Seatable V5 - Custom apache2 proxy - Permission denied

Admin Talk Installation
1

Your Setup:

  • VM linux debian 12 (VMWare 6.7)
  • SeaTable Edition Enterprise
  • SeaTable Version 5.0.7:

Describe the Problem/Error/Question:

I configure a custom reverse proxy with apache2 container. All work fine.

Error Messages:

I can do nothing on the administrator dashboard. All action i 've got an error message : Permission denied.

Thanks in advance for your help.

2024-07-24_11h21_55
2024-07-24_11h21_552321×407 25.5 KB

2024-07-24_11h15_25
2024-07-24_11h15_251395×613 42.3 KB

root@seatable-v5:/opt/seatable-compose# tail /opt/seatable-server/seatable/logs/dtable_web.log
2024-07-24 11:35:13 [ERROR] seahub.api2.endpoints.admin.sysinfo[124] - ‘NoneType’ object has no attribute ‘get’
2024-07-24 11:35:13 [ERROR] seahub.api2.endpoints.admin.utils[35] - user: 3037060af50d4db59b4106fd878a99e1@auth.local get dtable server info error: [Errno 403] {“error_msg”:“You don’t have permission to access.”}
Traceback (most recent call last):
File “/opt/seatable/seatable-server-latest/dtable-web/seahub/api2/endpoints/admin/utils.py”, line 32, in get_dtable_server_info
sys_info = dtable_server_api.get_sys_info()
File “/opt/seatable/seatable-server-latest/dtable-web/seahub/dtable_apps/dtable_server_api.py”, line 509, in get_sys_info
return parse_response(response)
File “/opt/seatable/seatable-server-latest/dtable-web/seahub/dtable_apps/dtable_server_api.py”, line 86, in parse_response
raise ConnectionError(response.status_code, response.text)
ConnectionError: [Errno 403] {“error_msg”:“You don’t have permission to access.”}

2

And without the custom reverse proxy, everything works normal?
Then please post your Apache configuration here.

3

I can test without the custom configuration, because i’m on a isolated network.

Here is my apache configuration :

------------------------------------------------------- apache2.yml --------------------------------------------------------------------------
services:
apache:
image: httpd:latest
restart: unless-stopped
container_name: apache-proxy
ports:
- 80:80
- 443:443
volumes:
- “/var/run/docker.sock:/var/run/docker.sock”
- “/opt/apache2/conf:/usr/local/apache2/conf”
- “/opt/apache2/conf/extra/httpd-ssl.conf:/usr/local/apache2/conf/extra/httpd-ssl.conf”
- “/opt/apache2/conf/wildcard_symta_fr.key:/usr/local/apache2/conf/private/wildcard_symta_fr.key”
- “/opt/apache2/conf/wildcard_symta_fr.crt:/usr/local/apache2/conf/private/wildcard_symta_fr.crt”
- “/opt/apache2/conf/IntermediateCA:/usr/local/apache2/conf/private/IntermediateCA”

networks:
  - frontend-net
  - default
healthcheck:
  test: ["CMD-SHELL", "curl --fail http://localhost:2019/metrics || exit 1"]
  start_period: 20s
  interval: 20s
  timeout: 5s
  retries: 3

networks:
default:
name: seatable-compose_default
frontend-net:
name: frontend-net

----------------------------------------------------------------------------- end yml----------------------------------------------------------

--------------------------------------------------- httpd-ssl.conf--------------------------------------------------------------------
<VirtualHost *:80>

#Information sur le serveur
ServerAdmin vincent.dousset@symta.fr
ServerName seatablev5.symta.fr
Redirect / https://seatablev5.symta.fr
ServerAdmin vincent.dousset@symta-pieces.fr ServerName seatablev5.symta.fr DocumentRoot /usr/local/apache2 Order Deny,Allow Deny from all Options None AllowOverride None Options Indexes FollowSymLinks AllowOverride All Require all granted 
	SSLEngine on

	

    SSLCertificateFile ./conf/wildcard_symta_fr.crt
    SSLCertificateKeyFile ./conf/private/wildcard_symta_fr.key
    SSLCertificateChainFile ./conf/IntermediateCA.crt

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
			SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
			SSLOptions +StdEnvVars
	</Directory>

	
	BrowserMatch "MSIE [2-6]" \
			nokeepalive ssl-unclean-shutdown \
			downgrade-1.0 force-response-1.0
	# MSIE 7 and newer should be able to use keepalive
	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

#Reverse proxy conf seatable

            SetEnvIf Cookie "(^|;\ *)csrftoken=([^;\ ]+)" csrftoken=$2
            RequestHeader set  X-CSRFToken "%{csrftoken}e"
            ProxyPreserveHost On
            AllowEncodedSlashes On
	ProxyPass / http://172.18.0.3:80/
	ProxyPassReverse / http://172.18.0.3:80/
            ProxyRequests Off
            RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
            RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}





</VirtualHost>

SSLSessionCache “shmcb:logs/ssl_scache(512000)”

-------------------------------------------------------- end httpd-ssl.conf------------------------------------------------------------

4

I am sorry. You are requesting support for a custom setup with an isolated network, custom network settings, custom proxy and custom wildcard certificates.

What I can offer you is that I have a look at your setup within a paid support session. It should not take more than one or two hours for me to get a good understanding of the problem. Please write me at support@seatable.io to clarify the details.

Otherwise I would recommend to book a virtual server, like from hetzner. They cost less then 10 € per month and you can SeaTable within minutes: https://www.youtube.com/watch?v=VJNcZK1BLHY

Best regards
Christoph

5

Hi Christoph,

Thanks a lot,

I send you a e-mail.

Regards

6

I could fix the problem and send you a detailled description. For everybody else:

  • SeaTable returned in the browser console CSRF Failed: CSRF token from the 'X-Csrftoken' HTTP header has incorrect length. This required a fix in the reverse-proxy.
  • After that base access was not possible and returned a “access denied”. It turned out that the private key in dtable_web_settings.py and dtable_server.conf were different.

Now everything works like a charm.

7

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.