Sonarr version (exact version): 2.0.0.4323 Mono version (if Sonarr is not running on Windows): 4.6.0.245-0.xamarix.4 OS: CentOS7 x64 ((Debug logs)): Nothing relevant from Sonarr, but here are the tcpdump’ed HTTP transactions, and the nginx configuration – http://pastebin.com/gaN7eQ9t Description of issue:
I’m trying to reverse proxy Sonarr using nginx. Even though I have a URL Base configured, Sonarr issues a HTTP 303 redirect to /, instead of the configured URL Base. I have the Base URL in Settings --> General configured to use “/sonarr”.
I would like Sonarr to respect it’s URL Base configuration, and not issue redirects to outside of that URL base, as I have other applications which rely on the / URI.
I’m new to Sonarr, but not to nginx. If you add a URI to the end of a proxy_pass URL (/sonarr in your suggestion), it will append the normalized request URI. Since the location (location /sonarr) and the proxied URI match, the two configs would function identically. The tcpdump’ed traffic between nginx and sonarr confirms that, since the POST URI goes to /sonarr.
Thanks for the restart suggestion, the sonarr service has been restarted a few times since I made the config change (for version updates, mostly), so that isn’t the fix.
Just to bring nginx completely out of the loop, I’ve tried making the same request directly to the Sonarr server, and the result was the same. I get a HTTP 303 telling me to go to /. The funny thing is, once I successfully log in, Sonarr is happy to work out of /sonarr, it’s just the login process which seems to jump out of the defined URL Base.
If you make a request to http://<internal_sonarr_host>:8989 with forms authentication enabled Sonarr will respond with a 303 with the Location header set to /sonarr/login?returnUrl=/. (assuming your URL base is set to /sonarr).
The POST goes to /sonarr/login because the URL is redirected there. (you can inspect the page and see the POST URL for the form).
Sonarr responds with a HTTP 303, Location value of /sonar/login?returnUrl=/sonarr/ (Normal and expected behaviour)
Browser requests http://<sonarr_server>:8989/sonarr/login?returnUrl=/sonarr/, and gets the login form page (normal and expected behaviour)
I fill in the Username/Password fields, click submit, and the browser issues a POST to http://<sonarr_server>:8989/sonarr/login?returnUrl=/sonarr, POST data containing username, password and rememberMe fields.
Sonarr responds with a HTTP 303 status, Location value of /, sets a “_ncfa” cookie (Abnormal behavior, Location value is outside of defined URL Base)
Browser requests http://<sonarr_server>:8989/ with the “_ncfa” cookie
Sonarr responds with a HTTP 303, Location value of /sonarr/
Browser requests http://<sonarr_server>:8989/sonarr/ with the “_ncfa” cookie, all traffic here on out appears to use the /sonarr/ URL base
Step 5 in the login process is where I’m having issues, and it appears to have nothing to do with my reverse proxy setup, as it occurs when directly connecting to the Sonarr server.
You mentioned “with forms authentication enabled”, and that prompted me to try the same setup with HTTP Basic (browser pop-up) authentication. Using that form of authentication works as expected, constraining all requests to the /sonarr/ base url. I suspect that the root cause of the problem is with the form based authentication process.
I’d like to keep form based auth functioning, but HTTP Basic auth is an OK workaround for me for now.
The issue is your reverse proxy is talking to the root of Sonarr, not including the URL base. If you repeat the steps you listed above and the proxy communicates with Sonarr on /sonarr instead of / the redirect URL will be correct (you will see ?returnUrl=/sonarr/ in the URL).
Telling your reverse proxy to talk to Sonarr using the correct URL Base should fix this.
The steps described above occurred when talking directly to sonarr, no reverse proxy involved. That’s why I said:
Step 5 in the login process is where I’m having issues, and it appears to have nothing to do with my reverse proxy setup, as it occurs when directly connecting to the Sonarr server.
You can disregard the reverse proxy aspect of my original question, as I have ruled out it’s role in the problem.
Your steps don’t align with what I’m seeing, if you go to localhost:8989/sonarr you don’t get redirected back to localhost:8989/ after login you go to localhost:8989/sonarr.
Going to localhost:8989/sonarr (captured with Fiddler):
The third to last request is the HTTP Post submitting the form login, which directs me to /.
I have no clue why your installation is behaving differently from mine. I’ve tried changing the Base URL (to /test), to see if there was some stuck at using /, but it resulted in the same behaviour.
I’m not sure if the URL Base is defined somewhere other than in the NzbDrone config.xml, but it appears to be set correctly there:
Pretty much where I’m at as well, I’m wondering if it’s the fact that the slashes in the redirect URL aren’t encoded and it’s behaving differently under mono, since that seems to be the only difference I see between our setups.
It looks like the default is to redirect to / if the redirectUrl in the login request isn’t provided (which would cause issues if you hit /sonarr/login directly. Just pushed a fix for the default redirect URL to the develop branch, I’d be curious to know if it fixes the issue for you as well.
Awesome, thanks for confirming. I suspect there is something else that originally causes it, but that was wrong so we fixed something. Appreciate all the information you were able to provide while troubleshooting.