Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 Invalid signature. #281

Open
mariushosting opened this issue Dec 11, 2024 · 13 comments
Open

403 Invalid signature. #281

mariushosting opened this issue Dec 11, 2024 · 13 comments
Labels
needs more information Further information is requested

Comments

@mariushosting
Copy link

I receive a 403 Invalid signature error message once I click on the link to Verify Email Address.
@Onatcer
Copy link
Contributor

Onatcer commented Dec 11, 2024

Hi, what setup are you using? Do you use the Docker Image and one of the self-hosting examples? SSL? Reverse Proxy?

@Onatcer Onatcer added the needs more information Further information is requested label Dec 11, 2024
@mariushosting
Copy link
Author

Hi, what setup are you using? Do you use the Docker Image and one of the self-hosting examples? SSL? Reverse Proxy?

Yes selfhost Docker and Reverse Proxy with SSL. I'm receiving the email with the https:// link but always get the 403 invalid signature error message.

@Onatcer
Copy link
Contributor

Onatcer commented Dec 11, 2024

can you go to <your-solidtime-instance>/health-check/debug and check if the output is correct according to this docs page: https://docs.solidtime.io/self-hosting/testing#health-checkdebug or post the output

@mariushosting
Copy link
Author

can you go to <your-solidtime-instance>/health-check/debug and check if the output is correct according to this docs page: https://docs.solidtime.io/self-hosting/testing#health-checkdebug or post the output

Everything looks ok. I followed all the instructions also the output is ok. Fresh installation give the same identical issue.

@Onatcer
Copy link
Contributor

Onatcer commented Dec 11, 2024

Invalid signatures usually occur when the application does not detect SSL or the hostname correctly, and therefore creates an incorrect hash. Do you use Traefik or a different reverse proxy? And i assume you are using the Docker latest tag?

@mariushosting
Copy link
Author

I'm using reverse proxy with Synology NAS and installed over 1K docker containers using Reverse Proxy https ssl. https://mariushosting.com/docker/ I'm experience issue only with solidtime.

I'm using docker :latest tag and also tried :main tag, same issue on both version.

@korridor
Copy link
Contributor

@mariushosting Are you sure that the value for secure is true in the health-check/debug endpoint?

@gokceno
Copy link

gokceno commented Dec 14, 2024

I'm experiencing the same issue. My setup is a bit more complex: I have Dokku installed on public facing IP, which runs a Caddy container, which proxies to port 8000 of the machine that hosts solidtime. Don't ask why :)

I cannot seem to get secure=true no matter what I do. I believe some headers get lost during transit. Help is much appreciated.

@mariushosting
Copy link
Author

@mariushosting Are you sure that the value for secure is true in the health-check/debug endpoint?

Yes I'm sure.

@CloudSensei-net
Copy link

I have the same issue with 403 invalid Signature. However, in my debug output, secure is false. What do I need to do to get it to be secure?

I'm using NGINX reverse proxy.

@CloudSensei-net
Copy link

I have the same issue with 403 invalid Signature. However, in my debug output, secure is false. What do I need to do to get it to be secure?

I'm using NGINX reverse proxy.

My issue turned out to be related to the reverse proxy configuration. It is sorted now and all is working fine.

@mariushosting
Copy link
Author

I have the same issue with 403 invalid Signature. However, in my debug output, secure is false. What do I need to do to get it to be secure?
I'm using NGINX reverse proxy.

My issue turned out to be related to the reverse proxy configuration. It is sorted now and all is working fine.

Can you explain your issue with the reverse proxy?

@CloudSensei-net
Copy link

CloudSensei-net commented Dec 18, 2024
edited
Loading

This is the config for the proxy server:

`
server {
listen 443 ssl;
server_name mycompany.com;
http2 on;
root /usr/share/nginx/html;

    ssl_certificate "/etc/letsencrypt/live/mycomapany.com/cert.pem";
    ssl_certificate_key "/etc/letsencrypt/live/mycompany.com/privkey.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_prefer_server_ciphers on;
    ignore_invalid_headers off;

location / {
    proxy_pass http://localhost:8000; # Replace with your backend server's address
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass_request_headers on;
    proxy_http_version                 1.1;

# Proxy SSL
    proxy_ssl_server_name              on;

# Proxy headers
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;

# Proxy timeouts
    proxy_connect_timeout              60s;
    proxy_send_timeout                 60s;
    proxy_read_timeout                 60s;
}

    error_page 404 /404.html;
    location = /404.html {
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }

}
`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs more information Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Onatcer @gokceno @korridor @mariushosting @CloudSensei-net