1.8.4 Can't access panel if setupped Listen URL parametr

Question

1.8.4 Can't access panel if setupped Listen URL parametr

UdoChudo opened this issue 3 months ago · comments

Udo commented 3 months ago

Describe the bug
After upgrading x-ui image from 1.8.3 to 1.8.4 i can't access to my panel

My setup:
INTERNET -> NGINX with https://example.com/x-ui/ > http://ip:port/x-ui/

To Reproduce
Steps to reproduce the behavior:

Setup x-ui to listen Domain (example.com)
Setup x-ui URI path
Setup nginx with example.com/x-ui/ location
Nginx Config

location /x-ui/ {
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 52w;
        proxy_pass http://ip:port/x-ui/;
        }

Get access error

pulsarice · Answer 1 · Sat Jun 29 2024 05:57:40 GMT+0800 (China Standard Time)

I have a similar problem on v1.8.4. When Listen Domain is set, access to the panel is not possible.
Downgrading to v1.8.3 resolved the issue.

I don't know if this information is helpful:
I'm not using Nginx reverse proxy.
I'm using cloudflare CDN proxy to access the panel (on a non-standard port, utilizing cloudflare's origin rules to rewrite destination port number)

Alireza Ahmadi · Answer 2 · Sat Jun 29 2024 22:32:21 GMT+0800 (China Standard Time)

Using Listen Domian is to limit access to the panel only by this domain.

If you have problem, you should debug the proxy and receved requests.
You can test it simply by a curl command:

curl -H "Host: example.com" http://ip:port/x-ui

pulsarice · Answer 3 · Sat Jun 29 2024 23:13:19 GMT+0800 (China Standard Time)

x-ui installed on a test VM, no tls,
webDomain example.com
webBasePath /path/

Version 1.8.3

root@debian:~# curl http://127.0.0.1:54321/path/ -i
HTTP/1.1 403 Forbidden
Date: Sat, 29 Jun 2024 14:58:33 GMT
Content-Length: 0

root@debian:~# curl -H "Host: example.com" http://127.0.0.1:54321/path/ -i
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jun 2024 14:58:54 GMT
Transfer-Encoding: chunked

<!DOCTYPE html>
<html lang="en">
...

Upgraded to version 1.8.4

root@debian:~# curl http://127.0.0.1:54321/path/ -i
HTTP/1.1 403 Forbidden
Date: Sat, 29 Jun 2024 15:01:54 GMT
Content-Length: 0

root@debian:~# curl -H "Host: example.com" http://127.0.0.1:54321/path/ -i
HTTP/1.1 403 Forbidden
Date: Sat, 29 Jun 2024 15:09:25 GMT
Content-Length: 0

pulsarice · Answer 4 · Sat Jun 29 2024 23:51:37 GMT+0800 (China Standard Time)

I tested something else, If I include port number in Host header, the request succeeds:

version 1.8.4

root@debian:~# curl -H "Host: example.com" http://127.0.0.1:54321/path/ -i
HTTP/1.1 403 Forbidden
Date: Sat, 29 Jun 2024 15:49:13 GMT
Content-Length: 0

root@debian:~# curl -H "Host: example.com:54321" http://127.0.0.1:54321/path/ -i
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Jun 2024 15:49:27 GMT
Transfer-Encoding: chunked

<!DOCTYPE html>
<html lang="en">
...

Alireza Ahmadi · Answer 5 · Sun Jun 30 2024 00:32:23 GMT+0800 (China Standard Time)

OK! I have found it.
It happened after this change: 6c36c19

It seems gin package has an issue with this from long time ago.
I will role it back.

Alireza Ahmadi · Answer 6 · Sun Jul 14 2024 09:36:30 GMT+0800 (China Standard Time)

This problem is now solved and will be available in next release