Problem with reverse proxy and rest calls

Help / Discuss
#1

Hi,

I’m having a problematic issue or a bug with xwiki behind a reverse proxy. I’ve set up the home and protocol config parameters in the config file, and the installation works fine, overall. However, often when creating a new page, I will get an error when clicking on one of the save buttons - and it will disable further saving of the page. However, the page actually gets saved, and I can edit fine after reloading it.

The error is that there is an OPTIONS call from prototype.js to the rest api. And this call uses 127.0.0.1 instead of the proper url set in the config - hence it fails miserably, and then disables saving. Am I looking at a bug or some config I didn’t set or need to flush?

Thanks!

Uploads not working through dialog box. Drag and drop OK
#2

I dont’t know if it helps, but this is my nginx reversed proxy config. Saved it in sites-available/wiki.domain.local.conf

replace external.domain.com with your external url and wiki.domain.local with your internal server

This works perfect but i don’t use rest api calls, so can’t help you with that.

server {
listen 80;
#listen [::]:80;
server_name external.domain.com;
return 301 https://$host$request_uri;
}

server {
tcp_nodelay on;
listen 443;
#listen [::]:443 ipv6only=on;
server_name external.domain.com;

ssl_certificate     /etc/nginx/certificates/lex-it.com/ca_fullchain.crt;
ssl_certificate_key /etc/nginx/certificates/lex-it.com/ca_key.crt;

ssl on;
ssl_session_cache  builtin:1000  shared:SSL:10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

error_log /var/log/nginx/wiki-error.log;
access_log /var/log/nginx/wiki-access.log;

location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  # Fix the “It appears that your reverse proxy set up is broken" error.
  proxy_pass          https://wiki.domain.local;
  proxy_read_timeout  90;

  proxy_redirect      https://wiki.domain.local https://external.domain.com;
}

}

#3

Thanks for the answer. I run behind an IIS proxy, so not 100% applicable but there’s one very important point in your config I might be missing - the X-Forwarded-For. That might fix the issue.

I would still think that’s fixing the symptom and not the problem. I have xwiki.home and xwiki.url.protocol set in xwiki.cfg. Those should either be respected throughout the wiki or not at all.

Thanks!

#4

We had similar issues with IIS Reverse Proxy setup.

One of my colleagues enabled “Allow Double Escaping” but then IIS was rejecting ‘dangerous characters’. Then he removed the value from “request Path Invaild Charaters” and things work correctly now.

Our main issue was with Notifications not showing up when using the domain name externally. They work locally using the IP. The notifications dialog would open but show either no entries if there were notifications, or Not show the “There are no notification” message inside it.

This is what he change in IIS

<system.webServer>
  <security>
    <requestFiltering allowDoubleEscaping="true" />
  </security>
</system.webServer>
<system.web>
  <httpRuntime requestPathInvalidCharacters="" />
</system.web>

So all dangerous requests are handled by xWiki. I don’t know what handling it does for a dangerous character, but if anyone can shed some light on that would be good.

*Edited code formatting

Issue with IIS Reverse proxy