search

electerious / Ackee

Self-hosted, Node.js based analytics tool for those who care about privacy.
https://ackee.electerious.com
MIT License
4.2k stars 351 forks source link

Request timeout #296

Closed MatthK closed 2 years ago

MatthK commented 2 years ago

Since recently I have this error that I am receiving repeatedly from Ackee. Besides that, my reverse proxy configuration suddenly no longer works, with an 502 error (ERR_HTTP2_PROTOCOL_ERROR) when trying to access the website through the reverse proxy. I can't say for sure, but it might have started at the end of September, with the Let's encrypt root certificate expiring. In the console all I get is: crbug/1173575, non-JS module files deprecated. (anonymous) @ VM81:2758

The error I get when accessing it directly. I can login, but after some time it suddenly throws this errer, and I then have to login again.

Request timeout
Error: Request timeout
    at http://192.168.7.5:32776/index.js:136:149269

PS: What is the way to upgrade it to the latest version? Can I just replace the docker container? Does it require some kind of database upgrade separately?

Nginx reverse proxy config:

server {
    listen 443 ssl http2; # managed by Certbot

    server_name ackee.domain.com;

    location / {
        proxy_pass http://192.168.7.5:32776;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        add_header          Access-Control-Allow-Origin "*" always;
        add_header          Access-Control-Allow-Methods "GET, POST, PATCH, OPTIONS" always;
        add_header          Access-Control-Allow-Headers "Content-Type, Authorization, Time-Zone" always;
        add_header          Access-Control-Allow-Credentials: "true";
        add_header          Strict-Transport-Security "max-age=31536000";
        add_header          X-Frame-Options deny;

        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;

    }

    ssl_certificate /etc/letsencrypt/live/ackee.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ackee.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log /var/log/nginx/ackee.domain.com-access.log;
    error_log /var/log/nginx/ackee.domain.com-error.log;
}
server {
    if ($host = ackee.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name ackee.domain.com;
    return 404; # managed by Certbot

}
electerious commented 2 years ago

PS: What is the way to upgrade it to the latest version? Can I just replace the docker container? Does it require some kind of database upgrade separately?

That's correct. Ackee handles the database update. Here's everything else you need to know: https://github.com/electerious/Ackee/blob/master/docs/Upgrade%20guide.md#upgrading-from-version-2-to-3

Please try to update to the newest version and let's see if the error still occurs.

MatthK commented 2 years ago

I updated the Ackee container to the latest version and I can now access the site again directly via the http://IP-address:Port/

However, when I try to use via the reverse proxy, I still get the ERR_HTTP2_PROTOCOL_ERROR as before. I do have quite a few other sites running on that nginx reverse proxy, and they all do work, so I'm not sure why especially this one doesn't like the http2 protocol.

Despite your suggestion to not use the add_header Access-Control-Allow-Origin "*" always I still stick with this, as I have multiple domains with different tlds, and I'm not sure how I can make the regex fit all these ~*^https://([^/]+\.)*(domainone|domaintwo)\.com$ $http_origin;. Could that have an influence? I tried with entering a single domain, but also then the tracker.js does not load, nor can I access the site via the reverse proxy.

I checked the log files of the reverse proxy, but neither the access.log, nor the error.log show any issue with those requests. It just shows this (from three different browsers):

192.168.7.10 - - [03/Nov/2021:00:06:42 +0800] "GET / HTTP/2.0" 200 372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.30"
192.168.7.10 - - [03/Nov/2021:00:08:01 +0800] "GET / HTTP/2.0" 200 372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36"
192.168.7.10 - - [03/Nov/2021:00:08:01 +0800] "GET / HTTP/2.0" 200 372 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0"

But the access.log also shows a few lines that seem to work.

87.171.xxx.162 - - [03/Nov/2021:00:04:30 +0800] "GET /tracker.js HTTP/2.0" 200 20650 "https://www.domain.info/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0"
8.210.xxx.152 - - [03/Nov/2021:00:05:50 +0800] "GET /tracker.js HTTP/2.0" 200 20650 "https://www.domain.info/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
37.83.xxx.165 - - [03/Nov/2021:00:08:55 +0800] "GET /tracker.js HTTP/2.0" 200 20650 "https://www.domain.info/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"

Is there anything else I can try?

PS: On the link with the upgrade guide, a few links have the /docs/docs/ twice which breaks the links.

electerious commented 2 years ago

I still stick with this, as I have multiple domains with different tlds, and I'm not sure how I can make the regex fit all these ~^https://([^/]+.)(domainone|domaintwo).com$ $http_origin;.

The documentation includes an example to help you with this.

Could that have an influence?

You just need to disable the ignoreOwnVisits option in ackee-tracker. It however shouldn't throw an ERR_HTTP2_PROTOCOL_ERROR even when it's enabled. I'm not sure why this happens. The config looks fine, but I don't think it's caused by Ackee itself.

PS: On the link with the upgrade guide, a few links have the /docs/docs/ twice which breaks the links.

Thanks for letting me know!

MatthK commented 2 years ago

The documentation includes [an example] (https://github.com/electerious/Ackee/blob/master/docs/SSL%20and%20HTTPS.md#recommended-configuration) to help you with this.

Ok, after some trial and error, I believe I managed to set the regex up.

You just need to disable the ignoreOwnVisits option in ackee-tracker. It however shouldn't throw an ERR_HTTP2_PROTOCOL_ERROR even when it's enabled. I'm not sure why this happens. The config looks fine, but I don't think it's caused by Ackee itself.

So I guess, no need to do that, since the CORS is now set correctly? But I'm still at a lack of how to get it to work again.

electerious commented 2 years ago

So I guess, no need to do that, since the CORS is now set correctly?

That's correct!

But I'm still at a lack of how to get it to work again

Sorry I couldn't help. I'm closing this issue as I don't think it's directly related to Ackee and is more of a server configuration issue. Maybe someone on StackOverflow can help.

Anyway, let me know if you find a solution!