TeamPiped / Piped-Docker

MIT License
47 stars 35 forks source link

Problem when running without HTTPS #20

Closed MelomanCool closed 1 year ago

MelomanCool commented 2 years ago

I am trying to set up Piped to run inside of my own intranet/VPN. I want to run it on plain HTTP because the VPN has it's own encryption already and also I don't really want to mess with setting up a custom CA, installing the certs on all of my devices, etc.

I've managed to install Piped following the self-hosting manual for nginx. But it seems that the frontend has a problem connecting to the API:

161403927-45fd4aca-4c02-452c-b711-0acf9cc20e6e-border 161403939-e5d6cd5b-b3ae-408e-8e40-a018bead888b-border

So, the frontend is trying to access the API via HTTPS. This seems to be the main problem.

The API itself seems to work fine via HTTP if I access it manually:

161404102-dbd81f84-922e-4d6a-83c2-28b9d2927447-border

I've tried to change these variables in config/config.properties to use HTTP, without any luck.

PROXY_PART: http://pipedproxy.vpn
API_URL: http://pipedapi.vpn
FRONTEND_URL: http://piped.vpn

Maybe there's something else that I'm missing?

JSDA123 commented 2 years ago

I have the same use-case: a docker instance available only on a private network with a dot private domain, In my case using a nginx-proxy-manager docker container as the upstream reverse proxy.

Firefox console reports the following error: GET https://pipedapi.example.private/trending?region=US net::ERR_CERT_AUTHORITY_INVALID Using HTTP or HTTPS on the reverse proxy makes no difference, nor does changing https to http in config/config.properties

Adding a custom location on the proxy / with proxy_set_header Host $host; as per the instructions seems to make matters worse throwing a 400 error.

Any help or clarification would be appreciated!

MelomanCool commented 1 year ago

I've given it another go and got it working.

Turns out, the problem was that "https" is hardcoded in the source code of the front end. The sed script in the entrypoint of the docker-compose.yml is replacing the hardcoded domain, but leaves "https" as is. Which is fine for a public-facing service, but for http I've changed it from this:

sed -i s/pipedapi.kavin.rocks/pipedapi.vpn/g /usr/share/nginx/html/assets/*

to this (change the domains to your ones):

sed -i "s|https://pipedapi.kavin.rocks|http://pipedapi.vpn|g" /usr/share/nginx/html/assets/* && sed -i "s|https://pipedproxy.kavin.rocks|http://pipedproxy.vpn|g" /usr/share/nginx/html/assets/*

The following is also necessary:

change these variables in config/config.properties

PROXY_PART: http://pipedproxy.vpn
API_URL: http://pipedapi.vpn
FRONTEND_URL: http://piped.vpn

You might also need to clear your browser's cache after making the changes.