Should rewrite HTTP to HTTPS #81
Comments
|
Solved, works only in https not http |
ayuhito
changed the title
|
Hi! I'm going to reopen this since I think rewriting the URL from HTTP to HTTPS automatically might make this issue not appear for future users. I'm assuming you were trying to connect via your public accessible hostname and not via localhost, correct? |
I can log in only via HTTPS but not HTTP |
|
+1 Same issue here as well. Cannot login in HTTP protocol. |
|
For clarification on what the issue is, your browser will not save the login cookie on HTTP since it is unencrypted. Making this work on HTTP would mean disabling a couple security flags that typically protect the cookie. I don't think I even want to offer an option to make this work on HTTP due to the security implications, so it may make sense to update the docs with a warning about this and see if automatic redirection is possible from our end. |
|
Hey @ayuhito I tend to agree about locking down http. http://localhost:8080/login ironically still shows the Web GUI, but refuses to allow submitting the admin, CHANGE_ME_ON_FIRST_LOGIN 4:36PM INF success duration=16.872667 method=POST operation=PostAuthLogin operationId=post-auth-login path=/auth/login
4:36PM WRN unauthorised Connection=keep-alive Content-Length= Content-Type=application/json User-Agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0.1 Safari/605.1.15" method=GET path=/websites status_code=401Anyways, the problem is that I cannot access the Web GUI via Caddy Reverse proxy when running locally with no docker. Maybe there is something I am not getting... I tried main and version v0.5.1 Here is the setup: Using latest caddy, but get same issue with stable caddy too. https://github.com/caddyserver/caddy/releases/tag/v2.9.0-beta.2 caddyfile: # Caddyfile
{
email [email protected]
log {
output stdout
format console
level DEBUG
}
admin :2019
}
# https://hello.localhost
hello.localhost {
respond "Hello world!"
}
# https://app.localhost
app.localhost {
reverse_proxy 8080
}
.env file: # https://oss.medama.io/config/environment-variables
# Note, you must opt-in to this by setting the -env flag when starting the server
# Path to app database. Default is ./me_meta.db.
export APP_DATABASE_HOST=.data/me_meta.db
# Path to analytics database. Default is ./me_analytics.db.
export ANALYTICS_DATABASE_HOST=.data/me_analytics.db
# Port to listen on. Default is 8080.
export PORT=8080
# LOGGER: Logger format. Default is json. Options are json and pretty.
export LOGGER=pretty
# LEVEL: Logger level. Default is info. Options are debug, info, warn, and error.
export LEVEL=debug
# CORS_ALLOWED_ORIGINS: Comma-separated list of allowed CORS origins on API routes.
# Useful for external dashboards that may host the frontend on a different domain.
export CORS_ALLOWED_ORIGINS=https://app.localhost´´´sh 4:05PM DBG Logging level set to debug |
The default username admin and the default password CHANGE_ME_ON_FIRST_LOGIN
is not working on Docker. You can't login nothing happens.
2024/07/07 01:52AM INF Medama Development Build
2024/07/07 01:52AM INF Starting server at http://localhost:8080
2024/07/07 01:52AM INF success | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=44.068532
2024/07/07 01:52AM INF success | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=32.713261
2024/07/07 01:52AM INF success | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=45.484127
2024/07/07 01:52AM INF 401 unauthorised | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=29.474782 status_code=401
2024/07/07 01:53AM INF success | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=29.124101
2024/07/07 01:53AM INF success | operation=PostAuthLogin operationId=post-auth-login method=POST path=/auth/login duration=27.881179
The text was updated successfully, but these errors were encountered: