Open isuftin opened 6 years ago
An update (still not fixed). This is a boiled down version of the configuration setup:
docker-compose:
---
version: '3.4'
networks:
production_enterprise_overlay:
external: true
configs:
nginx_config:
file: ./nginx.conf
services:
proxy:
image: nginx
ports:
- '80:80'
- '443:443'
- '8009:8009'
command: ['nginx-debug', '-g', 'daemon off;']
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
networks:
production_enterprise_overlay:
aliases:
- nginx
ui:
image: djenriquez/vault-ui:2.4.0-rc3
networks:
production_enterprise_overlay:
aliases:
- vault.ui.container
deploy:
mode: replicated
replicas: 0
placement:
constraints:
- node.role == worker
ports:
- "8000:8000"
environment:
- VAULT_URL_DEFAULT=https://vault.swarm.container:8200/vault
- NODE_TLS_REJECT_UNAUTHORIZED=0
- PORT=8000
nginx.conf:
events {
worker_connections 4096; ## Default: 1024
}
http {
default_type application/octet-stream;
proxy_buffering off;
include mime.types;
resolver 127.0.0.11 valid=5s ipv6=off;
log_format upstreamlog '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time';
server {
listen 80;
rewrite_log on;
access_log /dev/stdout upstreamlog;
error_log /dev/stdout info;
location /vault/ {
set $upstream_endpoint http://vault.ui.container:8000;
rewrite ^/vault/(.*) /$1 break;
proxy_pass $upstream_endpoint$1;
}
location /dist/ {
set $upstream_endpoint http://vault.ui.container:8000/dist/;
rewrite ^/dist/(.*) $1 break;
proxy_pass $upstream_endpoint$1;
}
location /vaultui {
set $upstream_endpoint http://vault.ui.container:8000/vaultui;
proxy_pass $upstream_endpoint;
}
}
}
docker stack deploy -c docker-compose.yml nginx
$ docker service logs -f nginx_proxy
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *1 "^/vault/(.*)" matches "/vault/", client: 10.255.0.3, server: , request: "GET /vault/ HTTP/1.1", host: "192.168.99.100"
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *1 rewritten data: "/", args: "", client: 10.255.0.3, server: , request: "GET /vault/ HTTP/1.1", host: "192.168.99.100"
nginx_proxy.1.culx32qydq95@manager | [27/Feb/2018:14:27:21 +0000] 10.255.0.3 - - - to: 10.0.0.32:8000: GET /vault/ HTTP/1.1 upstream_response_time 0.002 msec 1519741641.080 request_time 0.006
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *1 "^/dist/(.*)" matches "/dist/styles.css", client: 10.255.0.3, server: , request: "GET /dist/styles.css HTTP/1.1", host: "192.168.99.100", referrer: "http://192.168.99.100/vault/"
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *1 rewritten data: "styles.css", args: "", client: 10.255.0.3, server: , request: "GET /dist/styles.css HTTP/1.1", host: "192.168.99.100", referrer: "http://192.168.99.100/vault/"
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *5 "^/dist/(.*)" matches "/dist/web-bundle.js", client: 10.255.0.3, server: , request: "GET /dist/web-bundle.js HTTP/1.1", host: "192.168.99.100", referrer: "http://192.168.99.100/vault/"
nginx_proxy.1.culx32qydq95@manager | 2018/02/27 14:27:21 [notice] 5#5: *5 rewritten data: "web-bundle.js", args: "", client: 10.255.0.3, server: , request: "GET /dist/web-bundle.js HTTP/1.1", host: "192.168.99.100", referrer: "http://192.168.99.100/vault/"
nginx_proxy.1.culx32qydq95@manager | [27/Feb/2018:14:27:21 +0000] 10.255.0.3 - - - to: 10.0.0.32:8000: GET /dist/styles.css HTTP/1.1 upstream_response_time 0.007 msec 1519741641.115 request_time 0.007
nginx_proxy.1.culx32qydq95@manager | [27/Feb/2018:14:27:21 +0000] 10.255.0.3 - - - to: 10.0.0.32:8000: GET /dist/web-bundle.js HTTP/1.1 upstream_response_time 0.223 msec 1519741641.334 request_time 0.223
^ This is what it looks like when not working via nginx
^ This is me hitting the app directly against the Docker Swarm IP:port combo. No problems.
It seems like it never advances beyond grabbing the web bundle js - no errors or anything
FYI this is also the same behavior seen if I put a nonsensical location for the working VaultUI URL:
I've gone so far as to hack in the morgan npm library into VaultUI Docker.
Working (http://192.168.99.100:8000/):
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:38 +0000] "GET / HTTP/1.1" 200 633 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:39 +0000] "GET /dist/styles.css HTTP/1.1" 200 - "http://192.168.99.100:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:39 +0000] "GET /dist/web-bundle.js HTTP/1.1" 200 - "http://192.168.99.100:8000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:39 +0000] "GET /dist/favicon.ico HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:39 +0000] "GET /vaultui HTTP/1.1" 200 183 "http://192.168.99.100:8000/login?returnto=/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.255.0.3 - - [27/Feb/2018:19:34:40 +0000] "GET /dist/7f8b4fb08d1aa6aa4ab6424413e70c42.svg HTTP/1.1" 200 - "http://192.168.99.100:8000/login?returnto=/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
Not working (http://192.168.99.100/vault/):
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.0.0.163 - - [27/Feb/2018:19:34:45 +0000] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.0.0.163 - - [27/Feb/2018:19:34:45 +0000] "GET /dist/styles.css HTTP/1.1" 304 - "http://192.168.99.100/vault/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
vault_ui.1.rodr48tewsmj@worker1 | ::ffff:10.0.0.163 - - [27/Feb/2018:19:34:45 +0000] "GET /dist/web-bundle.js HTTP/1.1" 304 - "http://192.168.99.100/vault/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0"
I've even reconfigured nginx to forget the extra URL mapping and just use /
on port 80 to forward requests to /
on port 8000 (Vault) and that even works fine
So yeah, it's the baseURL that's the issue and it seems there's really no getting around that for the time being.
Not sure where to go with this. I am testing in Chrome, Firefox and Safari. When I load Vault UI, the page is blank. Dev tools console shows nothing and all of the files seem to load as expected.
I have a Docker Swarm running with VaultUI (2.4.0-rc3), Vault and Consul as services and NGINX as a service.
I can point Chrome to http://ip-of-a-worker-node/vault/
All documents seem to load as expected.
The tab has Vault's favico.
What am I missing? I see no errors either in dev tools or in NGINX...
compose.yml:
NGINX.confg