lookupGetParam doesn't work (reverse proxy + authentication required)

Skip to first unread message


Dec 3, 2021, 4:42:52 PM12/3/21
to Yesod Web Framework
I have a very strange problem:

On my test system with stack ghci DevelMain these lines in a handler work as expected:

x <- lookupGetParam "test"
liftIO $ print x

On the production system, same code, same stack resolver, the same lines print "Nothing" under certain circumstances. No difference if stack install or stack ghci DevelMain was used.

More specifically lookupGetParam is Nothing iff the app runs behind a reverse proxy AND the page requires login (I am logged in)

It DOES work

- if the app does NOT run behind the reverse proxy (I used an ssh -NL tunnel)
- OR if the page requires no login

To illustrate this:

https://ziach.intensovet.de/reservations/new?test=foo    requires login and does not work (use dummy user "student")

https://ziach.intensovet.de/nn2gs?test=foo    no login and does work

http://localhost:1234/reservations/new?test=foo    works (if you have a SSH tunnel)

where the result should always be like this:

Any idea what this could be?


Dec 6, 2021, 2:46:16 PM12/6/21
to Yesod Web Framework
Got it! My fault, it was just a configuration mistake in the nginx reverse proxy configuration:

It was actually simple to find out: In the Yesod app's log, all query string arguments were missing. So it was obviously a misconfigured reverse proxy.

There was a location block in the nginx config:

        # Match all URLs starting with /
        location / {
          # Here the variable $request_uri must be used, not $uri
          proxy_pass http://localhost:3000$request_uri;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-Proto https;

In nginx, $uri is the normalized URI without query string args. Use $request_uri instead.
Reply all
Reply to author
0 new messages