Cannot create form

[j0fr3y]

Setup went great and everythig is installed correctly via docker simple setup, but when i try to create a new form the spinner spins for a second and nothing happens. I am using Safari on an ipad. When opening console. It gives me an 403 Unauthenticated. Settings and API Token generation works.

[PhilReinking]

Hey @j0fr3y, I was unable to reproduce that with my setup. Anything else you did there? Do you use a proxy in front of the app?

[j0fr3y]

Hey Philipp, unfortunately not. I did double check with this command.
docker run -d -p 8080:8080 --name input -v input-data:/var/www/html/storage -e APP_URL=http://192.168.178.58 ghcr.io/deck9/input:main I again got the 401 error on /api/forms. I guess something is broken within my server.

[shurco]

I have the same error - clean install

# Create Docker Volume
docker volume create input-data

# Run the container using port 8080 on the host
docker run -d -p 8080:8080 --name input \
    -v input-data:/var/www/html/storage \
    ghcr.io/deck9/input:main

[f0sh]

@PhilReinking I ran into the same issue. No proxy, just the vanilla image.

Steps to reproduce

Deployed with docker-compose (Docker Standalone 20.10.20)

version: '3.2'
services:
    input:
      image: ghcr.io/deck9/input:main
      container_name: input
      hostname: input
      volumes:
        - input-data:/var/www/html/storage
      ports:
        - 8080:8080
      restart: unless-stopped

volumes:
  input-data:

Container starts succesfully and the registration process can be done. However, after the setup is done, GET on /api/forms returns a 401. Clicking on Create a form triggers a POST on /api/forms with the same 401.

failed to load resource: the server responded with a status of 401 (Unauthorized) :8080/api/forms:1

Edit:
It might be already logical, but for being clear the server response of the request is

{"message":"Unauthenticated."}

Container Log

   INFO  Nothing to migrate.  
2024-03-06 17:10:30,579 INFO supervisord started with pid 11
2024-03-06 17:10:31,583 INFO spawned: 'artisan-schedule' with pid 12
2024-03-06 17:10:31,587 INFO spawned: 'nginx' with pid 13
2024-03-06 17:10:31,591 INFO spawned: 'php-fpm' with pid 14
[06-Mar-2024 17:10:31] NOTICE: fpm is running, pid 14
[06-Mar-2024 17:10:31] NOTICE: ready to handle connections
   INFO  No scheduled commands are ready to run.  
2024-03-06 17:10:32,922 INFO success: artisan-schedule entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-03-06 17:10:32,922 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-03-06 17:10:32,922 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
123.123.123.123 - - [06/Mar/2024:17:11:02 +0000] "\x16\x03\x01\x02S\x01\x00\x02O\x03\x03\x06\xB4\xAD\xBB8\x9A\xBB\xC0\xCA\xC5\xFB\x04;-\xB9\x90khg\x96\x8E\xFE\xE2|\xB2\x9Cw\x9D\xBD}\xD9\xE0 \x86\xE0\x22\x13\xA4\xA2\x5CM\x0CB\xC6=\x81\x96\x8D\xC3Yz\xCDKru\x89<pe\x8F\xC7\xA3\xE3\x09\xA2\x00 jj\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\xE6" 400 150 "-" "-" "-" 0.203 - . -
123.123.123.123 - - [06/Mar/2024:17:11:03 +0000] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03?\xC4\xA0\x9F/\x80\x8F\x06B\xE3\xB3!\x81\x08,\x08\xA8|\x9E\xE3\x15\xC2\xF7\xD0\x9A\xC2\x05\xE4\xE0o\xC2\xC2 \x8F\x9E\xD8\xF1\xBB@U6kB\xE5N\xF4\xEAX\xC0=\xCE9\xD2\xF5\xD4\x07\xBEm\xE4Z6\x9D8\x12j\x00 \xBA\xBA\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93ZZ\x00\x00Di\x00\x05\x00\x03\x02h2\x00" 400 150 "-" "-" "-" 0.203 - . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET / HTTP/1.1" 302 394 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.493 0.494 . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET /login HTTP/1.1" 302 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.060 0.060 . -
123.123.123.123 - - [06/Mar/2024:17:11:04 +0000] "GET /register HTTP/1.1" 200 9998 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.072 0.072 . -
123.123.123.123 - - [06/Mar/2024:17:11:05 +0000] "GET /build/app/assets/Register-ab7ee7a5.js HTTP/1.1" 200 3520 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.000 - . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "POST /register HTTP/1.1" 302 370 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.148 0.148 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET / HTTP/1.1" 302 422 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.037 0.037 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET /teams/create HTTP/1.1" 200 571 "http://my.host.com:8080/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.029 0.024 . -
123.123.123.123 - - [06/Mar/2024:17:11:16 +0000] "GET /build/app/assets/Create-ed6e822d.js HTTP/1.1" 200 2186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.000 - . -
123.123.123.123 - - [06/Mar/2024:17:11:21 +0000] "POST /teams HTTP/1.1" 302 370 "http://my.host.com:8080/teams/create" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.056 0.051 . -
123.123.123.123 - - [06/Mar/2024:17:11:21 +0000] "GET / HTTP/1.1" 200 606 "http://my.host.com:8080/teams/create" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.023 0.023 . -
123.123.123.123 - - [06/Mar/2024:17:11:22 +0000] "GET /api/forms HTTP/1.1" 401 41 "http://my.host.com:8080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.013 0.013 . -
123.123.123.123 - - [06/Mar/2024:17:12:57 +0000] "POST /api/forms HTTP/1.1" 401 41 "http://my.host.com:8080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" "-" 0.036 0.036 . -

[coreyandrews]

I have the same issue. Same setup as above, but trying with Firefox.

[f0sh]

I was playing around and somehow had the feeling, it's because of an missing tls encrypted connection to get cookie data etc.
Turns out, that this solved the problem and I got it working after using an tls encrypted https:// connection instead of plain http://.

However I'm still not 100% sure, what is the reason, why a plain http:// connection doesn't work for the API.

[PhilReinking]

@f0sh thanks for the docker-compose.yml. I tried to reproduce it like that. For me, it works as long as I access it directly without proxy via localhost:8080.

I get the unauthenticated error only if I set up a Proxy in front of the docker image. The reason it then stops working is, that the app uses a stateful authentication via cookies. There is a middleware preventing the cookies from working if the Host is not trusted.

Usually, this means setting the APP_URL env to the value the application is accessed through.

Can any of you guys confirm that you had somehow set up a proxy and not set the APP_URL?

I mean, if this is the problem, I really need to clarify that in the docs or think of another authentication method that does not produce errors like this.

[f0sh]

@f0sh thanks for the docker-compose.yml. I tried to reproduce it like that. For me, it works as long as I access it directly without proxy via localhost:8080.

I get the unauthenticated error only if I set up a Proxy in front of the docker image. The reason it then stops working is, that the app uses a stateful authentication via cookies. There is a middleware preventing the cookies from working if the Host is not trusted.

Usually, this means setting the APP_URL env to the value the application is accessed through.

Can any of you guys confirm that you had somehow set up a proxy and not set the APP_URL?

As seen in the logs I directly accessed the container without any proxy. However I did not set the APP_URL parameter, as this was not mentioned in the Quick-Start section of the README.md. I only added the APP_URL after I put the container behind the proxy.

I just took my configuration and setup as before and added the APP_URL and worked instantly.

version: '3.2'
services:
    input:
      image: ghcr.io/deck9/input:v1.8.2
      container_name: input
      hostname: input
      volumes:
        - input-data:/var/www/html/storage
      ports:
        - 8080:8080
      restart: unless-stopped
      environment:
        - APP_URL="https://localhost:8080"

volumes:
  input-data:

I mean, if this is the problem, I really need to clarify that in the docs or think of another authentication method that does not produce errors like this.

Maybe the missing APP_URL was the issue for everyone here and the APP_URL parameter should be added to the QuickStart section of the README.md.

[PhilReinking]

@f0sh thx for testing and the PR.

I have an idea what could have caused the authentication error. But I am not sure why it was working on my machine nonetheless.

The default config for app url was set to localhost:8500 but the docker image is using localhost:8080 at one of the build steps. So this might be an issue, but I am not sure.

I just released a new version v1.8.3 where the default value for the app_url is also set to localhost:8080.

I really hope that this was the issue. Would be nice if you could test that again.

Regarding your PR, I probably will accept it as it is right now, but extend it a bit to have a more comprehensive guide on hosting the application, especially with a Proxy.

[shurco]

Don't work for me. Version 18.3. Return 403 error from click on invite link. My docker-compose:

version: '3.9'

services:
  input:
    image: ghcr.io/deck9/input:main
    container_name: input
    restart: always
    ports:
      - '8080:8080'
    volumes:
      - input-data:/var/www/html/storage
    environment:
      SESSION_DRIVER: redis
      CACHE_DRIVER: redis
      REDIS_HOST: redis
      REDIS_PORT: 6379
      APP_URL: https://input.site.com
      MAIL_FROM_ADDRESS: input@site.com
      MAIL_FROM_NAME: "Input Message"
      MAIL_MAILER: smtp
      MAIL_HOST: smtp.mailgun.org
      MAIL_PORT: 465
      MAIL_ENCRYPTION: tls
      MAIL_USERNAME: input@site.com
      MAIL_PASSWORD: 11111111111

  redis:
    image: redis:alpine
    container_name: redis
    volumes:
      - redis-data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      retries: 3
      timeout: 5s

volumes:
  input-data:
  redis-data:

[f0sh]

According to your configuration, the APP_URL doesn't match the port. If you don't use a proxy try:

APP_URL: https://input.site.com:8080

I just released a new version v1.8.3 where the default value for the app_url is also set to localhost:8080.

I really hope that this was the issue. Would be nice if you could test that again.

I was trying the new version, however out of the box it didn't seem to work for me also with :8080 port, no APP_URL env and non-https.

[shurco]

I use proxy (digitalocean balancer)

[PhilReinking]

Ok, thanks for the feedback of you guys. I will need to have a bit more time to look into it, hopefully today!

[PhilReinking]

Ok, I have another set of instructions for you guys. I already updated the README to include that.

If you are running the container behind a proxy, please make sure that your proxy is setting the following headers. Here an example for nginx:

location / {
    proxy_set_header Connection "";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_http_version 1.1;

    # Pass the request to the address of the docker container
    proxy_pass http://127.0.0.1:8080;
}

If the headers are not set, the application fails in using the cookie authentication. Can you confirm if this helps?

[PhilReinking]

@shurco when using digital ocean you might look into Proxy Protocol Setting: https://docs.digitalocean.com/products/networking/load-balancers/how-to/manage/#proxy-protocol

[gainerz]

Hi, still have issue on clean install
GET https://sub.mydomain.net/api/forms 401 (Unauthorized)
same on nginx with provided options and traefik

My yml file with traefik:

services:
traefik:
image: "traefik"
restart: always
command:
- "--api=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
- "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- traefik_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
input:
image: ghcr.io/deck9/input:main
restart: unless-stopped
hostname: input
ports:
- "127.0.0.1:8888:8080"
labels:
- traefik.enable=true
- traefik.http.routers.input.rule=Host(sub.mydomain.net)
- traefik.http.routers.input.tls=true
- traefik.http.routers.input.entrypoints=web,websecure
- traefik.http.routers.input.tls.certresolver=mytlschallenge
- traefik.http.middlewares.input-headers.headers.customFrameOptionsValue=SAMEORIGIN
- traefik.http.middlewares.input.headers.SSLRedirect=true
- traefik.http.middlewares.input.headers.STSSeconds=315360000
- traefik.http.middlewares.input.headers.browserXSSFilter=true
- traefik.http.middlewares.input.headers.contentTypeNosniff=true
- traefik.http.middlewares.input.headers.forceSTSHeader=true
- traefik.http.middlewares.input.headers.SSLHost=sub.mydomain.net
- traefik.http.middlewares.input.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.input.headers.STSPreload=true
- "traefik.http.middlewares.test-header.headers.customRequestHeaders.Connection="
- traefik.http.routers.input.middlewares=input@docker
environment:
- APP_URL="https://localhost:8888"
volumes:
- input-data:/var/www/html/storage
volumes:
traefik_data:
external: true
input-data:
external: true

[PhilReinking]

@j0fr3y @shurco @f0sh @gainerz just released a new version that should tackle the current problem with creating forms.

Can you please confirm that the issue is solved?

https://github.com/deck9/input/releases/tag/v1.8.4

[j0fr3y]

Yesss it works flawless on my Server. 🎉

[PhilReinking]

@j0fr3y thanks for testing it out so fast 😄 Will wait for other responses before closing it, but hopefully this issue is solved.

[f0sh]

@j0fr3y @shurco @f0sh @gainerz just released a new version that should tackle the current problem with creating forms.

Can you please confirm that the issue is solved?

https://github.com/deck9/input/releases/tag/v1.8.4

I'm currently away, but I'll try to test it, mid of next week.
@PhilReinking Thanks for your efforts.

[gainerz]

@f0sh still facing this problem on traefik setup. Later on i will check it with nginx again.