Reverse proxy now not working for some pages in 1.32.

[desertcroc]

Hi all,

I very recently upgraded from 1.28 where I had everything working properly as follows:

Zoneminder hosted on port 81 of local server (ie. http://192.168.11.42:81/zm)
Nginx reverse proxy exposes Zoneminder and encrypts traffic: https:/mydomain.com/zm-obfuscated

Since upgrading from 1.32, certain parts of the Zoneminder UI lead to 403 Forbidden errors from Nginx, because they are still trying to send to the /zm path, not /zm-obfuscated.

For example, the login screen loads, but after validating my info, the server response is trying to redirect my browser to:
https://mydomain.com/zm/index.php?view=console

If I press the back button and reload, the login page goes away and I'm in the ZM console. That means the login form submission succeeded. It's the following redirect that isn't sending me to the right place.

I'm not clear on whether this is an Nginx or a ZM issue, considering it used to work in 1.28.

THe Filters page also has issues. I can load the filter form, but pressing Execute sends me to a Forbidden page. Same with Deleting events. The form submits and the events are actually deleted, but it's redirecting to a /zm path.

Here's my nginx config:

Code: Select all

        location /zm-obfuscated/ {
                proxy_pass http://192.168.11.42:81/zm/;
                proxy_set_header HOST $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port "443";
                proxy_set_header Referer $http_referer;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_redirect off;
                proxy_set_header Accept-Encoding "";
                sub_filter "/zm/" "/zm-obfuscated/";
                sub_filter_once off;
                proxy_redirect "https://mydomain.com/zm/" "https://mydomain.com/zm-obfuscated/";
}

Note - I already manually patched some functions to handle X-Forwarded-Port and properly send the right port back. Otherwise, /cgi-bin/ was not working. This post solved that for me: viewtopic.php?t=27804

[desertcroc]

In case this helps someone, my issue was with proxy_redirect being passed a full URL rather than just a path. ZM now only sends /zm in the Location header, not a full host, so it wasn't matching. This must have changed since 1.28, which is what I upgraded from.

Also, I commented out proxy_redirect off; which I had pulled from another suggestion somewhere. I'm not sure if that was having an impact, but everything seems to be working now. New config below.

Code: Select all

location /zm-obfuscated/ {
                proxy_pass http://192.168.11.42:81/zm/;
                proxy_set_header HOST $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port "443";
                proxy_set_header Referer $http_referer;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Accept-Encoding "";
                sub_filter "/zm/" "/zm-obfuscated/";
                sub_filter_once off;
                proxy_redirect "/zm/" "/zm-obfuscated/";
}