[BUG] Incorrect host being passed to application when this container is behind a reverse proxy

[KuroSetsuna29]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When using a reverse proxy, such as nginx, to proxy pass to this container the application is loading resources and redirecting with incorrect host.

For example, my reverse proxy is running on https://speedtest.mydomain.com:1443/. Then when going to https://speedtest.mydomain.com:1443/, the application will redirect to https://speedtest.mydomain.com/admin/login (note missing port).

Expected Behavior

Going to https://speedtest.mydomain.com:1443/ should correctly redirect to https://speedtest.mydomain.com:1443/admin/login.

Steps To Reproduce

1. Setup speedtest-tracker container using defaults
2. Setup nginx reverse proxy
3. Go to reverse proxy domain
4. See incorrect redirect

Environment

- OS: Unraid 6.12.13
- How docker service was installed: Unraid community application
- Reverse proxy container: swag
- Nginx proxy header config:

proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $http_host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Server $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

CPU architecture

x86-64

Docker creation

docker run
  -d
  --name='speedtest-tracker'
  --net='proxynet'
  --cpuset-cpus='0,1,12,13'
  --pids-limit 2048
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="KUROPOP"
  -e HOST_CONTAINERNAME="speedtest-tracker"
  -e 'APP_KEY'='*****************'
  -e 'DB_CONNECTION'='sqlite'
  -e 'SPEEDTEST_SCHEDULE'='0 * * * *'
  -e 'SPEEDTEST_SERVERS'='64882,17568,46811'
  -e 'DB_HOST'=''
  -e 'DB_PORT'=''
  -e 'DB_DATABASE'=''
  -e 'DB_USERNAME'=''
  -e 'DB_PASSWORD'=''
  -e 'DISPLAY_TIMEZONE'='America/Toronto'
  -e 'PRUNE_RESULTS_OLDER_THAN'='0'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='000'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:80]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/speedtest-tracker-logo.png'
  -p '8001:80/tcp'
  -v '/mnt/user/appdata/speedtest-tracker':'/config':'rw' 'lscr.io/linuxserver/speedtest-tracker'

Container logs

N/A

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[KuroSetsuna29]

My current workaround is to add the following to my nginx reverse proxy to rewrite the response, but not ideal:

proxy_redirect http://speedtest.mydomain.com/ https://speedtest.mydomain.com:1443/;
proxy_redirect http://speedtest.mydomain.com:1443/ https://speedtest.mydomain.com:1443/;
proxy_redirect https://speedtest.mydomain.com/ https://speedtest.mydomain.com:1443/;
sub_filter "http://speedtest.mydomain.com/" "https://speedtest.mydomain.com:1443/";
sub_filter "http://speedtest.mydomain.com:1443/" "https://speedtest.mydomain.com:1443/";
sub_filter "https://speedtest.mydomain.com/" "https://speedtest.mydomain.com:1443/";
sub_filter "http:\/\/speedtest.mydomain.com\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter "http:\/\/speedtest.mydomain.com:1443\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter "https:\/\/speedtest.mydomain.com\/" "https:\/\/speedtest.mydomain.com:1443\/";
sub_filter_once off;
sub_filter_types *;

Edit: Added proxy_redirect to fix redirects as well

[thespad]

We've somehow missed the APP_URL setting from the readme, it needs to be set for nonstandard ports to the full URL (including port and protocol). e.g.

APP_URL=https://speedtest.mydomain.com:1443

I'll sort out a PR to update the readme.

[KuroSetsuna29]

@thespad Hmm, I just tried that and still getting the same behaviour

I put it both in docker environment variable and .env in the config folder.

[thespad]

Looks like there's an upstream issue here alexjustesen/speedtest-tracker#1673

Not going to fiddle with the image until there's a clear resolution from it, but might give you some ideas.

[KuroSetsuna29]

Interesting, so adding the ASSET_URL fixed a different issue. Basically I can bypass the redirect issues if I go to the login page directly, ie. /admin/login instead of going to / which will try to redirect me to login but drop the port. But I then noticed a different problem where css/js/fonts were still not loading from correct hostname. Adding the ASSET_URL seems to fix the css/js/font issue but the redirect is still taking me to the wrong port.

I don't think its entirely an upstream issue since the redirect works correctly going to the container by IP address, eg. http://192.168.1.1:8001/ (where I mapped docker port 8001:80). My guess is the X-Forwarded-Host (or one of the http headers) is not being correctly forwarded to the application in the nginx configuration. So my reverse proxy is passing the custom X-Forwarded-Host header, but then the nginx inside the container is discarding that and passing its own header value.

For now my workaround posted here works, so I guess I will continue to use that.

Thanks for taking a look.