Running invoiceninja 5 behind nginx proxy

kaiman · February 5, 2023, 2:26pm

I am trying to run invoiceninja 5 behind a ningx reverse proxy. With the following set up:

ningx reserver proxy available from outside: https://www.demo.com
nginx webserver on a second server (available only within the LAN) http://invoiceninja.localdomain.com:81

Invoiceninja should be available thru the url https://www.demo.com/ninja/ for the outside.

I had a running config for v4 but this is not working anymore.

Config Reverse Proxy:

    location /ninja/ {
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://192.168.1.11:81/;
    fastcgi_param HTTPS on;
    break;
    }

.env file on invoiceninja server:
APP_URL=“https://www.demo.com/ninja”

nginx conf on invoiceninja server:
server {
listen 81;
server_name invoiceninja;
root /var/www/invoiceninja/public;
…}

any advise?

hillel · February 5, 2023, 2:39pm

Hi,

Have you configured the TRUSTED_PROXIES value in the .env file

kaiman · February 5, 2023, 5:15pm

Hi,

yes i tried

TRUSTED_PROXIES=*
TRUSTED_PROXIES=192.168.1.1

I am getting a gray screen and noticed this log in the error log if reverse nginx server:

2023/02/05 18:13:46 [error] 23574#23574: *304524 open() “/var/www/canvaskit/canvaskit.js” failed (2: No such file or directory), client: 192.168.1.153, server: www.demo.com, request: “GET /canvaskit/canvaskit.js HTTP/1.1”, host: “www.demo.com”, referrer: “https://www.demo.com/ninja/”

hillel · February 5, 2023, 5:23pm

@david do you have any suggestions?

kaiman · February 5, 2023, 6:20pm

Interesting side effect:
I tried using the app for iPhone and Mac.
Both are working thru the reverse proxy.
When I try to use the browser I am getting the grey screen.

hillel · February 5, 2023, 6:21pm

It may help to change the APP_URL value in the .env file

kaiman · February 5, 2023, 8:12pm

Should I change the APP_URL to the internal URL?
I am not quite sure, what URL I should put there

hillel · February 5, 2023, 8:22pm

@david can you please advise?

david · February 5, 2023, 9:51pm

I’m not great with nginx proxy, i’ve never really played with it. The only thing I can advise here is that it looks like the system is trying to resolve the js libraries from a rather weird path.

/var/www/

It looks like the vhost for this site is pointing to the root directory /var/ww rather than the diretory of the invoice ninja /public folder?

kaiman · February 6, 2023, 7:57am

I am getting more and more confused. Now I can get the login screen and log into the webpage thru a browser. But on the reserve proxy there are errors in the log file.

2023/02/06 09:21:43 [error] 40535#40535: *312522 open() “/var/www/js/pdf.min.js” failed (2: No such file or directory), client: 192.168.1.153, server: www.demo.com, request: “GET /js/pdf.min.js HTTP/1.1”, host: “www.demo.com”, referrer: “https://www.demo.com/ninja/”
2023/02/06 09:21:56 [error] 40536#40536: *312519 open() “/var/www/client/invoice/gmlftxh2mibgjs8b2srplgffpktrjboa/download_pdf” failed (2: No such file or directory), client: 192.168.1.153, server: www.demo.com, request: “GET /client/invoice/gmlftxh2mibgjs8b2srplgffpktrjboa/download_pdf HTTP/1.1”, host: “www.demo.com”, referrer: “https://www.demo.com/ninja/”

The company logo is not displayed, because the pages tries to load it directly?
XMLHttpRequest cannot load http://invoiceninja.localdomain.com:81/storage/u6nq0alhy5hvwgz4z1ffydn268eluxyh/xeGCn7Op7br70RPqr9HzN9TPOCUxI0nPnSDgsZby.png due to access control checks.

I noticed, that i can not open any PDFs in the App, too. Same error as above:
2023/02/06 09:30:52 [error] 40534#40534: *312777 open() “/var/www/client/invoice/gmlftxh2mibgjs8b2srplgffpktrjboa/download_pdf” failed (2: No such file or directory), client: 2.247.245.180, server: www.demo.com, request: “GET /client/invoice/gmlftxh2mibgjs8b2srplgffpktrjboa/download_pdf HTTP/1.1”, host: “www.demo.com”

Should i move invoiceninja to a subfolder on the local server?

david · February 6, 2023, 8:49am

You’ll need to double check the vhost configuration.

kaiman · February 6, 2023, 9:56am

I think I found the problem, but currently no solution.

I try to redirect a subfolder on reverse proxy to root of invoiceninja server.

Perhapes i need to create a subdomain to get this working.

kaiman · February 6, 2023, 12:47pm

Well, I created a new certificate and ninja is now running behind the reverse proxy.
I can open the app but noticed, that the pdf and company logo are not displayed. Searching around I found this strange behaviour:

URL is https://ninja.demo.com (also written in .env file)

XMLHttpRequest cannot load http://invoiceninja.localdomain.lan:81/storage/u6nq0alhy5hvwgz4z1ffydn268eluxyh/xeGCn7Op7br70RPqr9HzN9TPOCUxI0nPnSDgsZby.png due to access control checks.
XMLHttpRequest cannot load http://invoiceninja.localdomain.lan:81/client/invoice/vbc0nrkptaphjv4hia5dtnmfhtndvebw/download?t=1675687458626&t=1675687458626 due to access control checks.

It seems, that the system still tries to get the files locally?

david · February 7, 2023, 5:54am

This is a path to a file location. what is the HTTP code that is being thrown at this point?

kaiman · February 7, 2023, 6:01pm

well I added another redirect to the reverse proxy, so that http and https traffic is redirected.
Now it seems to be ok and everything is working.

cptdaydreamer · January 23, 2024, 12:32am

How does the block look? I’m having a mixed content problem and I guess I need it too.