Hey there,
First of all, thank you so much for this great tool!
I need some help using it with my domain. It’s working on localhost but it gives me an error 405 when I try to log in or register on my domain/subdomain.
I have access to the API which is also on a subdomain. I’m not sure if it’s a good idea but it works only in this way on localhost.
Thank you so much for your time in advance!
Can you provide more details? How are you hosting? What exactly does not work? What did you try? Are there any error messages?
I’m sorry I forgot to add more details.
I’m using the docker image without a proxy. I’m using Cloudflare zero trust to expose my application online. So I can access the Vikunja dashboard through its subdomain - https://vikunja.domain.com but I can’t log in or register. I have set up the API URL in the docker compose file like this:
https://api.domain.com/api/v1 and I have access to it. The only thing is that I can’t log in with an existing user or create a new one.
I don’t have any errors besides the 405 error in the frontend container log file:
192.168.0.110 - - [22/Jan/2023:19:24:23 +0000] "GET /src/assets/fonts/Quicksand[wght].woff2 HTTP/1.1" 404 185 "http://192.168.0.111:4321/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"
172.27.0.1 - - [22/Jan/2023:19:49:52 +0000] "POST /login HTTP/1.1" 405 559 "https://todo.domain.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "MY IP ADDRESS"
Thank you for your time!
What api url did you configure in the frontend?
And you can access the api from your browser at https://api.domain.com/api/v1/info?
Absolutely! Here’s the info:
Which url is shown in the top right of the login form? Can you share a screenshot?
It shows whatever you have configured. The setting is saved per browser so it’s probably saved on local host for the prod domain as well.
The setting looks correct though. Can you open dev tools and check where the login request is going and what the response is?
Somehow it worked 
Thank you for your time, I really appreciate it!
I have one last question. I have to restrict the API URL. Which IP I have to add in the Cloudflare settings? The frontend URL one or?
The browser you’re using Vikunja with directly accesses the api. Not sure what rule that would require.
Can I ask you what you mean? The IP which accesses the API URL is the browser IP? Could it be the Frontend URL IP?
The IP which accesses the api is the one of the computer you’re using to access the frontend. The one where the browser is running on.
Hmm, OK, I will test some options. Thank you for your time once again!
Is it too dangerous to leave the API unprotected? I mean it can be accessed at www.api domain com
The API has to be publicly accessible. As long as you do what you’d normally do to secure access to a publicly available web service it should be fine.
Thank you! Isn’t too dangerous to leave the API URL unprotected? I mean in this way everyone can access it.
I don’t think it is dangerous to leave the api accessible to anyone. Sure, there can be security issues we don’t yet know about, but as long as you keep your installation up to date it should be fine.
You may want to disable the registration, though.
Great! Thank you for everything!
