Unable to view PDFs when on VPN

Ideally, we would like IN behind our FW and only accessible via VPN

When connected to the VPN (FW disabled) pdfs cannot be view and we get a 504 error

When disconnected from the VPN (FW disabled) pdfs can be viewed

Thoughts?

Hi,

@david do you have any ideas?

@McHenry What are you using for VPN? Maybe it’s something with the VPN that’s blocking PDF generation/viewing? We access our IN using Tailscale and do not have any problems with PDF viewing.

Edit: Do you have any malware or other scanning enabled on your local machine? That could also, inadvertently, be prohibiting you from viewing PDFs.

IN is hosted on a server on our corporate LAN what has both a public and private IP

I wish to disable the public IP so it will only be accessible via the LAN

When off the VPN the FQDN resolved to the public IP
When on the VPN the FQDN resolves to the private IP

Does this help at all?

Not exactly. It doesn’t really answer my questions.

That makes sense and is simply the DNS or proxy settings. The 504 is a gateway error related to your DNS and/or proxy settings and is not related to InvoiceNinja. It generally means that a timeout is occurring prior to the PDF being loaded.

There is a chance that someone needs to adjust the nginx or apache2 configuration.

Another option is to adjust the php.ini file for php or php-fpm and adjust max_execution_time to a higher number. Sometimes (rarely) you may need to adjust the php-fpm pool configuration to have a higher request_terminate_timeout value - but this is not common.

Given the somewhat vague information you’ve provided, I’d guess you are using a proxy and the easiest to do is update the nginx or apache2 config file.

Just out of curiosity, when connected with the VPN, can you download the PDF even if you cannot view it?

thanks northhill

No sure why 504 as the server can resolve the hostname as can my client. If it makes a difference.
My client resolves the hostname to be the internal IP whereas the server still resolves the hostname to the public IP. Both are accessible when I am connected via VPN.

No proxy employed. Using Nginx as the webserver (Docker install)

When connected to the VPN I have no pdf access.

You can still have a 504 error even if the host name is resolved. That can occur with serving different assets within the site, as well as the whole site itself. It just means there is a timeout before the server has time to generate and send you the pdf.

If you’re using Docker, then I believe that Caddy is used as a reverse proxy (and to get a TLS cert). At minimum, if you’re using Docker, there is some port forwarding happening to access it. That is either through Caddy or nginx and is a good chance of where the delay may be coming from.

I would start by checking the nginx config first. It’s simple and easy to do and could fix your problem.

I have just installed IN.

Next is the SSL cert setup. We have a cert to use so maybe this will make a difference.

I would not expect a TLS cert to make a difference with a timeout error. That is unless you’re using a config that includes timeout info along with your cert config.

True, I was thinking this would be the time to review the Nginx config file

Added SSL.
All works now. Strange!

1 Like

Great! Did you change your nginx config? Is that what got things working?

Yes, the SSL conf file is a new file.