Webmin: Cannot login through nginx reverse proxy
288
Try this solution, it works for me well:
/etc/webmin/config
:
webprefix=/webmin
webprefixnoredir=1
relative_redir=0 # pay attention on this
referer=www.examle.com
/etc/webmin/miniserv.conf
:
cookiepath=/webmin
nginx config:
location /webmin/ {
proxy_pass http://localhost:10000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Do not add proxy_set_header Host $host;
, it won't work.
Webmin should be available on http://www.examle.com/webmin/
Related videos on Youtube
Author by
ms123
Updated on September 18, 2022Comments
-
ms123 almost 2 years
I'm looking for a way to create programmatically a reeder-like list (like here http://reederapp.com/mac/_screens/img/2.png - the list with the article's summary). What is the kind of element used? Is there any example that shows how to do that?
Thanks a lot
-
rob mayoff over 12 yearsAre you talking about the list on the left or the list in the middle? Do you want to do it on iOS or on Mac OS X?
-
BBB almost 9 yearsFor what its worth, my configuration is the same as serverfault.com/questions/443482/proxying-webmin-with-nginx (as is my problem, only this fix doesn't work for me). I also found this article helpful and have tried these suggestions: serverfault.com/questions/98987/…
-
closetnoc almost 9 yearsIf you look at your paths in the example you are giving, the problem appears to lie within the proxy itself. As a side note, this is a security risk that you are opening up. Make sure that you have secure usernames and hardened passwords and keep an eye on your Webmin log.
-
BBB almost 9 yearsThanks... I'll look more at the proxy, but any suggestions? I just posted the nginx code above for review. Thanks for the note on security... I think I'm good because webmin is behind an internal auth setup, uses good usernames and strong passwords, and two factor auth is enabled.
-
closetnoc almost 9 yearsThe only quick thing I see is that you may want to try removing the trailing slashes in your proxy settings such as proxy_redirect 127.0.0.1:10000 site.example.com/webmin and proxy_pass 127.0.0.1:10000. Your failed attempt had two // slashes. Worth a try.
-
BBB almost 9 yearsMany thanks! Removing the trailing slash from
proxy_pass
got rid of the double slash in the log and added 'webmin' (I tried removing it from each place separately, and the trailing slashes onproxy_redirect
had no effect on the log. BEFORE:[client ip] - - [27/Jul/2015:00:21:13 -0400] "POST //session_login.cgi HTTP/1.0" 401 2854
AFTER:[client ip] - - [27/Jul/2015:00:21:53 -0400] "GET /webmin/session_login.cgi HTTP/1.0" 401 2854 [client ip] - - [27/Jul/2015:00:22:06 -0400] "POST /webmin/session_login.cgi HTTP/1.0" 401 2854
-
closetnoc almost 9 yearsGlad it works!! You were smart to try each piece one at a time. That indicates to me that you will be a great webmaster/IT professional! It is a scientific approach- reason and deduction.
-
BBB almost 9 yearsThanks :-) Unfortunately... it's not fixed. It does show /webmin/ instead of a double slash, which seems logical, but I'm not actually sure it's better. example.com/webmin/ should be proxied to example.com:10000 (i.e. example.com/webmin/test/ should show up as example.com:10000/test in the log... the /webmin shouldn't be part of the URL passed to port 10000. At least, maybe. I'm still playing but the browser behavior (aka the problem) hasn't changed.
-
closetnoc almost 9 yearsAh! NUTS!! I will have to think on this a bit. Nginx did not exist when I was doing network stuff, but it seems simple enough.
-
closetnoc almost 9 yearsI am in chat. Juggling between two people though... when it rains it pours.
-
closetnoc almost 9 yearsI noticed that in serverfault.com/questions/443482/proxying-webmin-with-nginx the proxy_redirect was below the proxy_pass but you have it the other way around here... not sure what difference that makes yet. Something to try.
-
-
BBB almost 9 years
Set-Cookie: testing=1; path=/; httpOnly
-
BBB almost 9 years
pragma: no-cache Expires: Thu, 1 Jan 1970 00:00:00 GMT
-
BBB almost 9 years
Cache-Control: no-store, no-cache, must-revalidate
-
BBB almost 9 years
Cache-Control: post-check=0, pre-check=0
-
Mike -- No longer here almost 9 yearsThat suggests that maybe you have the system in a special testing-only mode. The cookie that should be returned should be a unique value to the user depending on who is logged in unless logins are tracked in a server database by IP address which I don't recommend because if someone logs in on a LAN then another computer connected to the same LAN would be logged in automatically because the IP address of both computers to the world is the same.
-
BBB almost 9 yearsThis definitely isn't my expertise, and there may be something wrong here... but presumably there'd be a unique session identifier if I were logged in. Either way, it seems like its set to not cache (and cache is a false expiration date-- in the past). (I think?) I did a quick search, and it seems like testing=1 may be something the webmin folks left in there, but I'll check it out more thoroughly.
-
closetnoc almost 6 yearsIt appears there may be some typos. I am not sure if they are deliberate. Can you double check? Cheers!!