Hi all,
I am running an UnRaid server behind a pfsense firewall which runs HAProxy as a reverse proxy. I am struggling with the reverse proxy bit. I reverse proxy lots of services but this is the first one where I need to parse the url and send anything that has /api/v1 on it to a different place.
So I am assuming that I have the dockers setup correctly as I can create a user and login if I use the local ip address. Would this be a correct assumption?
My firewall/reverse proxy knowledge is cobbled together when I need something then not used for long and long so my terminology might be complete garbage!
In HAProxy I have set up 2 backends and 2 frondends
Backends
todo.mydomain.com forwards traffic to 192.168.x.x:8079
todo-api.mydomain.com forwardfs traffic to 192.168.x.x:3456
then the frontends I have an ACL and Action for each
ACL’s
todo - Host matches: - todo.mydomain.com
todo-api - Host Starts With: todo.mydomain.com/api/v1
Actions:
todo uses backend todo
todo-api uses backend todo-api
For the todo-api I have tried various ACL config
Host Starts With: todo.mydomain.com/api/v1
Host matches: todo.mydomain.com/api/v1
Path Starts With: todo.mydomain.com/api/v1
Path Starts With: ./api/v1
No matter what I do the error is always the same in the UI it says
Request failed with status code 405
in the dev tools I get
index.6388306d.js:140
POST https://todo.mydomain.com/api/v1/login 405 (Not Allowed)
Hope this makes some sense as I barely understand what I am trying to ask
Thanks
Hey!
Did you change the api address on the login page?
This looks like you didn’t configure the API URL in the vikunja frontend. Since you’re running in docker it’s as easy to make this permanent as setting the respective environment variable: Install Frontend | Vikunja
To check if everything works, can you reach the api at todo.mydomain.com/api/v1/info ?
Thanks @kolaente for the response
Sorry I must have left that out of my original post
I have VIKUNJA_API_URL set as https://todo.mydomain.com/api/v1
and if I go to https://todo.mydomain.com/api/v1/info it redirects me to https://todo.mydomain.com/login
Thanks for the response @vikunja.jf4wf Do I still need to do that if I have set VIKUNJA_API_URL and if so which docker container is it in?
So we have a few things. Vikunja works with a backend and frontend, for every new frontend you might need to set the api_url.
Don’t touch your docker, the place that you will change the api url is in the login page of https://todo.mydomain.com . Click change just above the username and put the https://todo.mydomain.com/api/v1/ there.
you will need two subdomains, one for the vikunja frontend and one for the vikunja api in your reverse proxy.
So the login page already has https://todo.mydomain.com/api/v1 though not with the trailing /
I tried it with the trailing / and I still get Request failed with status code 405
In my reverse proxy I have two subdomains setup
https://todo-api.mydomain.com points to 192.168.x.x:3456
https://todo.mydomain.com points to 192.168.x.x:8079
I then have in my api docker
VIKUNJA_SERVICE_FRONTENDURL set to https://todo.mydomain.com
And in my frontend docker I have
VIKUNJA_API_URL set to https://todo.mydomain.com/api/v1
should the frontend be pointing to the todo-api instead?
If I try changing the login page to point to https://todo-api.mydomain.com/api/v1 I get a CORS error in the dev tools window even though in the config.yml CORS is enabled
I am unclear what should be set to what… I have 2 subdomains but I have not put the todo-api subdomain in any config anywhere… surely something needs to know about it?
Should I be able to hit https://todo-api.mydomain.com/api/v1/info without using the frontend?
Got it working… so in my reverse proxy I had the path on the end of the URL and was trying to do host starts with or path starts with.
What I needed to do was just have the 2 subdomains ignoring any paths setup
Then in the frontend I set VIKUNJA_API_URL to be https://todo-api.mydomain.com/api/v1
thanks for all the help!
1 Like
hi,
I just wanted to give you a good feedback about this topic.
I had the same problem with my config :
a firewall (ipfire) with a reverse proxy (nignx) that deals with letsencrypt
on a proxmox’s container, I used the docker-compose as described
Full docker example | Vikunja
Following the ideas in this topic, this next config is working :
I added two subdomains td.xxx.xxx and td-api.xxx.xxx
in the nginx.conf, I already redirected all http to https
in the nginx.conf, in the https section, I added
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name td.xxx.xxx;
# some of my private items about ssl
location / {
proxy_pass htp://192.168.1.93:80; #lan IP
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name td-api.xxx.xxx;
# some of my private items about ssl
location / {
proxy_pass htp://192.168.1.93:3456; #lan IP
client_max_body_size 20M;
}
}
in the file proposed docker-compose.yml, I used :
VIKUNJA_SERVICE_FRONTENDURL: htps://td.xxx.xxx/
VIKUNJA_API_URL: htps://td-api.xxx.xxx/api/v1