Since the recent auth change I’ve been unable to log in to our LibreNMS installation. My issue is very similar to this one in that I’m using a https://… base_url, but with one key difference; I am not using a reverse proxy. I am running apache with SSL configured, and everything was working prior to the recent auth update.
I can access the login page, but with a “mixed content” warning. Additionally, when entering the username/password Firefox warns that the forms are not being submitted over a secure channel, and even if I ignore this it does not log me in, it just kicks me back to the login screen. The logs show nothing (beyond the normal polling).
Running daily.sh manually shows everything is nominal:
Updating to latest codebase OK
Updating Composer packages OK
Updating SQL-Schema OK
Updating submodules OK
Cleaning up DB OK
Fetching notifications OK
Caching PeeringDB data OK
No, I am not. However, even if I were, the resolution for the other guy with a similar issue (which was to set up a cert on his web server) is already in place, so it’s definitely something else causing the problem.
Got the same problem after upgrading to gdf90881 from a month or so old version. I am NOT using a reverse proxy - just a regular Nginx web server with SSL, serving PHP content directly.
The login screen is broken, as the site tries to load objects via HTTP, not HTTPS.
I am using https URL in APP_URL in .env as well as in config[‘base_url’], even tried adding X-Forwarded-Proto “https” header via Nginx - no luck.
The only ‘fix’ I found is to modify app/Providers/AppServiceProvider.php and add:
I also had to add the line, which I believe should be added to the public function boot() { … }.
The ultimate “fix” will have to come from the developers patching LibreNMS to add this line when your base_url begins with https. Until then, I’ve disabled daily updates within the config.