompt again. I never actually get to the Booksonic interface where it asks for the Booksonic username and password.

I have about 20 other services all working through traefik without problems. I know this isn't strictly a Booksonic issue but I thought I'd ask anyway to see if anyone can offer any advice. Thanks.
@MrQuiX
Copy link

MrQuiX commented Jun 7, 2018

Also having this problem, anyone find a solution?

I am also using the linuxserver/booksonic docker build. I tried setting an environment variable: CONTEXT_PATH= but based on the subsonic documentation, I think this is for a mydomain.com/audiobooks setup whereas I am trying to do audiobooks.mydomain.com.

My docker-compose log for booksonic indicates the webserver can't respond to https traffic:

booksonic | 2018-06-07T07:12:25.896600024Z 2018-06-07 07:12:25.896:WARN:oejh.HttpParser:qtp931919113-15: bad HTTP parsed: 400 Illegal character 0x16 for HttpChannelOverHttp@6e8b5719{r=0,c=false,a=IDLE,uri=null}

@ruben-kinship
Copy link

anyone found a solution for this?

@mcrypt
Copy link

mcrypt commented Mar 21, 2019

I'm having this problem as well.. Would appreciate a solution to this!

@ghost
Copy link

ghost commented Apr 2, 2019
edited by ghost
Loading

Hello I am facing an issue that seems very similar, where Subsonic works fine when accessed directly but not via a reverse proxy (I'm using Caddy).
I found out what happens but not sure how to solve it:

  • I call https://mydomain.com/booksonic
  • Booksonic receives the request properly and sends back an HTTP 302 redirect with Location: http://mydomain.com/booksonic/ - notice the trailing / (as expected) AND the httP scheme. In my case, and for this flow it still goes through since I'm also serving Booksonic on plain http, but for other pages, such a redirection is blocked by the browser due to security policy (error logged in the browser console: loading mixed active content “http://mydomain.com/booksonic/musicFolderSettings.view”)

So the problem is really that Booksonic does not respect the original scheme when sending its HTTP redirections. This is usually achieved by honoring the X-Scheme header, but I tried adding this to my proxy settings to no avail.

I think this needs a code fix, I could not find a workaround at proxy level, except rewriting the downstream Location header to replace http with https, but in my case that's not an option since my proxy (Caddy) does not support this.

In any case, I firmly believe that such redirections should be relative and not absolute, to avoid such issues...

Here are some screenshots of the http flow:
Screenshot 2019-04-02 at 20 18 43

Screenshot 2019-04-02 at 20 20 05

Here's my proxy configuration (Caddy):

      proxy /booksonic http://booksonic {
        header_upstream    X-Forwarded-Ssl    on
        header_upstream    X-Scheme           {scheme}
        header_upstream    X-Forwarded-Proto  {scheme}
        transparent
        websocket
      }

@ghost
Copy link

ghost commented Apr 2, 2019
edited by ghost
Loading

Might be related to #17 as well as https://www.reddit.com/r/Booksonic/comments/66znm0/nginx_location_entry/

@halkeye
Copy link

halkeye commented Aug 15, 2019

So it looks like spring boot needs to be configured to allow those headers
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html
https://stackoverflow.com/a/34273656

I don't know how to create an applications.properties. I assume it has to be added to the war file, and not something you can create runtime right?

@mvanderlee
Copy link

I spend way too much time on this.
For Treafik, set the removeheader field to true:
https://docs.traefik.io/v2.0/middlewares/basicauth/#removeheader

Otherwise it will forward the authentication, and if your proxy and booksonic users are different, booksonic will throw a 401.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@halkeye @mvanderlee @MrQuiX @robflate @mcrypt @ruben-kinship