Razva
September 4, 2021, 3:39pm
#1
Hello,
I would like to install Corteza by using an external NGINX proxy. The host is using Debian 11, Docker 20.10.8 and doesn’t has anything else except Docker.
Here’s docker-compose.yml
:
version: '3.5'
services:
server:
image: cortezaproject/corteza-server
networks: [ external, corteza ]
restart: on-failure
env_file: [ .env ]
depends_on: [ db ]
volumes: [ "./data/server:/data" ]
db:
image: postgres:13
networks: [ corteza ]
restart: on-failure
healthcheck: { test: ["CMD-SHELL", "pg_isready -U corteza"], interval: 10s, timeout: 5s, retries: 5 }
environment:
POSTGRES_USER: corteza
POSTGRES_PASSWORD: corteza
networks:
external: { external: true }
corteza: {}
Here’s .env
:
DOMAIN=your-demo.example.tld
VERSION=2021.3
DB_DSN=postgres://corteza:corteza@db:5432/corteza?sslmode=disable
HTTP_WEBAPP_ENABLED=true
ACTIONLOG_DEBUG=true
LOG_LEVEL=debug
LOG_DEBUG=true
Here’s NGINX config:
server {
listen 80;
server_name crm.avocat-ludusan.ro;
location / {
proxy_pass http://192.168.1.202;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
proxy_read_timeout 360;
proxy_connect_timeout 360;
proxy_send_timeout 360;
client_max_body_size 0;
}
Here are the problems:
when connecting directly to http://192.168.1.202
I’m being redirected to https://192.168.1.202
. Again, note that there’s nothing else on the host, no NGINX on the host etc. Basically I’m connecting directly to the Corteza container.
When connecting to https://crm.domain.tld I’m getting 502 Bad Gateway
.
My only logical deduction is that Corteza is not starting, hence nothing is being posted.
Any hints? Thank you!
darh
September 5, 2021, 11:50am
#2
I’v tried accessing the .ro domain from your nginx config and from the looks of it, Nginx is redirecting you from the HTTP to HTTPS. Request does not even get to Corteza in the 1st request.
When accessing .ro via https, I’m not sure what part of the nginx config is handling the SSL requests. You’re listening only on port 80 there.
Corteza does not (should not) do any kind of http=>https redirections.
Another thing I’m having trouble to understand here is…
You are using 192.168.1.202. This is the IP of the host machine (the one that runs the Nginx and Corteza Docker containers), right? And you are proxying (according to the Nginx config) to the same IP 192.168.1.202 to the port 80 again – so back to itself (to nginx).
This might be the source of your issues.
Publish ports on the server container (internal 80 to something like 8080) and proxy to port 8080 then.
May not be the setup you would want to have at the end but it should help you to move forward.
Hope this helps.
Razva
September 7, 2021, 3:38pm
#3
Hey,
When accessing .ro via https, I’m not sure what part of the nginx config is handling the SSL requests. You’re listening only on port 80 there.
I’ve disable HTTPS entirely, so NGINX is doing only HTTP redirect (see the conf above).
This is the IP of the host machine (the one that runs the Nginx and Corteza Docker containers), right?
202
is the Docker machine. It does not have any ports redirected to itself, nor anything running on it except Docker + Corteza.
And you are proxying (according to the Nginx config) to the same IP 192.168.1.202 to the port 80 again – so back to itself (to nginx).
No. Ports 80 and 443 are directed to .203
(NGINX). The NGINX config I’ve pasted is from 203
. I’m just doing a basic proxy from 203
to 202
.
Publish ports on the server container (internal 80 to something like 8080) and proxy to port 8080 then.
Is there any way to set Corteza’s ports? Because it would be great for debugging.
Also please note that the “local install” works fine, so this issue is only for the “production install”.
Razva
September 7, 2021, 3:49pm
#4
Here’s the full map, in order for you to have a better understanding.
Proxy IP
root@proxy:~# ip addr
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a2:53:31:61:96:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.203/24 brd 192.168.1.255 scope global eth0
NGINX, hosted on Proxy:
root@proxy:~# cat /etc/nginx/conf.d/crm.conf
server {
listen 80;
server_name crm.avocat-ludusan.ro;
location / {
proxy_pass http://192.168.1.202;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
proxy_read_timeout 360;
proxy_connect_timeout 360;
proxy_send_timeout 360;
client_max_body_size 0;
}
Docker IP
root@docker:~# ip addr
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether ea:5b:b7:c4:f7:d2 brd ff:ff:ff:ff:ff:ff
altname enp0s18
altname ens18
inet 192.168.1.202/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
Docker Corteza docker-compose.yml
root@docker:~# cat /docker/corteza/docker-compose.yml
version: '3.5'
services:
server:
image: cortezaproject/corteza-server
restart: on-failure
env_file: [ .env ]
depends_on: [ db ]
volumes: [ "./data/server:/data" ]
db:
image: postgres:13
restart: on-failure
healthcheck: { test: ["CMD-SHELL", "pg_isready -U corteza"], interval: 10s, timeout: 5s, retries: 5 }
environment:
POSTGRES_USER: corteza
POSTGRES_PASSWORD: corteza
Docker Corteza .env
root@docker:~# cat /docker/corteza/.env
DOMAIN=crm.avocat-ludusan.ro
VERSION=2021.3
DB_DSN=postgres://corteza:corteza@db:5432/corteza?sslmode=disable
HTTP_WEBAPP_ENABLED=true
ACTIONLOG_DEBUG=true
LOG_LEVEL=debug
LOG_DEBUG=true
#SMTP_HOST=smtp-server.example.tld:587
#SMTP_USER=postmaster@smtp-server.example.tld
#SMTP_PASS=this-is-your-smtp-password
#SMTP_FROM='"Demo" <info@your-demo.example.tld>'
So basically:
Port 80
points to IP .203
(proxy)
IP .203
(proxy) redirects http://crm.avocat-ludusan.ro
to http://192.168.1.202
(docker)
Corteza Docker is not running inside a private network, in order to be sure that it’s fully exposed
Razva
September 7, 2021, 5:41pm
#5
Solved. None of us noticed that, in the docker-compose.yml
file, there was no exposed port.
The fix was simple, in the “server” compose section:
ports:
- "80:80"