A thousand thanks for your commitment. I know how frustrating it can be, even as a developer, not to be able to recreate something.
We don’t have a proxy in between. We use a VPN but its IP ip is shared in NGINX.
upstream zammad-railsserver {
server 127.0.0.1:3000;
}
upstream zammad-websocket {
server 127.0.0.1:6042;
}
server {
listen 80;
listen [::]:80;
server_name zammad.XXX.net;
# security - prevent information disclosure about server version
server_tokens off;
access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log;
location /.well-known/ {
root /var/www/html;
}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name zammad.XXX.net;
# security - prevent information disclosure about server version
server_tokens off;
ssl_certificate /etc/letsencrypt/live/zammad.XXX.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zammad.XXX.net/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/zammad.XXX.net/fullchain.pem;
resolver 8.8.8.8 8.8.4.4;
add_header Strict-Transport-Security "max-age=31536000" always;
location = /robots.txt {
access_log off; log_not_found off;
}
location = /favicon.ico {
access_log off; log_not_found off;
}
root /opt/zammad/public;
access_log /var/log/nginx/zammad.access.log;
error_log /var/log/nginx/zammad.error.log;
client_max_body_size 50M;
location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png) {
expires max;
}
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_pass http://zammad-websocket;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# change this line in an SSO setup
proxy_set_header X-Forwarded-User "";
proxy_read_timeout 180;
proxy_pass http://zammad-railsserver;
# allow Office-IP
allow XXX.XXX.XXX.XXX;
# allow VPN-IP
allow XXX.XXX.XXX.XXX;
# drop rest of the world
deny all;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}
location ^~ /.well-known/acme-challenge/ {
alias /var/www/acme-challenge/;
}
}
We also do not use the name “type” in any macro. Would have been too nice for ne quick solution :D.
Following the log excerpt from production.log.
I, [2021-10-13T20:25:12.706053 #12488-50281180] INFO -- : Started POST "/api/v1/tags/add" for XXX.XXX.XXX.XXX at 2021-10-13 20:25:12 +0200
I, [2021-10-13T20:25:12.710788 #12488-51013960] INFO -- : Started STANDARD "/api/v1/tickets/977938" for XXX.XXX.XXX.XXX at 2021-10-13 20:25:12 +0200
I, [2021-10-13T20:25:12.717999 #12488-50281180] INFO -- : Processing by TagsController#add as JSON
I, [2021-10-13T20:25:12.718065 #12488-50281180] INFO -- : Parameters: {"object"=>"Ticket", "o_id"=>977938, "item"=>"Spam"}
F, [2021-10-13T20:25:12.723138 #12488-51013960] FATAL -- :
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] ActionController::UnknownHttpMethod (STANDARD, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH):
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185]
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/http/request.rb:433:in `check_method'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/http/request.rb:145:in `request_method'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/request.rb:187:in `head?'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/journey/router.rb:113:in `find_routes'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/journey/router.rb:32:in `serve'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/routing/route_set.rb:834:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:420:in `call_app!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth-saml (1.10.3) lib/omniauth/strategies/saml.rb:86:in `other_phase'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:190:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:192:in `call!'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/strategy.rb:169:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] omniauth (1.9.1) lib/omniauth/builder.rb:45:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/tempfile_reaper.rb:15:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/etag.rb:27:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/conditional_get.rb:40:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/head.rb:12:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/http/content_security_policy.rb:18:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/session/abstract/id.rb:266:in `context'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/session/abstract/id.rb:260:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/cookies.rb:654:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] activesupport (6.0.4.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/rack/logger.rb:37:in `call_app'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/rack/logger.rb:26:in `block in call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] activesupport (6.0.4.1) lib/active_support/tagged_logging.rb:80:in `block in tagged'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] activesupport (6.0.4.1) lib/active_support/tagged_logging.rb:28:in `tagged'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] activesupport (6.0.4.1) lib/active_support/tagged_logging.rb:80:in `tagged'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/rack/logger.rb:26:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/method_override.rb:24:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/runtime.rb:22:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] activesupport (6.0.4.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/static.rb:126:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] rack (2.2.3) lib/rack/sendfile.rb:110:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] actionpack (6.0.4.1) lib/action_dispatch/middleware/host_authorization.rb:76:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/engine.rb:527:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/railtie.rb:190:in `public_send'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] railties (6.0.4.1) lib/rails/railtie.rb:190:in `method_missing'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] puma (4.3.8) lib/puma/configuration.rb:228:in `call'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] puma (4.3.8) lib/puma/server.rb:718:in `handle_request'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] puma (4.3.8) lib/puma/server.rb:472:in `process_client'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] puma (4.3.8) lib/puma/server.rb:328:in `block in run'
[bc5e8b6e-73c1-4fe1-abb6-d27ee1243185] puma (4.3.8) lib/puma/thread_pool.rb:134:in `block in spawn_thread'
W, [2021-10-13T20:25:12.759369 #12488-50281180] WARN -- : Scoped order is ignored, it's forced to be batch order.
I, [2021-10-13T20:25:12.773645 #12488-50281180] INFO -- : Completed 201 Created in 55ms (Views: 0.2ms | ActiveRecord: 14.9ms | Allocations: 19860)