Requests under /exapps/ returning 401 unauthorized #61
Description
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- Deploy Windmill (Flow) using HARP deploy engine
- In windmill, create a flow that needs approval to continue
- Click on "Approval page" URL the flow generates
Expected behaviour
The approval page is shown
Actual behaviour
A plaintext "401 Unauthorized" is shown
Server configuration
Web server: Nginx
Database: MariaDB
PHP version: 8.4
Nextcloud version: 32.0.0
List of activated apps
Enabled:
- activity: 5.0.0-dev.0
- admin_audit: 1.22.0
- announcementcenter: 7.2.2
- app_api: 32.0.0
- approve_links: 1.2.0
- audioplayer: 3.6.1
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.0.2
- camerarawpreviews: 0.8.8
- circles: 32.0.0
- cloud_federation_api: 1.16.0
- collectives: 3.2.4
- comments: 1.22.0
- contactsinteraction: 1.13.1
- dashboard: 7.12.0
- dav: 1.34.2
- deck: 1.16.0
- external: 7.0.0
- federatedfilesharing: 1.22.0
- federation: 1.22.0
- files: 2.4.0
- files_accesscontrol: 3.0.1
- files_automatedtagging: 3.0.0
- files_downloadlimit: 5.0.0-dev.0
- files_external: 1.24.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_sharing: 1.24.0
- files_trashbin: 1.22.0
- files_versions: 1.25.0
- firstrunwizard: 5.0.0-dev.0
- forms: 5.2.2
- groupfolders: 20.1.2
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- mail: 5.5.11
- nextcloud_announcements: 4.0.0-dev.0
- notifications: 5.0.0-dev.0
- oauth2: 1.20.0
- password_policy: 4.0.0-dev.0
- photos: 5.0.0-dev.1
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recommendations: 5.0.0-dev.0
- related_resources: 3.0.0-dev.0
- richdocuments: 9.0.1
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- support: 4.0.0-dev.0
- survey_client: 4.0.0-dev.0
- systemtags: 1.22.0
- tables: 1.0.0
- text: 6.0.0-dev.0
- theming: 2.7.0
- twofactor_backupcodes: 1.21.0
- updatenotification: 1.22.0
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- weather_status: 1.12.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Nextcloud configuration
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"cloud.bjelopic.com",
"192.168.1.153"
],
"enabledPreviewProviders": [
"OC\\Preview\\Movie",
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\MP4",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\PDF",
"OC\\Preview\\TIFF",
"OC\\Preview\\Photoshop",
"OC\\Preview\\PhotoshopPSB",
"OC\\Preview\\Imaginary"
],
"forwarded_for_headers": [
"X-Forwarded-For",
"X-Real-IP"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "32.0.0.13",
"overwrite.cli.url": "http:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0
},
"filelocking.enabled": true,
"log_type": "file",
"logfile": "\/var\/www\/nextcloud-data\/nextcloud.log",
"loglevel": 1,
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl",
"app_install_overwrite": {
"1": "breezedark",
"2": "camerarawpreviews"
},
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"maintenance_window_start": 100,
"theme": "",
"defaultapp": "",
"enforce_theme": "",
"updater.release.channel": "beta",
"files.chunked_upload.max_size": 20971520,
"default_phone_region": "HR"
}
}
Browser
Browser name: Firefox
Browser version: 144.0.2
Operating system: Arch Linux
Other notes
I'm using Nginx Proxy Manager to forward requests to an LXC containing nextcloud on "bare metal". The LXC contains nginx that forwards requests to php-fpm. Adding a path "/exapps/" in Nginx Proxy Manager to point to HaRP port 8780 on that LXC results in the app succeding to load in the nextcloud interface, but the approval page public link results in a "401 Unathorized"
I noticed the windmill UI accessed through nextcloud is under "/apps/app_api/embedded/flow/flow", while the URL windmill generates is under "/exapps/".
When switching to docker-socket-proxy, windmill creates a URL under "/apps/api_api/embedded", and the approval page works but this requires the user to be logged in which I need to avoid.