Nginx Proxy in front of Companion


#1

Hey all,

I am trying to setup Companion, but am having issues with my integration.

I have an nginx reverse proxy sitting in front of Companion stand-alone so that I can provide valid https. So far everything works (as in connecting to oauth service such as dropbox), but I cannot actually initialize the upload. When I try to do so, in the browser console I get the following error:

.

However, if I upload using the “My Device” option which uses TUS, there is no issues. I have TUS setup the same way as I’m trying to set up Companion (behind a nignx reverse proxy).

Here is my nginx reverse proxy config (just the location block):

    location / {
        # Forward incoming requests to local companion instance
        proxy_pass http://localhost:3020;

        # Disable request and response buffering
        proxy_request_buffering  off;
        proxy_buffering          off;
        proxy_http_version       1.1;

        # Add X-Forwarded-* headers
        proxy_set_header X-Forwarded-Host $hostname;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header         Upgrade $http_upgrade;
        proxy_set_header         Connection "upgrade";
        client_max_body_size     0;

    }

Thanks!


#2

Hi Tyler, do you mind sharing the full Nginx conf? It seems to do a 301 redirect. Looking at the full config might help us understand why that is


#3

Sure thing.

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/upload-companion.livestormsvideo.com/before/*;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name upload-companion.livestormsvideo.com;
    root /home/forge/upload-companion.livestormsvideo.com/;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/upload-companion.livestormsvideo.com/412376/server.crt;
    ssl_certificate_key /etc/nginx/ssl/upload-companion.livestormsvideo.com/412376/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/upload-companion.livestormsvideo.com/server/*;

    location / {
        # Forward incoming requests to local companion instance
        proxy_pass http://localhost:3020;

        # Disable request and response buffering
        proxy_request_buffering  off;
        proxy_buffering          off;
        proxy_http_version       1.1;

        # Add X-Forwarded-* headers
        proxy_set_header X-Forwarded-Host $hostname;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_set_header         Upgrade $http_upgrade;
        proxy_set_header         Connection "upgrade";
        client_max_body_size     0;

    }
    
}

# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/upload-companion.livestormsvideo.com/after/*;

Thanks!


#4

What about your includes? I’m mostly looking for a bit that e.g. redirects to use trailing slashes. That could throw a 301 that we’re not expecting, maybe.

I’m also wondering what happens when you target Companion directly, does it work then? Or also throws the 301?


#5

I just went through and found nothing about trailing slashes.

Also, I’m not sure how I would target Companion directly as Dropbox only allows https as redirects.


#6

Ok, I tried it without https and nginx proxy and it works fine. Is there anyway to get it to work with valid https?


#7

Ok, I went ahead and spun up a server and only installed nginx and done the reverse proxy that way and everything works fine. I’m thinking it’s something conflicting on the main box.


#8

Is there maybe also HAProxy installed or is it behind a service like ALB or CloudFlare which can do 301 redirects on your behalf? If not and it’s really nginx, enabling the debug log on Nginx will reveal why it is redirecting.