Proxy server usage. In this case need to know how I can change django params?
Example for my microservices written with PHP..
$response = $response
->withHeader('Access-Control-Allow-Origin', $origin)
->withHeader('Access-Control-Allow-Headers', $headers)
->withHeader('Access-Control-Allow-Methods', $methods);
it needed, because proxy server and services has different ips
Well, do you see the misagocsrftoken cookie in your browser when you are accessing your Misago site?
Yes, I am. Token with value (hash), correct domain name, path as '/', secured Lax.
You need to check your proxy if it proxies cookies and header that site is running behind HTTPS.
POST /api/auth/ HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Content-Length: 33
Content-Type: application/json; charset=UTF-8
Cookie: misagocsrftoken=i6An6zlFzYJ7S9AhQNGTZzS8b0FT0oSl
Host: ...
Origin: https://...
Referer: https://...
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
X-CSRFToken: i6An6zlFzYJ7S9AhQNGTZzS8b0FT0oSl
X-Requested-With: XMLHttpRequest
sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
p.s. idk
You'll also need to support misagosessionid cookie which lets Misago associate CSRF token with a session it belongs to.
can't understand why nginx-proxy config file not modified
need testing with proxy_set_header Cookie $http_cookie;
Which file are you changing for NGINX? misago-docker only has volume on /config/vhost.d. If you are changing other files, you need to docker compose rebuild nginx-proxy
I tried to make volume for /etc/nginx/config/default.conf because I added new additional network in compose file and static IP for nginx-proxy server. So I need to change default server ip from 172.18.0.7 to my new (or add each one in the server upstream).
no rebuild command in my docker version :'\
and nginx main conf always rewrited :\
No rebuild command is impossible, you may be on old docker compose, then its docker-compose rebuild.
But if file is overwritten, it may be nginx-proxy image scripting.
But how you know if its NGINX not proxing cookies and not your own proxy?
idk. I experienced with apache+php only :\ In this case all works fine.
Why not remove nginx and lets encrypt and use your Apache proxy directly?
Because I not sure that I correctly understanding how misago must be configured in this case.
Whay does it mean "uwsgi" and "celery-worker"
lol ....sources in pypl? what.. I thought they are in git repo :\
PyPI is "Python Package Index". Released Python software is uploaded there to make it readily installalble to python package managers.
uwsgi is Python WSGI container. celery-worker is Misago's tasks queue. For example, sending notifications on new reply is done by it.
Misago awaits HTTP requests in misago service on port 3031. This is the UWSGI running Misago. Apache proxy should be configured so requests to /media/ should return files from /media/ directory and /static/ from /static/ directory. Thats it.
To show port 3031 on your host, you need to add this to misago service in docker-compose.yml:
ports:
- "3031:3031"
Apache proxy host with proxy_uwsgi_module
Nmap scan report for misago_docker-misago-1.custom_network (10.0.0.12)
Host is up (0.0000060s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
3031/tcp open eppc
doublekill :\
[Fri Mar 07 16:36:38.338222 2025] [proxy:error] [pid 9:tid 139879062428472] (111)Connection refused: AH00957: uwsgi: attempt to connect to 10.0.0.12:0 (10.0.0.12:0) failed
[Fri Mar 07 16:36:38.338234 2025] [:error] [pid 9:tid 139879062428472] [client 192.168.88.1:7842] AH10101: failed to make connection to backend: 10.0.0.12:0, referer: https://pro...
192.168.88.1 it's my router..
Nmap scan report for proxy-web-server-proxysrv-1.custom_network (10.0.0.10)
Host is up (0.0000060s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
What a hell is going on :)
But apache with some reason avoid 3031 by default
Solution: github.com/unbit/uwsgi/issues/1491 🤪
P.S. Now works fine. Cookie accepted!
UWSGI not for this, sure?
Nope. It can do it, but that's slow. Use Apache for this.
[pid: 9|app: 0|req: 7/25] 192.168.88.1 () {80 vars in 1591 bytes} [Sat Mar 8 01:40:42 2025] GET / => generated 15642 bytes in 56 msecs (HTTP/1.1 200) 8 headers in 393 bytes (1 switches on core 0)
[pid: 7|app: 0|req: 6/26] 192.168.88.1 () {78 vars in 1630 bytes} [Sat Mar 8 01:40:42 2025] GET /django-i18n.js?l=ru&v=b22f3d0942c5fe810c3618cdfc55d2191c738b0ebfea8c4f9764fab75cf626fb => generated 3227 bytes in 17 msecs (HTTP/1.1 200) 10 headers in 368 bytes (1 switches on core 0)
[pid: 8|app: 0|req: 7/27] 192.168.88.1 () {78 vars in 1772 bytes} [Sat Mar 8 01:40:42 2025] GET /media/avatars/0a/5c/XBtYJWlca73Ppem4pLfW0lBsLuvvvE7Y/nvkQOgV50RyZ1sgUB7u7xIdp1TNxeH5i.png => generated 13278 bytes in 28 msecs (HTTP/1.1 404) 8 headers in 400 bytes (1 switches on core 0)
[pid: 9|app: 0|req: 8/28] 192.168.88.1 () {78 vars in 1582 bytes} [Sat Mar 8 01:40:42 2025] GET /static/misago/css/misago.29b59cf4bb17.css => generated 13278 bytes in 30 msecs (HTTP/1.1 404) 8 headers in 400 bytes (1 switches on core 0)
[pid: 10|app: 0|req: 8/29] 192.168.88.1 () {78 vars in 1562 bytes} [Sat Mar 8 01:40:42 2025] GET /static/misago/js/vendor.e798ab2babb7.js => generated 13278 bytes in 28 msecs (HTTP/1.1 404) 8 headers in 400 bytes (1 switches on core 0)
[pid: 7|app: 0|req: 7/30] 192.168.88.1 () {78 vars in 1562 bytes} [Sat Mar 8 01:40:42 2025] GET /static/misago/js/misago.f13ef0a4d123.js => generated 13278 bytes in 27 msecs (HTTP/1.1 404) 8 headers in 400 bytes (1 switches on core 0)
Static files still generated on the uwsgi side/ but with 404 for the client.
Well, if you setup your Apache proxy to ask UWSGI for them, it will.
Sweet Apache :) It works. All done! Thx a lot for your support! Your really great man (or woman). Really helpful advises.