[BUG] LibreNMS Web UI: base_url not taken into account

My LibreNMS installation is behind Nginx proxy. Few days ago it stopped working.

It looks that the base_url setting is not longer taken under account.
While accessing the LibreNMS front page, user is redirected to https://server-name/login, instead of $base_url/login. Login page could be accessed if I type in browser correct url ($base_url/login), however credentials are posted to https://server-name/login.

Component | Version
--------- | -------
LibreNMS  | 1.43-93-g53a1730fc
DB Schema | 267
PHP       | 7.1.21
MySQL     | 10.2.17-MariaDB
RRDTool   | 1.7.0
SNMP      | NET-SNMP 5.7.3

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct


Reverse proxy configuration has been verified:

GET / HTTP/1.0
Host: server-name:443
X-Forwarded-For: A.B.C.D
X-Forwarded-Proto: https
Connection: close
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en;q=0.7,en-US;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1

HTTP/1.0 302 Found
Date: Wed, 19 Sep 2018 08:52:21 GMT
Server: Apache/2.4.34 (Fedora)
Cache-Control: private, must-revalidate
Location: https://server-name/login
pragma: no-cache
expires: -1
Set-Cookie: librenms_session=eyJpdiI6Ijk2TFBqaFU2MzdrK2xvZ3JtRDNHOWc9PSIsInZhbHVlIjoiWEppdmZSVjhSRlp1OEJSODI5M25tR25KdGRybVBuY3dOUUhXYktLY25ZNFdvdlwvc0tGRWVwYVhCZU1pY0Q0U2VNb3EwYk5POTVQb1VnODdBSGtFZll3PT0iLCJtYWMiOiIxZjEyMjE2ZmI5OGQ3YzQ1NDY1OWIzN2E5MjMwYzZiNzdiYTk1ZmYxZmVkMjhjMDg0YjFjN2JhYjFmY2NhNmI2In0%3D; expires=Wed, 19-Sep-2018 10:52:21 GMT; Max-Age=7200; path=/; httponly
Content-Length: 340
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<meta charset="UTF-8" />
<meta http-equiv="refresh" content="0;url=hxxps://server-name/login" />
<title>Redirecting to hxxps://server-name/login>
   Redirecting to <a href="hxxps://server-name/login">hxxps://server-name/login</a>.

I changed https:// to hxxps:// as otherwise I was not allowed to post the log.

I noted, that the problem affects only login page. If I access server directly and pass login page everything works as expected (base_url is taken under account).

You are not being specific enough for me to figure out what your problem is.
These things might help: proxy ip, server ip, external url, expected url, actual url, port the internal server is listening on, and other things like that.


I ran git bisect. It looks that the problem was introduced in this commit:

commit 32a7c50189b46058d53b8a1de6c2846a16f5e549
Author: Tony Murray [email protected]
Date: Tue Sep 11 07:51:35 2018 -0500

Use Laravel authentication (#8702)

* Use Laravel for authentication
Support legacy auth methods
Always create DB entry for users (segregate by auth method)

Port api auth to Laravel

restrict poller errors to devices the user has access to

Run checks on every page load.  But set a 5 minute (configurable) timer.
Only run some checks if the user is an admin

Move toastr down a few pixels so it isn't as annoying.

Fix menu not loaded on laravel pages when twofactor is enabled for the system, but disabled for the user.
Add two missing menu entries in the laravel menu

Rewrite 2FA code
Simplify some and verify code before applying

Get http-auth working
Handle legacy $_SESSION differently.  Allows Auth::once(), etc to work.

* Fix tests and mysqli extension check

* remove duplicate Toastr messages

* Fix new items

* Rename 266.sql to 267.sql

Regarding my setup:

  1. Front server (SERVER-NAME):

    server {
     listen          443 ssl;
     server_name     SERVER-NAME;
     root            /usr/share/empty;
     ssl_certificate         /etc/pki/tls/certs/SERVER-NAME.crt;
     ssl_certificate_key     /etc/pki/tls/private/SERVER-NAME.key;
     ssl_ciphers             PROFILE=SYSTEM;
     ssl_session_timeout     15m;
     proxy_bind              $remote_addr            transparent;
     proxy_set_header        Host                    $host:$server_port;
     proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto       $scheme;
     proxy_read_timeout      5m;
     location /librenms/ {
             proxy_pass              http://librenms/;
  2. Backend (libernms):

    <VirtualHost *:80>
     ServerName              librenms
     DocumentRoot            "/opt/librenms/html/"
     AllowEncodedSlashes     NoDecode
     <Directory "/opt/librenms/html/">
             Require         all granted
             AllowOverride   All
  3. LibreNMS Configuration:

    $config['base_url']     = 'hxxps://SERVER-NAME/librenms/';


  1. While hxxps://SERVER-NAME/librenms/ as not logged in user, the LibreNMS redirects to login page hxxps://SERVER-NAME/login instead of hxxps://SERVER-NAME/librenms/login (base_url is not taken under account).

  2. The LibreNMS login page can be accessed using hxxps://SERVER-NAME/librenms/login/, however the login form is posted to hxxps://SERVER-NAME/login (base_url is not taken under account).

  3. If I login on SERVER-NAME and access hxxp://librenms/, I am redirected to hxxp://librenms/login. If I log in, I see dashboard, and all links there are correctly prepended by base_url (hxxps://SERVER-NAME/librenms/).

I hope my description is clear enough. The example HTTP request & reply sniffed between SERVER-NAME and librenms is avaiable in one of my previous posts.

PS: I had to replace http by hxxp and https by hxxps.

Open up app/Http/Controllers/Auth/LoginController.php and add this inside the showLoginForm() function should be line 49:


Paste the full output here.

Here is from my test setup:

array:14 [▼
  "cookie" => array:1 [▶]
  "accept-language" => array:1 [▶]
  "accept-encoding" => array:1 [▶]
  "accept" => array:1 [▶]
  "user-agent" => array:1 [▶]
  "upgrade-insecure-requests" => array:1 [▶]
  "connection" => array:1 [▶]
  "host" => array:1 [▼
    0 => "librenms.local"
  "x-forwarded-host" => array:1 [▼
    0 => "librenmsrp.local"
  "x-forwarded-for" => array:1 [▼
    0 => ""
  "x-forwarded-proto" => array:1 [▼
    0 => "https"
  "content-length" => array:1 [▶]
  "content-type" => array:1 [▶]

You many need to visit https://librenmsrp.local/login directly so you don’t get redirected.



diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 05764e9c2..4efd9f4d7 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -46,6 +46,8 @@ class LoginController extends Controller

     public function showLoginForm()
+        dd(\Request::header());
         if (Config::get('public_status')) {
             $devices = Device::isActive()->get();
             return view('auth.public-status')->with('devices', $devices);

Output when accessing https://SERVER-NAME/librenms/login:

array:11 [▼
  "host" => array:1 [▼
    0 => "SERVER-NAME:443"
      "x-forwarded-for" => array:1 [▼
        0 => "A.B.C.D" /* IP of machine running web browser */
  "x-forwarded-proto" => array:1 [▼
   0 => "https"
  "connection" => array:1 [▼
    0 => "close"
  "user-agent" => array:1 [▼
    0 => "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
  "accept" => array:1 [▼
    0 => "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
  "accept-language" => array:1 [▼
    0 => "pl,en;q=0.5"
  "accept-encoding" => array:1 [▼
    0 => "gzip, deflate, br"
  "cookie" => array:1 [▼
    0 => "language=en; XSRF-TOKEN=eyJpdiI6InlFZDl4VW9WanlsMWJlS3doelRIRWc9PSIsInZhbHVlIjoiMjNRU2ZzRFFLdmVcL3o2ZlBFdHR1YUlRdjBSOG9Bak1YVEsrT0E0dnVYS2ZpUlB0Qk81b1JsUEpCRXhT ▶"
  "dnt" => array:1 [▼
    0 => "1"
  "upgrade-insecure-requests" => array:1 [▼
    0 => "1"

Output when accessing http://librenms/:

array:7 [
  "host" => array:1 [
    0 => "librenms"
  "user-agent" => array:1 [
    0 => "ELinks/0.12pre6 (textmode; Linux; 237x62-2)"
  "referer" => array:1 [
    0 => "http://librenms/"
  "accept" => array:1 [
    0 => "*/*"
  "accept-language" => array:1 [
    0 => "system"
  "connection" => array:1 [
    0 => "Keep-Alive"
  "cookie" => array:1 [

Does this fix your issue?

Make sure APP_URL is set in .env properly. I hope it doesn’t break people with working configs though :confused:


It is almost working. (APP_URL=https://SERVER-NAME/librenms/)

  1. When I access hxxps://SERVER-NAME/librenms/, I get redirection to hxxps://SERVER-NAME/librenms/login [CORRECT].

  2. After login, I am redirected to hxxps://SERVER-NAME/ instead of hxxps:/SERVER-NAME/librenms/ [INCORRECT]

  3. If I try access the hxxps:/SERVER-NAME/librenms/ again, I see dashboard [CORRECT]

BTW: I noted, that icons on the main menu are no longer displayed. I have no idea if this is related to the problem and/or your changes: