------------------------------------------------------------------------------ To reply, visit https://hellosplat.com/s/beanbag/tickets/5012/ ------------------------------------------------------------------------------
New ticket #5012 by HeroicAlbeit For Beanbag, Inc. > Review Board Status: New Tags: Priority:Medium, Type:Defect ------------------------------------------------------------------------------ requests to /api/... do not use public server name but private IP address ============================================================================== # What version are you running? 6.0 in docker image 45ada0a9f402 this is a new setup with the nginx+gunicorn setup method and a "API Gateway" on Oracle Cloud in front of the nginx port. The "API Gateway" is setup to route `https://<public server name>/<everything>` to `http://<private instance ip>:8080/<everything>`, where 8080 is the exposed nginx port. This works, as I can login. # What's the URL of the page containing the problem? `https://<public server name>/r/3/` this page shows up, but the "Diff" tab is missing and I am unable to change fields of this request, such as Summary or Description. Using Debug Console of the browser reveals an error, see below. # What steps will reproduce the problem? 1. create a new review request, ie. by uploading a patch 2. browse the request 3. not the missing Diff tab 4. inspect browser debug console # What is the expected output? What do you see instead? the Diff tab would be there editing Fields such as Summary would work no errors in browser console # What operating system are you using? What browser? the instance uses Ubuntu 22.04.3 LTS on ARM processor however, Reviewboard itself runs as above mentioned Docker image, pulling the ARM sha256. # Please provide any additional information below. the error on debug console is this: ``` 3rdparty-base.min.js:1 Mixed Content: The page at 'https://<public server name>/r/3/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://<private instance ip>/api/review-requests/3/draft/?api_format=json&force-text-type=html&include-text-types=raw&expand=depends_on%2Ctarget_people%2Ctarget_groups'. This request has been blocked; the content must be served over HTTPS. ``` this is absolutely correct and can not work, even if the browser would not block it, since `<private instance ip>` is not routed on the internet. also note that port 8080 is missing in `<private instance ip>`; this tells me the API Gateway is not involved as it is setup to always send to this port. looking at the Network tab in the browser debug tool shows a Request Initiator chain looking like this: 1. `https://<public server name>/r/3/` 2. `https://<public server name>/static/lib/js/3rdparty-base.min.js` 3. `http://<private instance ip>/api/review-requests/3/draft/?api_format=json&force-text-type=html&include-text-types=raw&expand=depends_on%2Ctarget_people%2Ctarget_groups` the Request call stack for this is rather long and I can't copy-paste it. the nginx.conf setup follows the Admin Manual, with the essential part being: ``` location / { proxy_pass http://reviewboard; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl off; proxy_set_header X-Real-IP $remote_addr; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_headers_hash_max_size 512; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } ``` This handles login/logout and many other things such as configuring, while some (?) `/api/` requests dont ever reach this nginx since the browser gets told to send these using the `<private instance ip>`. The Server name in General Settings is correctly set to `<public server name>` - I guess login would not be impossible otherwise. ------------------------------------------------------------------------------ -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard-issues/20231102142420.23594.27586%40ip-10-1-54-209.ec2.internal.