search

Librum-Reader / Librum-Server

The Librum server
https://librumreader.com
GNU Affero General Public License v3.0
293 stars 22 forks source link

Does not expose behind a reverse proxy #22

Closed PovilasID closed 10 months ago

PovilasID commented 10 months ago

Hey,

I failed testing running librum server behind traefik. Traefik is fairly common reverse proxy to expose services. I am getting 404 then I visit exposed 5000 port. I am also getting some warning:

Running in selfhosted mode, skipping AzureKeyVault configuration
warn: Microsoft.EntityFrameworkCore.Model.Validation[10400]
      Sensitive data logging is enabled. Log entries and exception messages may include sensitive application data; this mode should only be enabled during development.
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory '/var/lib/librum-server/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed. For more information go to https://aka.ms/aspnet/dataprotectionwarning
warn: Application.BackgroundServices.DeleteUnconfirmedUsers[0]
      Deleting unconfirmed users
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {549e1cc4-945c-484f-9c7d-fd0855daf354} may be persisted to storage in unencrypted form.
warn: Microsoft.AspNetCore.Server.Kestrel[0]
      Overriding address(es) 'http://*:8080'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
      Failed to determine the https port for redirect.

Not sure if those warnings are relevant.

Here is my traefik config in docker. You do not need to know how traefik works it is just to confirm that I am using right port and that I am exposing it with SSL enabled.

    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.librum.rule=Host(`librum.mydomain.com`)'
      - 'traefik.http.routers.librum.entrypoints=https'
      - 'traefik.http.routers.librum.tls.certresolver=letsencrypt'
      - 'traefik.http.routers.librum.service=librum-service'
      - 'traefik.http.services.librum-service.loadbalancer.server.port=5000'

Traefik does not need you to have SSL or anything... just expose it raw let me handle SSL certs myself.

As an aside: Why is there Azure vault config for your domain in selfhosted config? https://github.com/Librum-Reader/Librum-Server/blob/e7f95caea2fdbf7823babe47355b6f770d24bd3d/appsettings.json#L16

DavidLazarescu commented 10 months ago

This is a rest API, thus a 404 is expected when accessing no specific endpoint. Have you just tried reaching out to the main domain of Librum, or do the individual endpoints lead to 404 errors for you? #23 has added a message to avoid the 404 confusion.