Wirecloud / docker-wirecloud

🐳 Docker Official Image packaging for WireCloud https://conwet.fi.upm.es/wirecloud
Other
8 stars 14 forks source link

Wirecloud 1.3 simple returns 403 on all WireCloud's proxy requests #53

Closed jenisov closed 4 years ago

jenisov commented 4 years ago

After logging in with superuser and adding NGSI browser widget it shows message:

ConnectionError: You aren't allowed to use the WireCloud's proxy. Have you signed off from WireCloud?

Chrome debug console says:

GET http://iotcloud:1080/cdp/http/iotcloud/orion/v2/entities?limit=20&offset=0&options=count%2CkeyValues&idPattern=.* 403 (Forbidden)

The only change in setup is listen nginx on port 1080 and settings.py was mounted with FORCE_DOMAIN and FORCE_PORT set to proper values.

aarranz commented 4 years ago

do you have the files to reproduce this? it should not be necessary to use FORCE_DOMAIN and FORCE_PORT if you are using nginx as proxy, but that depends on how you deployed WireCloud.

jenisov commented 4 years ago

Apparently FORCE_PORT is necessary because all widgets' iframes were not accessible because Wirecloud used default (80) port for all of them.

I based on docker-compose-simple.yml with some modifications (attaching) wirecloud.zip

aarranz commented 4 years ago

Ok, I've found the problem.

FORCE_DOMAIN and FORCE_PORT is not required because we are using FORWARDED_ALLOW_IPS=* so nginx should provide those details to WireCloud and them should be accepted.

On the other hand, nginx is not correctly configured so port is not transmitted. Please, change the following line in the nginx.conf file:

            proxy_set_header Host $host;

to

            proxy_set_header Host $host:$server_port;

I will change the example nginx.conf files if you confirm this fix the problem.

jenisov commented 4 years ago

I can confirm this nginx.conf solves 403 error.

But now WireCloud proxy returns 502 (Bad Gateway):

9cfed7959b48.js:154 GET http://iotcloud:1080/cdp/http/cloud.server.com/orion/v2/entities?limit=20&offset=0&options=count%2CkeyValues&idPattern=.* 502 (Bad Gateway)

And NGSI browser displays:

ConnectionError: Connection Error

non-proxy URL works well though:

http://cloud.server.com/orion/v2/entities?limit=20&offset=0&options=count%2CkeyValues&idPattern=.*
[{"id":"mbitX","type":"MicroBit","acceleration":[0,0,0.5],"dateModified":"2020-02-25T17:34:46.912Z","description":"MicroBit Shadow","name":"MicroBit"}]
jenisov commented 4 years ago

Found the problem: 502 it is my server DNS issue.