| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68832
|
Mon Aug 13 21:09:30 2018 |
 | Andrew Wade | awade@caltech.edu | Question | Linux | Other | 3.1.2 | Reverse proxy of Elog using Docker and Nginx? |
I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world. The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.
It worked great in the initial test. However, I have an issue with authentication. When I password protect the elog it goes to a login page. When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning). So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication. I am never able to actually get to the protected content.
Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?
Side note: I have tried using Apache to do the same and authentication worked fine. But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router. There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt. |
|
68835
|
Fri Aug 17 22:07:41 2018 |
 | Andrew Wade | awade@caltech.edu | Question | Linux | Other | 3.1.2 | Re: Reverse proxy of Elog using Docker and Nginx? |
Yes, I tried setting the URL parameter to the url used by the proxy. It goes to the correct address but that landing is the login page.
Andrew
| Stefan Ritt wrote: |
|
Have you tried the "URL = ..." statement? This determines you elog redirects if you log in. If you reach elog through a proxy, the URL is a different one that if you access it directly. In your case the proxy URL might be necessary.
Stefan
| Andrew Wade wrote: |
|
I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world. The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.
It worked great in the initial test. However, I have an issue with authentication. When I password protect the elog it goes to a login page. When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning). So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication. I am never able to actually get to the protected content.
Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?
Side note: I have tried using Apache to do the same and authentication worked fine. But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router. There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt.
|
|
|
|
68838
|
Tue Aug 28 23:38:55 2018 |
| Andrew Wade | awade@caltech.edu | Question | Linux | Other | 3.1.2 | Re: Reverse proxy of Elog using Docker and Nginx? |
It does indeed seem to be a cookie stripping issue. I just need to figure out how to get Nginx to forward these properly.
Thanks for the help.
| Stefan Ritt wrote: |
|
Actually this forum works through an Apache reverse proxy with authentication and it works, so I suspect that the problem has to do with jwilder/nginx-proxy. Since we don't have this here, all I can propose is that you do debugging yourself. Run elogd with the -v flag so that you see all requests coming from the user through the proxy. Compare the requests through Apache and Nginx to see if any argumets are stripped or mangled. Upon successful login, elog sets a cookie with a unique session-ID (the cookie name is "sid") to the browser. If you proxy strips that cookie, you would land on the login page. Maybe look in that direction.
Stefan
| Andrew Wade wrote: |
|
Yes, I tried setting the URL parameter to the url used by the proxy. It goes to the correct address but that landing is the login page.
Andrew
| Stefan Ritt wrote: |
|
Have you tried the "URL = ..." statement? This determines you elog redirects if you log in. If you reach elog through a proxy, the URL is a different one that if you access it directly. In your case the proxy URL might be necessary.
Stefan
| Andrew Wade wrote: |
|
I've been trying to configured a Synology NAS to run my personal elog with a reverse proxy to the outside world. The best way seems to be running Elog in a Docker instance and then running a separate connected Docker running a nginx-proxy (in this case jwilder/nginx-proxy). This second container manages the certificates to letsencrypt and mapping URL requests to relevant containers so that connection is secured properly.
It worked great in the initial test. However, I have an issue with authentication. When I password protect the elog it goes to a login page. When I give an correct password it loops back to the login page (incidentally when I give an incorrect password it gives an 'Invalid user name or password!' warning). So I know that its getting the correct password but there is some issue that is resetting or ignoring the authentication. I am never able to actually get to the protected content.
Does anyone have any experience in using Nginx to setup a secure reverse proxy? Any insights into why this would mess with the authentication of elog?
Side note: I have tried using Apache to do the same and authentication worked fine. But the pre-canned jwilder/nginx-proxy docker manages all the certificates automatically and seamlessly and allows me to have multiple services running on the same outward facing port on my router. There is no equivalent (as far as I know) that uses Apache for proxying with letsencrypt.
|
|
|
|
|
|
840
|
Thu Dec 9 18:39:15 2004 |
| auser | auser | Question | Linux | | Anyone try doing majordomo->Elog? |
Hi all,
We currently have Elog postings mirrored on to a majordomo email list.
Invariably, people on this list reply to the listserv and not to the Elog.
Has anyone tried getting emails to a listserv to autoformat and register as
proper elog entries. Didn't see any mention of this in the docs or forums.
Thx |
|
2082
|
Sat Nov 18 11:19:14 2006 |
 | ather khan | ather.khan@cpjeddah.com | Question | | | Attributes according to users |
Hi,
Is it possible to have certain attributtes available to certain user in one log boolk.
We have log book where the supervisor assign jobs to employees and we want only supervisor to have assign to attributes available and others only to view it.
thanks,
Ather |
|
66151
|
Wed Jan 14 19:52:04 2009 |
| Yoichi Aso | asoy01@gmail.com | Question | All | 2.7.5 | Multiple keyword search |
Hi,
I have a question regarding how to perform a multiple-keyword search.
For example, when I want to find entries which contain two keywords "abc" and "def" in the body text but in an unknown order,
one way I came up with was to use a regular expression like this.
(abc|def).*(abc|def)
But this will also match entries containing two "abc" or two "def".
The following one will eliminate this problem.
(abc.*def)|(def.*abc)
But when I use more than two keywords, this type of regular expressions becomes very long (because I have to list all the permutations of the keywords) and it may not fit in the search text field (there seems to be a limit on the length of the search text).
Is there any way to allow multiple-keyword search easily ?
It would be nice if I can just enter two or more keywords separated by white spaces and elog finds entries containing all the keywords.
Thanks,
Yoichi |
|
68803
|
Fri May 18 08:04:37 2018 |
| Pasti | arvzie1@gmail.com | Question | Windows | 3.1.3 | Enabling SSL |
Hi all,
I'm following config guide and so far so good. The only issue I run into is when enabling SSL.
Guide says - One can replace this certificate and key with a real certificate to avoid browser pop-up windows warning about the self-signed certificate.
Can you please tell me a more details regards this part? I have acquired security certificate and replaced contents of SSL folder.
Now elogd.exe gets error 1067.
Any help would be highly appreciated.
Thanks! |
|
68358
|
Tue Jul 12 21:23:13 2016 |
| Austin Reid | arreid3@ncsu.edu | Bug report | Other | 3.1.1- | Email report has incorrect pictures |
My group uses the precompiled Debian binary, and I use ELCode to format my log reports. (I've found it to be the easiest way to generate inline images)
Yesterday, I submitted an entry that renders correctly on the elog itself, but the email report that was sent to my collaborators was quite confusing, because every picture in it was the same. Interestingly, all the images used inline in the report were attached to the original, but they were stripped of their context.
I've attached screen shots of both reports. |