bug: Page 404

[frondesce]

Describe the bug

I set up Nginx proxy and when I want to access the admin management interface, a 404 page is displayed.

Expected behavior

Want to access the management interface normally.

How to reproduce?

According to my current configuration, directly access the https://172.18.40.99/admin address to reproduce

Context

My docker seeting is:
sudo docker run -d
--name logto
-p 3001:3001
-p 3002:3002
-e TRUST_PROXY_HEADER=1
-e ENDPOINT=https://172.18.40.99
-e ADMIN_ENDPOINT=https://172.18.40.99/admin
-e DB_URL=postgresql://postgres:[email protected]:5432/logto
ghcr.io/logto-io/logto:latest

My Nginx seeting is:
server {
listen 443 ssl;
server_name 172.18.40.99;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
    proxy_pass http://127.0.0.1:3001;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
}

location /admin {
    proxy_pass http://127.0.0.1:3002;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
}

}

• Logto Cloud
• Self-hosted, Logto version =
  • Container (Docker image)
  • Raw Node.js

Screenshots

[Mateleo]

Try http://172.18.40.99:3001/admin or http://172.18.40.99:3002/admin. (I'm not sure)

[frondesce]

尝试http://172.18.40.99:3001/admin或http://172.18.40.99:3002/admin。 （我不确定）

Thanks for the suggestion. I tried it and these two links still show page 404. The difference is that when I visit 3001, the page has a return button, but there is no response when I click it.

[charIeszhao]

I think your nginx config does not work because the rule for admin endpoint (3002) will fall to the root endpoint (3001) first...
In other words, if you configure your proxy like this, the requests will never go to your admin endpoint (3002).

So it ends up trying to find a page route called /admin in the application running at 3001, which is expected to have 404 instead.

Check our official documentation for reverse proxy configuration:
https://docs.logto.io/docs/recipes/deployment/#reverse-proxy

[frondesce]

I think your nginx config does not work because the rule for admin endpoint (3002) will fall to the root endpoint (3001) first... In other words, if you configure your proxy like this, the requests will never go to your admin endpoint (3002).

So it ends up trying to find a page route called /admin in the application running at 3001, which is expected to have 404 instead.

Check our official documentation for reverse proxy configuration: https://docs.logto.io/docs/recipes/deployment/#reverse-proxy

Thank you for your answer. I modified my Nginx configuration according to the official documentation, but it doesn't seem to solve the problem.
Now my configuration is as follows:

`server {
listen 443 ssl;
server_name 172.18.40.99;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

location ^~ /admin {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;

    proxy_pass http://127.0.0.1:3002;
}

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;

    proxy_pass http://127.0.0.1:3001;
}

error_log /var/log/nginx/debug.log debug;

}`

This way it will give priority to the management interface that matches port 3002. But the result is same.

On the deployed machine, I use curl to directly access the http interface, and I can see the welcome field returned.
curl http://localhost:3002 Redirecting to <a href="/console/welcome">/console/welcome</a>.
So, it should still be a problem with Nginx configuration?

[charIeszhao]

^~ means "starts with"... And your URL ends with /admin.

[LeVraiRoiDHyrule]

Hi,
Did you solve your problem?
I am facing a 404 too (both on admin and normal sites) and I can't find what I am doing wrong. My setup is the following:

 logto:
    image: svhd/logto:latest
    container_name: logto
    restart: unless-stopped
    platform: ${PLATFORM}
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - TRUST_PROXY_HEADER=1
      - DB_URL=postgres://postgres:p0stgr3s@logto-db:5432/logto
      - ENDPOINT=https://logto.${DOMAIN}
      - ADMIN_ENDPOINT=https://logto.${DOMAIN}/admin/
    networks:
      - services
      - logto
    depends_on:
      logto-db:
        condition: service_healthy
    entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]

location /admin/ {
        etag off;
        set $backend3308 "http://logto:3002";
        proxy_pass $backend3308;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header X-Forwarded-Prefix "/admin/";

        proxy_buffering on;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_connect_timeout 60s;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;

}
location / {
        etag off;
        set $backend3309 "http://logto:3001";
        proxy_pass $backend3309;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header X-Forwarded-Prefix "/";

        proxy_buffering on;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_connect_timeout 60s;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;

ADMIN_ENDPOINT is configured, and I too am trying to have the admin UI on a subpath. This double subpath is working with every other site I have where I also have 2 different locations.

Do you have idea why I still have 404 ?

[charIeszhao]

Hi, Did you solve your problem? I am facing a 404 too (both on admin and normal sites) and I can't find what I am doing wrong. My setup is the following:

 logto:
    image: svhd/logto:latest
    container_name: logto
    restart: unless-stopped
    platform: ${PLATFORM}
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - TRUST_PROXY_HEADER=1
      - DB_URL=postgres://postgres:p0stgr3s@logto-db:5432/logto
      - ENDPOINT=https://logto.${DOMAIN}
      - ADMIN_ENDPOINT=https://logto.${DOMAIN}/admin/
    networks:
      - services
      - logto
    depends_on:
      logto-db:
        condition: service_healthy
    entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]

location /admin/ {
        etag off;
        set $backend3308 "http://logto:3002";
        proxy_pass $backend3308;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header X-Forwarded-Prefix "/admin/";

        proxy_buffering on;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_connect_timeout 60s;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;

}
location / {
        etag off;
        set $backend3309 "http://logto:3001";
        proxy_pass $backend3309;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;

        proxy_set_header X-Forwarded-Prefix "/";

        proxy_buffering on;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        proxy_connect_timeout 60s;
        proxy_read_timeout 60s;
        proxy_send_timeout 60s;

ADMIN_ENDPOINT is configured, and I too am trying to have the admin UI on a subpath. This double subpath is working with every other site I have where I also have 2 different locations.

Do you have idea why I still have 404 ?

I think the issue comes from here:

ADMIN_ENDPOINT=https://logto.${DOMAIN}/admin/

Try https://logto-admin.${DOMAIN}/ or https://admin.logto.${DOMAIN}/ instead.

[frondesce]

^~ means "starts with"... And your URL ends with /admin.

Thanks for pointing out the error. I changed this so now instead of Page 404 it's ERR_SSL_PROTOCOL_ERROR.
This should still be related to my Nginx configuration, I will continue to debug.

[charIeszhao]

I'm closing the issue right now since the original issue is resolved. Please feel free to open a new one if needed.