Level 1
Add \App\Http\Middleware\TrustProxies::class to $middleware in App\Http\Kernel?
https://laravel.com/docs/7.x/requests#configuring-trusted-proxies
Apr 28, 2020
7
Level 7
L7 Redirects are wrong behind reverse proxy (Nginx)
Hello, when I login using wrong credentials I am redirected back to the root page (my.domain.com/) this does not happen in my local environment. If I go directly to the server I get 413 errors (I have APP_URL and session domain set in the config to the published domain)
Proxy setup (Nginx) I do https -> https if this could be the issue let me know.
location / {
proxy_pass https://<internal-server>:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-VerifiedViaNginx yes;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
}
What can the issue be? I can see that the IP's are correct in the logs of nginx on the webserver and the logs of laravel which logs failed logins with IP's.
EDIT forgot to say that I have added this
app/Http/Middleware/TrustProxies.php
/**
* The trusted proxies for this application.
*
* @var array|string
*/
protected $proxies;
/**
* The headers that should be used to detect proxies.
*
* @var int
*/
protected $headers = Request::HEADER_X_FORWARDED_ALL;
public function __construct(Repository $config)
{
$this->proxies = config('trustedproxy.proxies');
parent::__construct($config);
}
and config (config/trustedproxy.php)
...
'proxies' => explode(',', env('TRUSTED_PROXIES')),
...
env
TRUSTED_PROXIES=***proxy-server-ip***
Level 7
@yjuyjuy Just updated, forgot to add the information about that. Now it says in the documentation that it is provided by default, but does that mean it's not "used" by default? Do I maybe need to add it to the middleware group web?
Level 1
yep I have it in the global middleware stack
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
...,
\App\Http\Middleware\TrustProxies::class,
];
Level 7
Hm, I have it there too @yjuyjuy
Level 1
ok I guess that's good then. I use https -> http and I don't know much about nginx, so I can't help you any further sorry.
1 like
Level 7
@yjuyjuy Alright, thanks for the help so far anyways :D
1 like
Level 7
It had to do with strict policy headers, not sure what does what in there as I just copied some security dudes setup. I now used some less strict setup and it works.
Please or to participate in this conversation.