PhuongDM/TTMT.ManageWebGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix remote redirect to using server IP

Browse Source
This commit is contained in:
bachhungcb 2026-04-10 18:52:39 +07:00
parent 9e8e027137
commit 6d3f8d4b4c
2 changed files with 55 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
nginx/nginx.conf
View File

@ -28,8 +28,9 @@ server{
ssl_ciphers HIGH:!aNULL:!MD5;
set $backend_server 172.18.10.8:8080;
# 2-container model: FE nginx proxies to MeshCentral container by Docker service name
set $mesh_server meshcentral:8082;
set $meshserver 172.18.10.8:8082;
# MeshCentral traffic should go through backend proxy controller
# (api/meshcentral/proxy/*) for consistent auth/cookie/header handling.
root /usr/share/nginx/html;
# Default file to serve for directory requests
@ -83,15 +84,44 @@ server{
proxy_read_timeout 1h;
}
location /api/meshcentral/proxy/ {
proxy_pass https://$mesh_server;
# MeshCentral client builds WebSocket URL from current location,
# e.g. wss://comp.soict.io/control.ashx. Route these root endpoints
# to meshserver so browser URL stays on comp.soict.io while upstream
# is forced to 172.18.10.8:8082.
location ~ ^/(control|meshrelay|commander|mesh)\.ashx$ {
proxy_pass https://$meshserver;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_buffering off;
}
location = /api/meshcentral/proxy {
return 301 /api/meshcentral/proxy/;
}
location ^~ /api/meshcentral/proxy/ {
# Forward to backend MeshCentralProxyController (api/meshcentral/proxy/*)
# so backend can handle MeshCentral auth/session consistently.
proxy_pass http://$backend_server;
proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=None";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# Cấu hình WebSocket/SSE cho MeshCentral
proxy_http_version 1.1;
@ -103,16 +133,21 @@ server{
}
# FE production currently builds mesh proxy path as /meshapi/api/meshcentral/proxy/...
location /meshapi/api/meshcentral/proxy/ {
rewrite ^/meshapi/(.*)$ /$1 break;
proxy_pass https://$mesh_server;
proxy_ssl_verify off;
location = /meshapi/api/meshcentral/proxy {
return 301 /meshapi/api/meshcentral/proxy/;
}
location ^~ /meshapi/api/meshcentral/proxy/ {
# Legacy frontend path -> backend MeshCentralProxyController
rewrite ^/meshapi/api/meshcentral/proxy/(.*)$ /$1 break;
proxy_pass http://$backend_server;
proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=None";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;

12
src/config/api.ts
View File

@ -16,10 +16,22 @@ export const buildMeshProxyUrl = (meshPathAndQuery: string) => {
: meshPathAndQuery;
const proxyPath = `/api/meshcentral/proxy/${cleanPath}`;
// If an explicit mesh host is configured, always use it.
// This allows forcing proxy URLs to https://<IP>:<port>/api/meshcentral/proxy/...
if (BASE_MESH_URL && BASE_MESH_URL.startsWith("http")) {
return `${trimTrailingSlash(BASE_MESH_URL)}${proxyPath}`;
}
// In development, BASE_URL is usually absolute (e.g. http://localhost:5218/api).
// Build an absolute proxy URL to backend so iframe requests do not hit Vite dev server.
if (BASE_URL.startsWith("http")) {
const apiBase = trimTrailingSlash(BASE_URL);
const backendOrigin = apiBase.endsWith("/api")
? apiBase.slice(0, -4)
: apiBase;
return `${backendOrigin}${proxyPath}`;
}
return proxyPath;
};