What set up are you using Self Hosted - PHP-F

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Can't stay logged in after update about leantime HOT 11 CLOSED

nickian commented on June 21, 2024

Can't stay logged in after update

from leantime.

Comments (11)

phires commented on June 21, 2024

I'm having the same issues, but I'm running it as a docker container.

Downgrading to 3.1.1 fixes the issue for now.

from leantime.

marcelfolaron commented on June 21, 2024

Are you running Leantime behind a proxy?
We hardened our session management and part of the hash now includes HTTP_HOST and the ip address from which the request originated. If those things change you will be logged out.

Additionally the cookie sameSite parameter was set to "Strict"

Can you check if there are any errors in logs/error.log ? If there is a session mismatch (client ip + http_host) there will be entries stating: "failed ip and host check"

from leantime.

nickian commented on June 21, 2024

I'm not using Docker with a reverse proxy. Just PHP-FPM 8.1 and Nginx. My Nginx config looks like this:

server {
    listen 80;
    listen [::]:80;
    server_name projects.mydomain.com;
    return 301 https://$server_name$request_uri;
}

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name projects.mydomain.com;
    set $base /path/to/projects.mydomain.com/www;
    root $base/public;

    error_log /path/to/projects.mydomain.com/log/error.log;
    access_log /path/to/projects.mydomain.com/log/access.log;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # index.php
    index index.php;

    location ~.php$ {
        # 404
        try_files $fastcgi_script_name =404;

        # default fastcgi_params
        include fastcgi_params;

        # fastcgi settings
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;

        # fastcgi params
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
        fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # additional config
    # favicon.ico
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # robots.txt
    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

      # assets, media
    location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
        expires 7d;
        access_log off;
    }

    # svg, fonts
    location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
        add_header Access-Control-Allow-Origin "*";
        expires 7d;
        access_log off;
    }

    # gzip
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

}

from leantime.

nickian commented on June 21, 2024

I thought maybe it was Cloudflare or my floating IP, but I've tried disabling proxying and even just putting the direct IP of the server in my local hosts file. Makes no difference.

from leantime.

MNylif commented on June 21, 2024

@marcelfolaron,

I have tried installing this and running this all the ways the documentation instructs even using panels like Cloudron, and other devs to help me with this. It the login bugs out and I am unable to get in. I use Cloudflare and even changing those settings didn't help.

After logging in, this is immediately what pops up. After you sign in again, it just goes back to the main login page.

from leantime.

marcelfolaron commented on June 21, 2024

Can you set the debug flag to 1 (in your config) and post the contents of logs/error.log within the leantime directory? Also can you try updating to 3.1.3. I added an additional check to the session manager which may address the issue.

…

On Tue, Apr 30, 2024 at 12:31 MNylif ***@***.***> wrote: @marcelfolaron <https://github.com/marcelfolaron>, I have tried installing this and running this all the ways the documentation instructs even using panels like Cloudron, and other devs to help me with this. It the login bugs out and I am unable to get in. I use Cloudflare and even changing those settings didn't help. After logging in, this is immediately what pops up. After you sign in again, it just goes back to the main login page. Screenshot.2024-04-30.at.11.29.10.AM.png (view on web) <https://github.com/Leantime/leantime/assets/133275670/b00dc48d-96d4-4eac-8678-26e7af4610dc> — Reply to this email directly, view it on GitHub <#2487 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALG4EFR7SLJTFFQGBKFPO7LY77BPLAVCNFSM6AAAAABGVKS3JOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBVHA4TAMRWHE> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from leantime.

nickian commented on June 21, 2024

I reinstalled with 3.1.3 and the issue is resolved. Thanks!

from leantime.

marcelfolaron commented on June 21, 2024

Glad that fixed it. My guess is that HTTP_HOST is not set under some circumstances or potentially changes. Which is why it was resetting the session. I am now using SERVER_NAME is backup in case http_host is not set.

from leantime.

typkrft commented on June 21, 2024

@marcelfolaron What is the expected way to resolve this for docker and reverse proxies. I didn't see any new instructions for configuration. I'm tagging you because I didn't want to create a new issue.

I've got traffic coming through cloudflare and then traefik to the leantime docker container.

Attempted running latest as of today, 3.1.4, 3.1.3, 3.1.2.

Downgrading to 3.1.1 does resolve the issue for me.

from leantime.

marcelfolaron commented on June 21, 2024

Can you ensure that your reverse proxy forwards the remote_address of the user? That should fix it.

…

On Mon, May 6, 2024 at 09:17 Brandon ***@***.***> wrote: @marcelfolaron <https://github.com/marcelfolaron> What is the expected way to resolve this for docker and reverse proxies. I didn't see any new instructions for configuration. I'm tagging you because I didn't want to create a new issue. I've got traffic coming through cloudflare and then traefik to the leantime docker container. Attempted running latest as of today, 3.1.4, 3.1.3, 3.1.2. Downgrading to 3.1.1 does resolve the issue for me. — Reply to this email directly, view it on GitHub <#2487 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALG4EFRTGJROV6JG5VSNDDLZA57F5AVCNFSM6AAAAABGVKS3JOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJVHE4TQNZUGM> . You are receiving this because you were mentioned.Message ID: ***@***.***>

from leantime.

typkrft commented on June 21, 2024

Maybe this isn't what you are looking for, but after passing through Cloudflare, Traefik, and Authentik here are some ideas regarding the headers that are making there way to leantime.

notable headers

IP: Some Docker Container IP 172.x.x.x
RemoteAddr: Docker Router 172.x.x.1
Cf-Connecting-Ip: Real IP - From Cloudflare
X-Forwarded-For: 172.x.x.x Docker Client Same as X-Real-IP
X-Real-Ip: 172.x.x.x

from leantime.

Can't stay logged in after update about leantime HOT 11 CLOSED

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs