Forum

Ask, reply and learn. Join the community of Akaunting.

New Discussion

Cannot Access Akaunting Via HTTPS

Calvin Levy   ( User )

Commented 6 years ago

Dear Akaunting Team and Users,


I have installed Akaunting 1.1.9 on CentOS 7.4-1708, Apache 2.4.6, PHP 7.1.11, MariaDB 5.5.56, and SELinux Enforcing  (Tested with SELinux set to Permissive also).  This installation is behind an Apache Reverse Proxy server.  When accessing locally and over the Internet using HTTP via the proxy server, all pages show properly and works flawlessly so far as tested.  However, when using HTTPS via the proxy server, the site seems to loose all CSS formatting although the site itself is accessible.  Have you guys experienced this yet?  I have not found a fix myself yet.


Interestingly enough, after logging out via HTTPS, I cannot login.  However, while already logged in via HTTP and switching to HTTPS while still actively logged in, I am able to navigate the unformatted pages.


UPDATED:  I have installed HTTPS locally on the Akaunting server.  Accessing via HTTPS on the local network all pages show properly and works flawlessly so far as tested.  I think the issue may be with passing the images through the proxy.


RESULTS:


HTTP on local network:  WORKS


HTTPS on local network:  WORKS


HTTP via proxy over Internet:  WORKS


HTTPS via proxy over Internet:  DOES NOT WORK

Sebastian Di Luise   ( User )

Commented 6 years ago

Havent test your kind of network installation through proxy, but... I remember having a proxy for users and used to have problems with my NAT and proxy configuration.  I had to mangle traffic to solve it, was a mikrotik router.  Sorry not too be helpfull...

Calvin Levy   ( User )

Commented 6 years ago

Thanks for your reply Sebastian.  I do have many other web applications using this exact setup successfully.  The odd thing to me is that it passes images using HTTP but not HTTPS.  So it works, just not over a secure channel.

Dhimas Widrayato   ( User )

Commented 6 years ago

Hi, Calvin.
You need to tell laravel that it's installed behind proxy. Fortunately there is plugin for this task you can use called fideloper/proxy.


You may want to support me to ask the developer of akaunting to include this plugin on this issue https://github.com/akaunting/akaunting/issues/190

Calvin Levy   ( User )

Commented 6 years ago

Hi Dhimas:


My initial notes above reflect the configuration of my environment.  I am using an Apache Reverse Proxy server.  Since my last post, I have at least identified what I think is the issue.  "Mixed Content".  Browsers are limiting the Akaunting web application over HTTPS by blocking loaded mixed active content.  Here's an excerpt from Mozilla (Firefox):


When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.


Starting with Firefox 23, Firefox blocks active mixed content by default. This follows a practice adopted by Internet Explorer (since version 9) and Chrome.


https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content?utm_source=mozilla&utm_medium=firefox-console-errors&utm_campaign=default


https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content


I have been focusing my efforts on a correct vhost configuration using Apache Reverse Proxy.  I have not tested the fideloper/proxy you mentioned in your post.  I've started studying it but no implementation yet. 


I am working a similar issue with another web application and hoping my efforts will get them both operating via the proxy correctly.  I have made great progress with the other app and hope to transfer my lessons learned to Akaunting.  I have to admit, I've having a tough time.  :-(  Hoping the Akaunting dev team or fellow user may have some insight.

Denis Dulici   ( Admin )

Commented 6 years ago

Hey guys,


Thanks for all your inputs.


I've not tested Akaunting on server with proxy but the fideloper/proxy package seems to resolve the issue so will add to the next release.


Regards

Calvin Levy   ( User )

Commented 6 years ago

Denis,


With great anticipation and appreciation..... Thank you!

Calvin Levy   ( User )

Commented 6 years ago

Hi again Dhimas:


Do you have a reference that you can point me to as to the how of implementing fideloper/proxy


Thank you, Calvin.

Denis Dulici   ( Admin )

Commented 6 years ago

Calvin, it comes in 1.1.10 version https://github.com/akaunting/akaunting/issues/190

Calvin Levy   ( User )

Commented 6 years ago

Thanks Denis.  I upgraded to 1.1.10 a few hours ago but saw no change.  I will change my Apache Reverse Proxy vHost configuration and make another attempt.  Are there any adjustments I need to make at the application layer?  ...which prompted my earlier request to Dhimas.


=== UPDATE ===


Modified vHost file.  No change.  Testing with Firefox, Chrome and Chromium on CentOS7 desktop.


Denis, by chance, have you been able to configure and test with a similar environment?  I know it's a bit much to ask, just curious.

Please login or register to leave a response.

Showing 1 to 10 of 16 discussions