Interface not working properly via reverse proxy


#1

I have configured a nginx reverse proxy for the urbackup server. When I access the urbackup server interface directly from local via the direct server ip (i.e. not via the reverse proxy server) everything seems normal. However, when I try to access it via my configured domain name, the web interface is not working properly and is also not displayed correctly (see image)

The Urbackup server and the nginx server are run the the same docker container. In the following are the relevant config files. The Urbackup server logs do seem to be normal and not log anything surprising.

urbackup.log
2019-02-07 20:25:39: Starting HTTP-Server on port 55414
2019-02-07 20:25:39: HTTP: Server started up successfully!
2019-02-07 20:25:39: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:25:39: SQLite: recovered 19 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:25:39: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:25:39: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:25:39: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:25:39: SQLite: recovered 19 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:25:39: Started UrBackup…
2019-02-07 20:25:39: Removing temporary files…
2019-02-07 20:25:39: Recreating temporary folder…
2019-02-07 20:25:39: Image mounting disabled: TEST FAILED: guestmount is missing (libguestfs-tools)
2019-02-07 20:25:39: UrBackup Server start up complete.
2019-02-07 20:25:39: Looking for old Sessions… 0 sessions
2019-02-07 20:25:39: Server started up successfully!
2019-02-07 20:25:39: Downloading version file…
2019-02-07 20:25:41: Downloading version file…
2019-02-07 20:25:41: Downloading version file…
2019-02-07 20:25:41: Downloading server version info…
2019-02-07 20:25:42: Downloading dataplan database…
2019-02-07 20:26:07: WARNING: Shutting down (Signal 15)
2019-02-07 20:26:08: Exited Loop
2019-02-07 20:26:08: Deleting at…
2019-02-07 20:26:08: Deleting SelectThreads…
2019-02-07 20:26:08: Deleting lbs…
2019-02-07 20:26:08: Shutting down plugins…
2019-02-07 20:26:08: Deleting server…
2019-02-07 20:26:12: Starting HTTP-Server on port 55414
2019-02-07 20:26:12: HTTP: Server started up successfully!
2019-02-07 20:26:12: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:26:12: SQLite: recovered 20 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:26:12: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:26:12: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:26:12: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:26:12: SQLite: recovered 20 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:26:12: Started UrBackup…
2019-02-07 20:26:12: Removing temporary files…
2019-02-07 20:26:12: Recreating temporary folder…
2019-02-07 20:26:12: Image mounting disabled: TEST FAILED: guestmount is missing (libguestfs-tools)
2019-02-07 20:26:12: UrBackup Server start up complete.
2019-02-07 20:26:12: Server started up successfully!
2019-02-07 20:26:12: Looking for old Sessions… 0 sessions
2019-02-07 20:26:12: Downloading version file…
2019-02-07 20:26:13: Downloading version file…
2019-02-07 20:26:13: Downloading version file…
2019-02-07 20:26:13: Downloading server version info…
2019-02-07 20:26:13: Downloading dataplan database…
2019-02-07 20:26:20: WARNING: Shutting down (Signal 15)
2019-02-07 20:26:20: Exited Loop
2019-02-07 20:26:20: Deleting at…
2019-02-07 20:26:20: Deleting SelectThreads…
2019-02-07 20:26:20: Deleting lbs…
2019-02-07 20:26:20: Shutting down plugins…
2019-02-07 20:26:20: Deleting server…
2019-02-07 20:26:38: Starting HTTP-Server on port 55414
2019-02-07 20:26:38: HTTP: Server started up successfully!
2019-02-07 20:26:38: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:26:38: SQLite: recovered 21 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:26:38: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:26:38: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-07 20:26:38: SQLite: recovered 14 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-07 20:26:38: SQLite: recovered 21 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-07 20:26:38: Started UrBackup…
2019-02-07 20:26:38: Removing temporary files…
2019-02-07 20:26:38: Recreating temporary folder…
2019-02-07 20:26:38: Image mounting disabled: TEST FAILED: guestmount is missing (libguestfs-tools)
2019-02-07 20:26:38: UrBackup Server start up complete.
2019-02-07 20:26:38: Looking for old Sessions… 0 sessions
2019-02-07 20:26:38: Server started up successfully!
2019-02-07 20:26:38: Downloading version file…
2019-02-07 20:26:39: Downloading version file…
2019-02-07 20:26:39: Downloading version file…
2019-02-07 20:26:39: Downloading server version info…
2019-02-07 20:26:39: Downloading dataplan database…
2019-02-07 20:43:31: WARNING: Shutting down (Signal 15)
2019-02-07 20:43:32: Exited Loop
2019-02-07 20:43:32: Deleting at…
2019-02-07 20:43:32: Deleting SelectThreads…
2019-02-07 20:43:32: waiting for selectthread…
2019-02-07 20:43:32: deleting workers
2019-02-07 20:43:32: worker: 0
2019-02-07 20:43:32: waiting for worker…
2019-02-07 20:43:34: done.
2019-02-07 20:43:34: worker: 1
2019-02-07 20:43:34: waiting for worker…
2019-02-07 20:43:34: done.
2019-02-07 20:43:34: worker: 2
2019-02-07 20:43:34: waiting for worker…
2019-02-07 20:43:34: done.
2019-02-07 20:43:34: worker: 3
2019-02-07 20:43:35: waiting for worker…
2019-02-07 20:43:35: done.
2019-02-07 20:43:35: worker: 4
2019-02-07 20:43:35: waiting for worker…
2019-02-07 20:43:35: done.
2019-02-07 20:43:35: Deleting lbs…
2019-02-07 20:43:35: Shutting down plugins…
2019-02-07 20:43:35: Deleting server…
2019-02-10 12:54:05: Starting HTTP-Server on port 55414
2019-02-10 12:54:05: HTTP: Server started up successfully!
2019-02-10 12:54:05: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-10 12:54:05: SQLite: recovered 22 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-10 12:54:05: SQLite: recovered 16 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-10 12:54:06: SQLite: recovered 4 frames from WAL file /var/urbackup/backup_server.db-wal code: 283
2019-02-10 12:54:06: SQLite: recovered 16 frames from WAL file /var/urbackup/backup_server_settings.db-wal code: 283
2019-02-10 12:54:06: SQLite: recovered 22 frames from WAL file /var/urbackup/backup_server_link_journal.db-wal code: 283
2019-02-10 12:54:06: Started UrBackup…
2019-02-10 12:54:06: Removing temporary files…
2019-02-10 12:54:06: Recreating temporary folder…
2019-02-10 12:54:06: Image mounting disabled: TEST FAILED: guestmount is missing (libguestfs-tools)
2019-02-10 12:54:06: UrBackup Server start up complete.
2019-02-10 12:54:06: Looking for old Sessions… 0 sessions
2019-02-10 12:54:06: Server started up successfully!
2019-02-10 12:54:06: Downloading version file…
2019-02-10 12:54:07: Downloading version file…
2019-02-10 12:54:07: Downloading version file…
2019-02-10 12:54:07: Downloading server version info…
2019-02-10 12:54:07: Downloading dataplan database…

nginx.conf
worker_processes 1;

events {
    worker_connections 1024;
}

http {

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name www.backup.mydomain.ch backup.mydomain.ch;

        ssl_protocols TLSv1.2 TLSv1.1;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

        ssl_ecdh_curve secp384r1;
        ssl_session_tickets off;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4;

        ssl_certificate /etc/letsencrypt/live/www.backup.mydomain.ch/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.backup.mydomain.ch/privkey.pem;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options "DENY" always;

        add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; img-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests;" always;
        add_header Referrer-Policy "strict-origin-when-cross-origin" always;

        location /x {

            root /usr/share/urbackup/www;
            index index.htm;
            include /etc/nginx/fastcgi_params;

            fastcgi_pass urbackupserver:55413;
        }

        location / {

            root /usr/share/urbackup/www;
            index index.htm;

            proxy_pass http://urbackupserver:55414;
        }
    }
}

docker-compose.yml
version: ‘3’
services:

    reverseProxy:
        depends_on:
            - urbackupserver
        image: nginx:latest
        container_name: reverseProxy_production
        volumes:
            - ./nginx.conf:/etc/nginx/nginx.conf
            - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem

            - /docker-volumes/etc/letsencrypt/live/www.backup.mydomain.ch/fullchain.pem:/etc/letsencrypt/live/www.backup.mydomain.ch/fullchain.pem
            - /docker-volumes/etc/letsencrypt/live/www.backup.mydomain.ch/privkey.pem:/etc/letsencrypt/live/www.backup.mydomain.ch/privkey.pem

            - /docker-volumes/data/letsencrypt:/data/letsencrypt
        ports:
            - 80:80
            - 443:443
        networks:
            - reverseProxyNetwork

    urbackupserver:
        # depends_on:
        #     - reverseProxy
        image: uroni/urbackup-server
        container_name: urbackupserver
        volumes:
            - /mnt/backup/urbackup/backups/:/backups
            - /mnt/backup/urbackup/database/:/var/urbackup
            - /mnt/backup/urbackup/dataset/:/etc/urbackup/dataset
            - ./urbackupsrv:/etc/default/urbackupsrv
        ports:
            - 55413-55415:55413-55415/tcp
            - 35623:35623/udp
        networks:
            - reverseProxyNetwork

networks:
    reverseProxyNetwork:

OS: Debian GNU/Linux 9.6 (stretch)
nginx: 1.15.8
Urbackup Server: latest docker version
Docker: 18.09.0


#2

Ideally you should only proxy the /x (via fcgi) and serve the urbackup www files directly nginx. As for the web interface problem… can you have a look at your browser error console?


#3

Thanks for the advice that I have to forward /x only. Now my proxy config looks as you explained in this thread: Webinterface difficulties

Now when I access the web interface via the reverse proxy I am presented the unrendered html page and given the following errors:

Firefox console:

 "The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature."

Chrome console:

"Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://maxcdn.bootstrapcdn.com". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution."

#4

Yeah, remove all that add_header stuff, or only add it after you made sure you know what it does and tests confirm that UrBackup works afterwards.


#5

I have removed all the “not required” settings from the config. However, I am still presented the html source code. The only change is that Safarie and Chrome stoped printing any errors to the console, whereas Firefox keeps giving the same error.

My nginx.conf file:

worker_processes 1;

events {
    worker_connections 1024;
}

http {
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name www.backup.mydomain.ch backup.mydomain.ch;

        ssl_certificate /etc/letsencrypt/live/www.backup.mydomain.ch/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.backup.mydomain.ch/privkey.pem;

        root /usr/share/urbackup/www;
        index index.htm;

        location /x {

            include /etc/nginx/fastcgi_params;

            fastcgi_pass urbackupserver:55413;
        }
    }
}