We have 2 servers involved in evaluating/deploying EmailArchitect server 11.0.

Server 1 (public-facing Windows server 2012 standard, running IIS and company website - Internal machine name=SP04.private.local, publicly accessible as www.public.com).

Server 2 (private Windows server 2019 standard, running EmailArchitect Server - Internal machine name=EA01.private.local, private domain private.local).

Client 1 (android phone, Chrome browser).

Client 2 (RDP session on Windows 2012 standard member of domain private.local, Edge browser).

http://ea01.private.local/emailarchitect  from EA01 desktop, we can login OK, create users, etc.

We added the DNS cname 'EAS' at GoDaddy to point to our public static IP address (EAS.public.com). We then setup a new website on SP04.private.local named EAS.public.com, and added a reverse proxy rule to point incoming traffic with header 'eas.public.com' to EA01.private.local. Initial test resulted in compression needing to be disabled on both SP04 and EA01.

http://EAS.public.com , which DOES eventually send request to EA01, responding with login dialog. However, any attempt to enter email address or password fails, including logging in as 'system'. We get the same results when testing from Client 2.

Are there permissions on EmailArchitect datafiles/folders that need to change (eg, add user IUSR) to make this work?

could you post more detail that how you set the a reverse proxy rule to point?

I believe i'm seeing the same issue.
I'm running version 2023.11.0.3.5 with webmail on IIS, behind nginx. I get the login prompt right away but can't login as user or system. No error or feedback.

video illustrating is linked:
https://www.loom.com/share/ac8ebf485b784452aeda0776d5d8c9e2 

Hi, in 11.3.0.5, the web mail added the Content-Security-Policy header to prevent the XSS attack. From your video, it seems that the script was denied to execute. Please press F12 to open the browser developer tool, click "Console", and then press F5 to refresh current page, and try to re-login, then check the output of the console, it should report some error.

To solve it quickly, please contact our support team by the email address in the following page:

https://www.emailarchitect.net/support.aspx 

Thank you very much.

The major problem is because the following header added to the response:

content-security-policy: default-src https://original_host/emailarchitect/ 'nonce-nonce70522';frame-src 'self'; base-uri 'self'; connect-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src *; style-src 'self' 'unsafe-inline';

It means only the script from https://original_host/emailarchitect/ can be executed.
If you access it from a proxy, the browser requires the script from https://proxy_host/emailarchitect/, then browser will block the script.

There are two solutions:

- Replace default-src https://original_host/emailarchitect/ ' to default-src https://proxy_host/ ' in your proxy, I believe there are some options to replace the response header value in Nginx
- Edit

C:\Program Files (x86)\EmailArchitect\webaccess\common, ajax, m, login\define.asp (4 files) by notepad, you can find the following codes:


change it to:

that means the scripts from https://proxy_host/ is allowed as well. chane proxy_host to your proxy address.