Content
App works but won't login when going through main URL instead of IP address based one
Added by Shane Thomas over 1 year ago
I installed open project and I can hit it running on my server at ip:
15.75.0.91
Works fine, login and all.
I then setup my dns to handle that ip address as:
(on site, this goes through a web server proxy apache based on another machine, offsite it goes through a different webfirewall setup as an apache server and redirects both to SSL) . When I login through the DNS name, it hangs on the logging in and openproject logs state:
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.594551 #16339] INFO -- : Started GET "/login" for 10.75.1.219 at 2023-03-14 13:28:53 -0600
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.596307 #16339] INFO -- : Processing by AccountController#login as HTML
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.612367 #16339] INFO -- : Rendered account/login.html.erb within layouts/no_menu (Duration: 9.6ms | Allocations: 5247)
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.630528 #16339] INFO -- : Rendered layouts/base.html.erb (Duration: 17.8ms | Allocations: 10429)
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.630853 #16339] INFO -- : Rendered layout layouts/no_menu.html.erb (Duration: 28.1ms | Allocations: 15759)
Mar 14 13:28:53 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:53.631175 #16339] INFO -- : Completed 200 OK in 35ms (Views: 26.2ms | ActiveRecord: 3.2ms | Allocations: 17953)
Mar 14 13:28:54 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:54.120094 #16339] INFO -- : Started GET "/api/v3/configuration" for 10.75.1.219 at 2023-03-14 13:28:54 -0600
Mar 14 13:28:54 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:54.130324 #16339] INFO -- : duration=9.06 db=1.13 view=7.93 status=200 method=GET path=/api/v3/configuration params={} host=projects.apo.nmsu.edu user=4
Mar 14 13:28:58 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:58.409988 #16339] INFO -- : Started POST "/login" for 10.75.1.219 at 2023-03-14 13:28:58 -0600
Mar 14 13:28:58 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:58.413254 #16339] INFO -- : Processing by AccountController#login as HTML
Mar 14 13:28:58 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:58.413405 #16339] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"UjOO2nb2ESHaKBuyR_EFp2VQilPZsYYkDqPWL4geCroieSK8ucbyX4sUXM7NnDNahgIWSqbbiBnxHFxcgUgtCQ", "username"=>"admin", "password"=>"[FILTERED]", "login"=>"Sign in"}
Mar 14 13:28:58 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:58.650658 #16339] INFO -- : Redirected to http://projects.mysite.com/two_factor_authentication/request
Mar 14 13:28:58 projects openproject-web-1.service[16339]: I, [2023-03-14T13:28:58.650993 #16339] INFO -- : Completed 302 Found in 237ms (ActiveRecord: 2.1ms | Allocations: 4183)
Not sure why the logging in hangs, maybe something with my proxies I setup (I did 0 setup for https or anything on the openproject side) I just set up wiki.js the sameway and that worked great. I can post my local and outside apache configs for the sites in question if need be. The redirected to two_factor_authentication/request is interesting to me as I never set that up. Not sure if this normal behavior though. Here for completeness is my local apache proxy settings anyway:
<VirtualHost *:80>
ServerName projects.mysite.com
ServerAlias projects
Redirect "/" "https://projects.mysite.com/"
</VirtualHost>
<VirtualHost 15.75.0.152:443>
ServerName projects.mysite.com
ServerAlias projects
<If "%{HTTP_HOST} != 'projects.mysite.com'">
Redirect "/" "https://projects.mysite.com/"
</If>
SSLOptions +StdEnvVars
#Include extra/ssl-certs
Include extra/wildcardapo-ssl-certs
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://15.75.0.91/
ProxyPassReverse / http://15.75.0.91/
</VirtualHost>
I haven't tested this from offsite but our web-firewall has a similar virtualhost setup from the DMZ.
Replies (3)
Wild guess, but have you tried tried
openproject reconfigure
command to set the listening address to the domain you specified? Perhaps the openproject backend expects IP instead of domain?If I recall correctly I did tell it projects.mysite.com and if I login through the ip address (since the user name / password works that way) then it warns me the ip address does not match the projects.mysite.com
Actually I got it working, I needed to terminate the SSL on my proxy server. External SSL termination.
https://www.openproject.org/docs/installation-and-operations/configuration/ssl/
RequestHeader set X_FORWARDED_PROTO 'https'