Only first Prompt in Workflow gets Displayed

nabl · January 25, 2022, 6:52pm

Hi There.

Ive just Updated to 21.9 latest version from 21.3 and my Workflow prompts are only displayed on refresh.
When i have a Button trigger f.e. the first notification or choice is displayed directly, but after i klick ok in the choice, or close the notification, the second one is only displayed after i hit refresh.

Am i missing something here or is this behavior intendet?

i made a Example workflow with 2 non blocking notifications:

when i trigger the workflow in the editor, i have to hit refresh on another window to see the first notification, after close i have to refresh again to see the second.
Browser is Chrome.

I hope you can help me, since it is breaking my intendet workflow pretty much

tjerman · January 26, 2022, 8:53am

This bit uses websockets so they should be shown without the need to refresh/pool.

An issue we are aware of is that if you have opened multiple tabs with your Compose webapp, the prompt may be shown in any of those tabs, so it could appear that it didn’t come through at all.

Does the flow work as intended if you only have a single Compose tab opened?
We do not yet know what exactly we’ll do here so I can’t give you a timeline for a fix as of now.

\cc @darh @mia.arh

nabl · January 26, 2022, 12:02pm

Thank you tjerman for your fast reply.

I have only one tab open and i have to hit refresh to see the next notification.

i just saw in web debugger that the continues running websocket calls just stop after i get the first prompt, after that no websocket call is fired anymore:

I have corteza running behind a nginx reverse proxy and now tried to open a specific websocket redir for this endpoint. sadly it didnt helped here, my nginx config:

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name xxx;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
  ssl_prefer_server_ciphers off;

  location /api/websocket/ {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 7d;
    proxy_send_timeout 7d;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://127.0.0.1:8081/api/websocket/;
   }
  location / {
    proxy_pass http://127.0.0.1:8081/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 200M;
  }
    ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem; # managed by Certbot
}

tjerman · January 26, 2022, 12:39pm

Do you see any docker-compose errors for Corteza containers?

@darh could you please take over for any network and Nginx related stuff?

darh · January 26, 2022, 2:56pm

@nabl Did you try the setup without that location block for websockets?

nabl · January 26, 2022, 3:56pm

Hi darh

yes this was my initial setup which worked without any problems in version 21.3.
Websocket block was only a try to fix it.

I also tried to access container directly (without nginx) with ssh portforewarding and host entry on my maschine to point domain name to localhost. I was able to get to login screen, but it was always trying to redirect me to https, i also got an error after manually changing protocol in adress bar to http after login. so i was not able to test without nginx.

here i have the debug log when i tried the workflow:

###################################
##### initial Workflow trigger
###################################
15:27:38.552    DEBUG   actionlog       send_missing_request executed   {"timestamp": "15:27:38.552", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000089", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "automation:workflow", "action": "execute", "severity": 6, "error": "", "description": "send_missing_request executed", "policy-match": true, "meta": {"trigger.ID":"268156187143307266","trigger.eventType":"onManual","trigger.resourceType":"compose:record","trigger.stepID":"15","workflow.ID":"268156187076198402","workflow.handle":"send_missing_request"}}
15:27:38.581    DEBUG   workflow.session        session updated {"sessionID": ***, "status": "prompted"}
###################################
##### Got first Prompt and klicked for next message
###################################
15:27:44.515    DEBUG   workflow.session        session updated {"sessionID": ***, "status": "prompted"}
###################################
##### saw no prompt so i refreshed page
###################################
15:27:47.277    INFO    workflow.session        workflow session garbage collector stats        {"total": 1, "pending": 1, "pending1m": 0, "pending1h": 0, "pending1d": 0}
15:27:51.526    DEBUG   actionlog       looked-up for a ***   {"timestamp": "15:27:51.526", "requestOrigin": "auth", "requestID": "", "actorIPAddr": "", "actorID": ***, "resource": "system:user", "action": "lookup", "severity": 6, "error": "", "description": "looked-up for a ***", "policy-match": true, "meta": {"user.ID":"***","user.email":"***","user.handle":"***","user.name":"*** ***"}}
2022/01/26 15:27:51 http: superfluous response.WriteHeader call from github.com/cortezaproject/corteza-server/pkg/errors.serveHTTP (http.go:55)
15:27:51.702    DEBUG   actionlog       searched for namespaces {"timestamp": "15:27:51.702", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000104", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:namespace", "action": "search", "severity": 6, "error": "", "description": "searched for namespaces", "policy-match": true, "meta": {"filter.sort":""}}
15:27:51.750    DEBUG   actionlog       searched for charts     {"timestamp": "15:27:51.750", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000107", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:chart", "action": "search", "severity": 6, "error": "", "description": "searched for charts", "policy-match": true, "meta": {"filter.namespaceID":"***","filter.sort":"name","namespace.ID":"***","namespace.name":"***","namespace.slug":"***"}}
15:27:51.764    DEBUG   actionlog       searched for modules    {"timestamp": "15:27:51.764", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000109", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:module", "action": "search", "severity": 6, "error": "", "description": "searched for modules", "policy-match": true, "meta": {"filter.namespaceID":"***","filter.sort":"name","namespace.ID":"***","namespace.name":"***","namespace.slug":"***"}}
15:27:51.775    DEBUG   actionlog       searched for pages      {"timestamp": "15:27:51.775", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000108", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:page", "action": "search", "severity": 6, "error": "", "description": "searched for pages", "policy-match": true, "meta": {"filter.namespaceID":"***","filter.root":false,"filter.sort":"weight","namespace.ID":"***","namespace.name":"***","namespace.slug":"***"}}
15:27:51.947    DEBUG   actionlog       looked-up for a ***        {"timestamp": "15:27:51.947", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000110", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:module", "action": "lookup", "severity": 6, "error": "", "description": "looked-up for a ***", "policy-match": true, "meta": {"module.ID":"***","module.handle":"***","module.name":"***","module.namespaceID":"***","namespace.ID":"***","namespace.name":"***","namespace.slug":"***"}}
15:27:51.966    DEBUG   actionlog       looked-up for a ***      {"timestamp": "15:27:51.966", "requestOrigin": "api/rest", "requestID": "d0644bad167f/qHT3zzpv6I-000110", "actorIPAddr": "*.*.*.*", "actorID": ***, "resource": "compose:record", "action": "lookup", "severity": 6, "error": "", "description": "looked-up for a ***", "policy-match": true, "meta": {"module.ID":"***","module.handle":"***","module.name":"***","module.namespaceID":"***","namespace.ID":"***","namespace.name":"***","namespace.slug":"***","record.ID":"***","record.moduleID":"***","record.namespaceID":"***","record.ownedBy":"***"}}
##############################
#### Saw second Prompt
##############################
15:27:54.118    DEBUG   workflow.session        session updated {"sessionID": ***, "status": "completed"}

darh · January 26, 2022, 4:11pm

So… Corteza does not do any SSL termination and leaves that to you (so, nginx in your case).

It wants, however, to know how you will access it – via HTTPS or HTTP.
Mostly because there are certain limitations on how cookie headers are send.

If websocket connections are dropping it would be good to know the reason.
Try to explore a bit from the client (inspecting the network in the browser) and from the server (and I see you already have full-debug-mode/logging enabled)…

Hope this helps.

nabl · January 26, 2022, 4:17pm

Debug Mode is on and on client side the recurring websocket calls just stop after i get the first prompt displayed (referenz: pic in 3rd post ).

Id like to access corteza without nginx. Can you give me a hint how i can tell corteza that i will access it via http? i already tried setting DOMAIN in .env file to:
DOMAIN=http://my.domain-name.com

and restarted docker containers but i had still the same redir problem to https

nabl · January 30, 2022, 4:21pm

Figgured it out.

It seems that websocket upgrade directive is now needed (maybe because next.js v12? https://github.com/vercel/next.js/issues/30491)
Nginx doc for websockets: WebSocket proxying

My error in old nginx config was that i had a trailing “/” in location block so instead of:
/api/websocket/
it should have been:
/api/websocket

my current nginx config looks the following, mybe its a help for someone:

upstream front {
    server localhost:8081;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen 80;
    server_name domain.name;
    return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name domain.name;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
  ssl_prefer_server_ciphers off;

  location / {
    proxy_pass http://front;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 200M;
  }

  location /api/websocket {
      proxy_pass http://front;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;
      proxy_read_timeout 7d;
   }

    ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem; # managed by Certbot

}