Cloudpanel - NGINX - Google Reader API Problem

[andreascschmidt]

Describe the bug

Probably similar to #5856 but with a twist so I don't want to dilute that issue and opened a new.

Due to performance issue I moved from my old Apache vps (hestiaCP) to CloudPanel and webside things are much better.
However, I'm stuck with the NGINX vhost config for freshrss.
The Web works flawless and blazing fast and for the API I see fever good and greader 404.

I looked into https://freshrss.github.io/FreshRSS/en/admins/10_ServerConfig.html#nginx-configuration and my vhosts looks now like this

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name rss.domain.com;
  {{root}}

  {{nginx_access_log}}
  {{nginx_error_log}}

  if ($scheme != "https") {
    rewrite ^ https://$host$uri permanent;
  }

  location ~ /.well-known {
    auth_basic off;
    allow all;
  }

  {{settings}}

  location / {
    {{varnish_proxy_pass}}
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_hide_header X-Varnish;
    proxy_redirect off;
    proxy_max_temp_file_size 0;
    proxy_connect_timeout      720;
    proxy_send_timeout         720;
    proxy_read_timeout         720;
    proxy_buffer_size          128k;
    proxy_buffers              4 256k;
    proxy_busy_buffers_size    256k;
    proxy_temp_file_write_size 256k;
  }

  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
    add_header Access-Control-Allow-Origin "*";
    expires max;
    access_log off;
  }

  if (-f $request_filename) {
    break;
  }
}

server {
  listen 8080;
  listen [::]:8080;
  server_name rss.Domain.com;
  {{root}}

  try_files $uri $uri/ /index.php?$args;
  index index.php index.html;

#  location ~ \.php$ {
  location ~ ^.+?\.php(/.*)?$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files $uri =404;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_param HTTPS "on";
    fastcgi_param SERVER_PORT 443;
    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
    fastcgi_param PHP_VALUE "{{php_settings}}";
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
#    fastcgi_param PATH_INFO $mypath;
    set $path_info $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  if (-f $request_filename) {
    break;
  }
}

Now I'm out of ideas.
Would anyone have an idea how to get the API going, please?

To Reproduce

Nothing helpful here.
Configure domain under cloudpanel / nginx

Expected behavior

No response

FreshRSS version

1.23.1

Environment information

• Database version: mariadb 10.11
• PHP version: 8.3
• Installation type: Cloudpanel, nginx, php files and mariaDB 10.11
  -Web server type: nginx
• Device: Android feedme

Additional context

No response

[andreascschmidt]

add on cause I've forget
using

   location ~ \.php$ {
#  location ~ ^.+?\.php(/.*)?$ {

Results in

[cedmax]

I'm experiencing the same issue on a fresh install, if that helps (nginx and sqlite in my case)

[Alkarex]

Could you try manually with cURL to get a better understanding of the requests?

curl -v 'https://freshrss.example.net/api/greader.php'

curl -v 'https://freshrss.example.net/api/greader.php/accounts/ClientLogin?Email=alice&Passwd=Abcdef123456'

More on https://freshrss.github.io/FreshRSS/en/developers/06_GoogleReader_API.html#google-reader-compatible-api

[Alkarex]

nginx is very error-prone. Try to use exactly the configuration from our documentation:
https://freshrss.github.io/FreshRSS/en/admins/10_ServerConfig.html#nginx-configuration

In particular, I have a suspicion that try_files $uri =404; may lead to trouble

[cedmax]

In my case it doesn't 404: the first leads to a 200, the second does this

< HTTP/2 302
< date: Wed, 15 May 2024 15:35:49 GMT
< content-type: text/html; charset=UTF-8
< location: /i/?rid=6644d65591eec

[Alkarex]

the first leads to a 200

With what response, more precisely?

[cedmax]

obscured IP and domain, and left out some cloudflare headers but other than that

*   Trying *.*.*.*...
* Connected to ****** (*.*.*.*) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=******
*  start date: Apr 24 10:47:52 2024 GMT
*  expire date: Jul 23 10:47:51 2024 GMT
*  subjectAltName: host "******" matched cert's "******"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://******/api/greader.php
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: ******
* [HTTP/2] [1] [:path: /api/greader.php]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET /api/greader.php HTTP/2
> Host: ******
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 200
< date: Wed, 15 May 2024 15:34:57 GMT
< content-type: text/html; charset=UTF-8
< vary: Accept-Encoding
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host ****** left intact

[Alkarex]

@cedmax Your request does not seem to be hitting the rights files. Likely wrong nginx config.

In particular, if you use something similar than the config posted higher up, the try_files $uri $uri/ /index.php?$args; looks also wrong.

Try to put a new file in ./FreshRSS/p/api/hello.php with the following content:

<?php
echo 'Hello World', "\n";

And access to access it via curl:

curl -v 'https://freshrss.example.net/api/hello.php'

[cedmax]

this seems to be working just fine 🫠

< HTTP/2 200
< date: Wed, 15 May 2024 20:17:19 GMT
< content-type: text/html; charset=UTF-8
< vary: Accept-Encoding
< alt-svc: h3=":443"; ma=86400
<
Hello World
* Connection #0 to host ***** left intact

EDIT
And same goes for /api/fever.php

< HTTP/2 200
< date: Wed, 15 May 2024 20:19:41 GMT
< content-type: application/json; charset=UTF-8
< alt-svc: h3=":443"; ma=86400
<
* Connection #0 to host ***** left intact
{"api_version":3,"auth":0}% 

[Alkarex]

Hum, try to uncomment the following two lines:

FreshRSS/p/api/greader.php

Lines 1005 to 1006 in 8e3bfa1

	//Minz_Log::debug('----------------------------------------------------------------', API_LOG);
	//Minz_Log::debug(debugInfo(), API_LOG);

Edit: set 'environment' => 'development', in your ./FreshRSS/data/config.php

try the two curl queries again, and then check your logs in ./FreshRSS/data/users/_/log_api.txt

as well as your Web server logs

[cedmax]

Following your suggestion of the problem being narrowed to the nginx config (which I'm not extremely familiar with), I tried to serve it with apache instead (not sure why I haven't tried before tbh) and it seems to be working just fine with it. I think that's all I need for now, thank you for your support and sorry for the back and forth not being very helpful at times, I really appreciate your help!

[Alkarex]

Great that it works. Apache is a good choice