Strapi is running, API is working and I manage to upload information and pictures to the server, pictures are even displayed on the site. SSL is configured, at least it doesn’t show errors anymore.
I can see the login panel in the admin panel. It even correctly rejects incorrect logins, but I have to enter the correct one and the page starts loading endlessly.
There are no errors in the console
I’ve been experimenting a bit with user permissions, thinking that it’s a matter of permissions, but so far the experiments have only resulted in things not working at all.
also now in the application do not work plugin authorization through discord (although it works when everything is running locally), but I think that it will be configured after getting access to the admin panel.
below I will try to provide all possible information about the current settings at once
node -v v20.17.0
npm -v 10.8.2
strapi 4.25.5 (node v20.17.0)
os Ubuntu 24.04 LTS
/var/www/cyoa-cafe/backend/ecosystem.config.js - Pastebin.com (there’s tons of logs, copies of settings files, etc.)
That’s about it. I can’t think of anything else 
PS I deleted all the pictures on the project(just by clearing the uploads folder), so now it’s completely SFW.
This topic has been created from a Discord post (1276921152069177497) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord
This generally good article to start from
The problem is your reverse proxy
Yes, the problem was with Nginx and middlewares.
For those who happen to google it, here are the working versions of the files. Use as a sample.
/etc/nginx/sites-available/cyoa.cafe
nginx
Copy
server {
listen 80;
server_name cyoa.cafe www.cyoa.cafe;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name cyoa.cafe www.cyoa.cafe;
ssl_certificate /etc/letsencrypt/live/cyoa.cafe/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyoa.cafe/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/cyoa-cafe/frontend/build;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name api.cyoa.cafe;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.cyoa.cafe;
ssl_certificate /etc/letsencrypt/live/cyoa.cafe/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyoa.cafe/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
/var/www/cyoa-cafe/backend/config/middleware.js
javascript
Copy
module.exports = [
‘strapi::errors’,
{
name: ‘strapi::security’,
config: {
contentSecurityPolicy: {
useDefaults: true,
directives: {
‘connect-src’: [“‘self’”, ‘https:’, ‘http:’],
‘img-src’: [“‘self’”, ‘data:’, ‘blob:’, ‘https:’, ‘http:’],
‘media-src’: [“‘self’”, ‘data:’, ‘blob:’, ‘https:’, ‘http:’],
upgradeInsecureRequests: null,
},
},
},
},
‘strapi::cors’,
‘strapi::poweredBy’,
‘strapi::logger’,
‘strapi::query’,
‘strapi::body’,
‘strapi::session’,
‘strapi::favicon’,
‘strapi::public’,
];
/var/www/cyoa-cafe/backend/config/server.js
javascript
Copy
module.exports = ({ env }) => ({
host: env(‘HOST’, ‘0.0.0.0’),
port: env.int(‘PORT’, 1337),
url: ‘https://api.cyoa.cafe’,
app: {
keys: env.array(‘APP_KEYS’),
},
});