Troubleshooting reverse proxy

Problem 1: ManicTime server is returning wrong URLs

This issue is most often present on a reverse proxy with SSL enabled.

Visit this URL:

https://<server url>/api

Then check if the response contains correct URLs. For example, you can get this result:

{
    "links": [
      {
          "rel": "manictime/token",
          "href": "http://<server url>:8080/api/token"
      }
    ]
}

If you see incorrect protocol (http, not https) or invalid host name in URL, it means either reverse proxy or ManicTime server are not configured correctly.

Problem 1.1 Reverse proxy is not sending Forwarded headers to ManicTime server

Reverse proxy must be configured to forward following headers to ManicTime server:
X-Forwarded-Proto: <protocol> More info

X-Forwarded-Host: <host> More info

Solution: Enable Forwarded header sending on reverse proxy

You can check if ManicTime server is receiving Forwarded headers by enabling request logging. Edit ManicTimeServerSettings.json file and add this:

{
  "Logging": {
    "File": {
      "LogLevel": {
        "Finkit.ManicTime.Server.Logging.RequestLoggingMiddleware": "Debug"
      }
    }
  }
}

Then look at the ManicTime server logs and see if Forwarded headers are present in received HTTP requests. If server is not receiving headers, Forwarded header sending is not properly configured on the reverse proxy. You need to enable Forwarded header sending on reverse proxy.

Remove request logging

After you fix the problem don't forget to remove request logging. Request logging takes a lot of resources so do not forget to remove it.

Problem 1.2 ManicTime server does not trust reverse proxy

If ManicTime server is receiving Forwarded headers, it ignores them if they are not received by a trusted reverse proxy.

Solution: Configure ManicTime server to trust reverse proxy

By default, only loopback addresses are configured as known proxies (127.0.0.1). If reverse proxy has a different IP address, it needs to be configured in ManicTimeServerSettings.json using CIDR notation:

{
    "web": {
        "reverseProxy": {
            "addresses": [
                "<proxy ip address>"  
            ],
            "networks": [
                "<proxy network>"  
            ]
        }
    }
}  

Example 1: trust all proxies on all networks

{
    "web": {
        "reverseProxy": {
            "addresses": [  
                "*"
            ],
            "networks": [  
                "*" 
            ]
        }
    }
}  

Example 2: trust only proxies on a known IP address (IPv4 and IPv6)

{
    "web": {
        "reverseProxy": {
            "addresses": [
                "10.0.0.1",
                "::ffff:10.0.0.1" 
            ]
        }
    }
} 

Example 3: trust only proxies on a known network (IPv4 and IPv6)

{
    "web": {
        "reverseProxy": {
            "networks": [
                "10.244.0.0/16",
                "::ffff:10.244.0.0/16"
            ]
        }
    }
}  

Problem 2: Invalid request error

You get error 'Unknown error: invalid_request' when testing connection.

Solution

If you have configured redirects from http to https, make sure you are using temporary redirects (http status code 307) and not permanent redirects (http status code 301).

Problem 3: Not all HTTP headers are coming through

Sometimes reverse proxies remove certain headers from HTTP requests. Some headers are required by ManicTime server.

Solution: Make sure all headers sent by ManicTime client are received by ManicTime server

On the server and on the client you can enable request logging, then compare the headers which are sent by the server and then received by the client.

Enable request logging on the server

On the server, edit ManicTimeServerSettings.json file and add this:

{
  "Logging": {
    "File": {
      "LogLevel": {
        "Finkit.ManicTime.Server.Logging.RequestLoggingMiddleware": "Debug"
      }
    }
  }
}

Enable request logging on the client

On the client, create ManicTimeTrackerSettings.json file with this content

{
  "Logging": {
    "File": {
      "LogLevel": {
        "ManicTime.Client.ServerCommunication": "Debug"
      }
    }
  }
}

Then open ManicTime, go to Tools, Advanced, Open database folder and copy ManicTimeTrackerSettings.json to that folder.

Investigating logs

Then look at the logs of server and client. Are the same headers which are sent by the server received by the client? If they are not, you can then check reverse proxy to see why they are missing. You can match request headers by this header:

X-Request-ID

This header will have the same value for server and client request.

Remove request logging

After you fix the problem don't forget to remove request logging. Request logging takes a lot of resources so do not forget to remove it.

Still having problems?

Please send us ManicTime server log files:

  • on Linux, in folder where ManicTimeServer executable is, subfolder Data/Logs.
  • on Docker, please send us Docker log files and ManicTime server log files (where Data folder is, subfolder Logs)

Nginx

You can find more information on how to setup reverse proxy with Nginx here.

Could not connect to server. Reload