PanSevence Posted April 29, 2023 Posted April 29, 2023 Hello, Yesterday I configured a server running on nginx, php8.1-fpm, and mysql57. Unfortunately, I am having a rather unusual problem with logging into the Admin CP panel. Logging into the forum works perfectly fine, but logging into the Admin CP is causing issues. When I try to access the Admin CP through the AdminCP button after logging into the forum, sometimes I am redirected to the AdminCP and I am logged in right away. My URL then looks like this: domain.com/admin and I am logged in. However, sometimes I get a window where I have to enter login credentials. I enter the correct login details and only the URL changes. At first, it looks like this: domain.com/admin/?app=core&module=system&controller=login&ref= and when I enter the correct credentials and click login, it changes to admin/?app=core&module=system&controller=login&error=&ref= and I am unable to log in. There is no message or error, only the page refreshes and &error=&ref= is added to the URL. This doesn't always happen, sometimes I am logged in right away, and sometimes the login window appears, causing this issue. If I log out of the AdminCP after being redirected and logged in right away, I am unable to log in again, and the above problem occurs once again. I would greatly appreciate any assistance. Thank you.
Jim M Posted April 29, 2023 Posted April 29, 2023 Would recommend that you check redirects on your server as it sounds like something is happening here in ACP. Maybe an HTTP to HTTPS redirect which is causing issues logging in.
PanSevence Posted April 29, 2023 Author Posted April 29, 2023 (edited) @Jim M I have a Let's Encrypt certificate installed, but in the configuration I have HTTPS set before the domain, so the URL is always HTTPS. Here's my nginx configuration. You can check my forum, as I've provided all the necessary information in the client area. server { listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; root /var/www; index index.php index.html; server_name domain.com; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.1-fpm.sock; } } Edited April 29, 2023 by PanSevence
Jim M Posted April 29, 2023 Posted April 29, 2023 Unfortunately, server configurations are not something which would be something we support. If you have any questions, asking your server administrator or hosting provider would be advised. With that said, if your software's conf_global.php file is not configured for HTTPS then this may be causing issues if the software is POST'ing to HTTP and then the server redirects to HTTPS.
PanSevence Posted April 29, 2023 Author Posted April 29, 2023 @Jim M I am a beginner server administrator, and I've tried to configure everything correctly. It seems that there are no errors, as the error.log for nginx doesn't report any issues. That's why I am looking for a solution here. In the conf_global file, I have set the base_url to https. This is quite a strange issue because logging into the forum works very well, but I only have this problem with the ACP. Why is it that when I click the Admin CP button, it redirects me to domain.com/admin and I'm logged in immediately, but sometimes a login screen appears and I have to enter my credentials? At that point, the URL looks like the one I mentioned in my first post, and it seems to cause a redirect as if there was some error, which there isn't.
Jim M Posted April 29, 2023 Posted April 29, 2023 8 minutes ago, PanSevence said: Why is it that when I click the Admin CP button, it redirects me to domain.com/admin and I'm logged in immediately, but sometimes a login screen appears and I have to enter my credentials? At that point, the URL looks like the one I mentioned in my first post, and it seems to cause a redirect as if there was some error, which there isn't. If you are logged into the ACP still this means that your session has not expired yet so there is no need for authentication. If you are presented the log in form, this means there is no active session so you would need to login in again. This intended and the ACP session would not be saved via a cookie, like the front-end sessions are so you would indeed need to login each time the session expires. 8 minutes ago, PanSevence said: I am a beginner server administrator, and I've tried to configure everything correctly. It seems that there are no errors, as the error.log for nginx doesn't report any issues. That's why I am looking for a solution here. In the conf_global file, I have set the base_url to https. I would advise working with a more advanced server administrator if you are having issues or troubleshooting your configuration by removing redirects. Redirect conflicts would not result in a server error log.
PanSevence Posted April 29, 2023 Author Posted April 29, 2023 @Jim M I will try to wait for a response from someone else who has had a similar issue of this type. It's a pretty standard installation that I've performed. I installed nginx, php8.1-fpm along with the necessary modules required by IPS, and I checked this using the ips4.php script. I also installed Let's Encrypt using certbot, as well as MySQL server and phpMyAdmin, and that's basically it. Basic nginx and php.ini configuration. It seems like it should work correctly, especially since logging into the forum is fine. The question is why the Admin CP causes such a redirect. Unless you, as a person from the team, know why the URL changes when pressing the login button from ?app=core&module=system&controller=login&ref= to admin/?app=core&module=system&controller=login&error=&ref= as if there was an error, while the page only refreshes without any error message.
Jim M Posted April 29, 2023 Posted April 29, 2023 The symptoms and URLs you are mentioning are indicative of a redirect conflict, which is why I have provided you that recommendation 😉
PanSevence Posted April 29, 2023 Author Posted April 29, 2023 Unfortunately, I don't have any rules that create redirects.
PanSevence Posted April 29, 2023 Author Posted April 29, 2023 (edited) @Jim M It seems that when you try to log in, you click the login button a few times and after the URL refreshes a few times, you eventually get logged in. However, an error message appears. Once you navigate to other tabs, the error disappears. The theme is set to default. https://gyazo.com/5f7c59aaa07739da3f5a3a85e199b70a exactly what the GIF with the problem shows. https://gyazo.com/48d9b4a132deaf9d1b59cf29682e99f0 Edited April 29, 2023 by PanSevence
Jim M Posted May 1, 2023 Posted May 1, 2023 That would likely still be a redirect error because the software is directing you to one place and then your server is directing to another. When they finally meet, you're getting logged in as expected or hitting a CSRF key error because the key expired in that time (expected security behavior). You would want to continue to investigate how your system is configured, especially with HTTP to HTTPS redirects. As you mentioned, the software is configured for HTTPS, there is no need to redirect this on the server side and it may be creating conflicts so disabling that would be advised.
PanSevence Posted May 1, 2023 Author Posted May 1, 2023 @Jim M I haven't created any redirects on the server side. Here's my complete Nginx configuration. nginx.conf user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; client_body_buffer_size 10M; client_body_timeout 300; client_max_body_size 100M; proxy_buffers 8 16k; proxy_buffer_size 16k; proxy_busy_buffers_size 32k; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; send_timeout 600; fastcgi_read_timeout 180; fastcgi_buffers 8 128k; fastcgi_buffer_size 128k; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; error_log /var/log/nginx/error.log; gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } site.conf server { listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sharegon.pl-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sharegon.pl-0001/privkey.pem; root /var/www; index index.php index.html; server_name sharegon.pl; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.1-fpm.sock; } location ~* \.(js|css|jpeg|jpg|gif|png|ico|map|webp)(\?|$) { try_files $uri /404error.php; } location / { try_files $uri $uri/ /index.php$is_args$args; } }
Jim M Posted May 1, 2023 Posted May 1, 2023 Unfortunately, as mentioned, I can only tell you from the software-side what is happening here. NGINX is not a supported web server so any support would need to go to your hosting provider or server administrator (or possibly an experience NGINX server admin can respond here).
Recommended Posts