search

erseco / alpine-moodle

Moodle docker image based on Alpine Linux
https://hub.docker.com/r/erseco/alpine-moodle
MIT License
44 stars 34 forks source link

Help with Nginx Proxy Manager setup #51

Closed ilanzel closed 1 year ago

ilanzel commented 1 year ago

Hi As per your advice, I am trying to set Nginx Proxy Manager as a reverse proxy for your container. I have set up the ports in the docker-compose.yml file to 8080:8080 and 8443:8443 and directed the npm to port 8443, and the SSLPROXY env value to true. However, I keep getting "Bad Gateway" screens when pointing to my URL. Any advice?

erseco commented 1 year ago

Hi @ilanzel ,

Thanks for reaching out. It sounds like there might be some misconfiguration causing the "Bad Gateway" issue.

To better assist you, could you please share your docker-compose.yml (make sure to redact any sensitive information)? This will help in identifying if there's any error in the way the services are set up.

Additionally, it might be useful to check the logs of both the Nginx Proxy Manager and the target container to see if they provide more insights into the problem.

Looking forward to helping you resolve this.

Best!

ilanzel commented 1 year ago

Hi @erseco

Thanks for your prompt reply. The docker-compose.yml for nginx proxy manager is:

version: '3.8' services: app: image: 'jc21/nginx-proxy-manager:latest' restart: unless-stopped ports:

The NPM error log file shows these massages:

2023/10/19 06:23:20 [error] 660#660: *2855 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 136.23.20.9, server: pharmacy.example.uk, request: "GET / HTTP/2.0", upstream: "https://pharmacy.example.uk", referrer: " http://pharmacy.example.uk:81/"

2023/10/19 06:24:15 [error] 660#660 672#672: *2842 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 136.23.20.9, server: pharmacy.example.uk, request: "GET /favicon.ico HTTP/2.0", upstream: "https://198.163.175.226:7443/favicon.ico", host: "pharmacy.example.uk", referrer: https://pharmacy.example.uk:81/ https://pharmacy.med-manage.uk:81/

2023/10/19 06:40:15 [error] 685#685: *2935 upstream prematurely closed connection while reading response header from upstream, client: 136.23.20.9, server: pharmacy.example.uk, request: "GET /favicon.ico HTTP/2.0", upstream: "https://192.168.0.1:7443/favicon.ico", host: " pharmacy.example.uk", referrer: https://pharmacy.example.uk/ https://pharmacy.med-manage.uk/

And the docker-compose.yml for alpine-moodle is:

version: '3' services: postgres: image: postgres:alpine restart: unless-stopped environment:

The alpine moodle container seens to work fine. The log file for alpine-moodle is:

Starting startup scripts in /docker-entrypoint-init.d ... Running: /docker-entrypoint-init.d/01-uname.sh Linux 920e3b46f434 5.15.0-25-generic #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 x86_64 Linux Running: /docker-entrypoint-init.d/02-configure-moodle.sh Waiting for database to be ready...

Great, postgres is ready! PHP Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0 Upgrading moodle... PHP Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0 == Maintenance mode (https://pharmacy.examplee.uk) == Your site is currently in CLI maintenance mode, no web access is allowed. PHP Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0 No upgrade needed for the installed version 4.2.2+ (Build: 20230929) (2023042402.12). Thanks for coming anyway!

PHP Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0 == Maintenance mode (https://pharmacy.examplee.uk) == Maintenance mode has been disabled and the site is running normally again Finished startup scripts in /docker-entrypoint-init.d Starting runit... Started runsvdir, PID is 17 wait for processes to start.... /usr/sbin/crond 4.5 dillon's cron daemon, started with loglevel notice [19-Oct-2023 07:52:26] NOTICE: fpm is running, pid 23 [19-Oct-2023 07:52:26] NOTICE: ready to handle connections run: cron: (pid 24) 5s run: nginx: (pid 22) 5s run: php: (pid 23) 5s

Your help is very appreciated. Thanks!

This message is intended for the use of the person(s) to whom it may be addressed. It may contain information that is privileged, confidential, or otherwise protected from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution, copying, or use of this information is prohibited. If you have received this message in error, please permanently delete it and immediately notify the sender. Thank you.

On Wed, Oct 18, 2023 at 5:17 PM Ernesto Serrano @.***> wrote:

Hi @ilanzel https://github.com/ilanzel ,

Thanks for reaching out. It sounds like there might be some misconfiguration causing the "Bad Gateway" issue.

To better assist you, could you please share your docker-compose.yml (make sure to redact any sensitive information)? This will help in identifying if there's any error in the way the services are set up.

Additionally, it might be useful to check the logs of both the Nginx Proxy Manager and the target container to see if they provide more insights into the problem.

Looking forward to helping you resolve this.

Best!

— Reply to this email directly, view it on GitHub https://github.com/erseco/alpine-moodle/issues/51#issuecomment-1768564058, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASC5QW2APGTCAICTOQCJKS3X77QJHAVCNFSM6AAAAAA6FCMXDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONRYGU3DIMBVHA . You are receiving this because you were mentioned.Message ID: @.***>

erseco commented 1 year ago

Hello @ilanzel ,

Based on the information provided and the issues you're facing:

  1. Nginx Proxy Manager (NPM) Configuration:

    • Ensure that the NPM is forwarding to the 8080 port of the moodle nginx server. When you set up your proxy host in NPM, the forwarding URL should be something like http://<moodle_container_name_or_ip>:8080. Stop exposing 7443 on the alpine-moodle container, is not needed

  2. Alpine Moodle Configuration:

  3. Moodle Configuration Update:

    • You might need to update your config.php for Moodle to recognize that it's being accessed through a reverse proxy. Add the following line to your config.php:

      $CFG->reverseproxy = true;

This configuration tells Moodle to trust the headers provided by the reverse proxy (NPM in this case) and not to second-guess the base URL or client IP address.

After making these adjustments, restart the containers and try accessing your Moodle instance through the NPM.

If these solutions address the issues you're encountering, please tell me to update the alpine-moodle container to support the reverse proxy configuration flag natively. This would help streamline the setup process for users in similar situations.

Please let me know if this resolves your problem!

erseco commented 1 year ago

related with #54

ilanzel commented 1 year ago

Hello @erseco Your advice was very helpful. It works after changing the ENV variable SSLPROXY=false, and modifying the NPM protocol to HTTP instead of HTTPS. No need for modification of config.php. Thanks for that! However, it seems that the cron job is not working properly, this is the relevant log:

PHP Warning: Failed to set memory limit to 0 bytes (Current memory usage is 2097152 bytes) in Unknown on line 0 /usr/sbin/crond 4.5 dillon's cron daemon, started with loglevel notice run: cron: (pid 26) 5s exit status 1 from user nobody /usr/bin/php81 /var/www/html/admin/cli/cron.php > /dev/null

Any thoughts? Thanks again and best regards

erseco commented 1 year ago

Hello @ilanzel,

I'm glad to hear that the advice helped in resolving your initial concerns. Regarding the new issue with the cron job, it appears there is a problem with setting the memory limit. The latest 4.3.0 release has addressed such issues, so updating to this version might solve the problem.

Additionally, there have been updates on the beta/master tag that might interest you. Now, when you alter settings in the docker-compose.yml file, the Moodle configuration will be updated upon the next boot. This feature streamlines the configuration process, making it more efficient.

Moreover, new scripts have been introduced to facilitate user enrolment and admin password changes, which should enhance the management of your Moodle environment.

Should you decide to apply these updates, please ensure to backup your current setup to prevent any potential data loss or further issues. Feel free to reach out if you encounter any challenges or have more questions.

Thanks again for your feedback and best regards!

jjrbfi commented 9 months ago

Hi, I commented here because I don't want to disturb creating a new Issue when it is probably not necessary, and there are already issues with some hints that didn't helped me, as for example: (https://github.com/erseco/alpine-moodle/issues/51 , https://github.com/erseco/alpine-moodle/issues/43).

I'm facing a issue when enabling REVERSEPROXY in NPM (The two containers are in the same network). It shows me:

image

I have tried enabling and disabling SSLPROXY option, as well adding https and http in the SITEURL.

At least the redirection from the reverse-proxy works, but got that weird message which doesn't allow me to continue using the Moodle. I'm using a SSL certificate, so I need to use HTTPS. Here is my configuration:

version: '2'
services:

  redis:
    image: redis:alpine
    restart: unless-stopped

  postgres:
    image: postgres:alpine
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=test1234
      - POSTGRES_USER=admin
      - POSTGRES_DB=moodle
    volumes:
      - postgres:/var/lib/postgresql/data

  moodle:
    image: erseco/alpine-moodle
    build: .
    restart: unless-stopped
    environment:
      - LANG=en_US.UTF-8
      - LANGUAGE=en_US:en
      - SITE_URL=http://moodle.test.com
      - DB_TYPE=pgsql
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=moodle
      - DB_USER=admin
      - DB_PASS=test1234
      - DB_PREFIX=mdl_
      - REDIS_HOST=redis
      - REVERSEPROXY=false
      - SSLPROXY=false
      - MOODLE_EMAIL=test@gmail.com
      - MOODLE_LANGUAGE=en
      - MOODLE_SITENAME=Learning
      - MOODLE_USERNAME=admin
      - MOODLE_PASSWORD=test123
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USER=test@gmail.com
      - SMTP_PASSWORD=your_password
      - SMTP_PROTOCOL=tls
      - MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost
      - MOODLE_MAIL_PREFIX=[moodle]
    ports:
      - 8080:8080
    volumes:
      - moodledata:/var/www/moodledata
      - moodlehtml:/var/www/html
    depends_on:
      - postgres
      - redis
networks:
  default:
    external:
      name: moodleservicio

volumes:
  postgres: null
  moodledata: null
  moodlehtml: null

NPM - Docker-compose.yml

version: '3.8'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
networks:
    default:
        external:
            name: moodleservicio

And the NPM configuration:

image

I followed this just in case, but I don't think is related to the issue, and I also tried to get information about the issue in english but I haven't find anything that allowed me to do so.

With all the configuration you see here, I'm able to use Moodle by http.

Thanks for your time, hope you can give me a hint in what I'm doing wrong.

Regards

jjrbfi commented 9 months ago

Just to complement a bit:

(SSLPROXY and REVERSEPROXY enabled but http in SITEURL)

image

If I add https to SITEURL:

image

And with all commented before false and http but using SSL certificate (https from the reverse-proxy) Seems to load the website but no the .js, images and so.

image

Thanks again for your time.

erseco commented 9 months ago

Hi there,

I've successfully set up a Docker Compose environment for Moodle with Nginx Proxy Manager and integrated a self-signed SSL certificate for HTTPS. Here’s the updated Docker Compose configuration:

version: '3.8'
services:
  nginx-proxy-manager:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

  redis:
    image: redis:alpine
    restart: unless-stopped

  postgres:
    image: postgres:alpine
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=test1234
      - POSTGRES_USER=admin
      - POSTGRES_DB=moodle
    volumes:
      - postgres:/var/lib/postgresql/data

  moodle:
    image: erseco/alpine-moodle
    build: .
    restart: unless-stopped
    environment:
      - LANG=en_US.UTF-8
      - LANGUAGE=en_US:en
      - SITE_URL=https://moodle.test.com
      - DB_TYPE=pgsql
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=moodle
      - DB_USER=admin
      - DB_PASS=test1234
      - DB_PREFIX=mdl_
      - REDIS_HOST=redis
      - REVERSEPROXY=false
      - SSLPROXY=true
      - MOODLE_EMAIL=test@gmail.com
      - MOODLE_LANGUAGE=en
      - MOODLE_SITENAME=Learning
      - MOODLE_USERNAME=admin
      - MOODLE_PASSWORD=test123
      - SMTP_HOST=smtp.gmail.com
      - SMTP_PORT=587
      - SMTP_USER=test@gmail.com
      - SMTP_PASSWORD=your_password
      - SMTP_PROTOCOL=tls
      - MOODLE_MAIL_NOREPLY_ADDRESS=noreply@localhost
      - MOODLE_MAIL_PREFIX=[moodle]
    volumes:
      - moodledata:/var/www/moodledata
      - moodlehtml:/var/www/html
    depends_on:
      - postgres
      - redis

volumes:
  postgres: null
  moodledata: null
  moodlehtml: null

Additionally, I generated a self-signed SSL certificate for moodle.test.com and added it to the Nginx Proxy Manager. Here's how I did it:

  1. Generate a Private Key and Certificate:

    openssl genrsa -out moodle.test.com.key 2048
openssl req -new -x509 -key moodle.test.com.key -out moodle.test.com.crt -days 365 -subj "/CN=moodle.test.com"

  2. Add the Certificate to Nginx Proxy Manager:

    • Navigate to the SSL Certificates section in the Nginx Proxy Manager dashboard.
    • Click "Add SSL Certificate" and select "Custom".
    • Fill in the Certificate and Private Key fields with the contents of moodle.test.com.crt and moodle.test.com.key.

  3. Update /etc/hosts File:

    • Edit the hosts file: sudo vim /etc/hosts.
    • Add: 127.0.0.1 moodle.test.com.
    • Save and exit the editor.

This setup should work with HTTPS, allowing Moodle to run over a secure connection. Keep in mind that since the SSL certificate is self-signed, browsers will display a security warning, which is standard for development environments.

You can see that it's working here: screen1

And the NPM config here: screen2

If you encounter any issues or have questions, feel free to ask. I'm here to help!

Best regards.

jjrbfi commented 9 months ago

Hi thanks for been that fast replying! I highly appreciated.

I can't believe that I got it working now with your changes! I have been trying this for 3 days. Believe me. I used my .pem from certbot and worked just fine! 🤗

Still don't know what my issue was, but I can start working with HTTPS 🎉!!

Please let me know if you have BuymeaCoffe or BTC/XMR address to invite you a Coffee/Tea. You saved me at least 2 days of headaches trying to find the solution.

That new .yml would be great to have in the main repository as well.

Best Regards. Gracias!

erseco commented 9 months ago

Hi there,

Thank you so much for your kind offer to send a coffee or tea my way. It truly means a lot. If you feel inclined, you can support me at my BuyMeACoffee page. But please don't feel obligated—helping you was genuinely my pleasure, and I'm just glad I could assist in resolving your issue.

Regarding the .yml file, it's a great suggestion to include it in the main repository. It might help others facing similar challenges. I will check to add a samples directory with some usage examples like nginx-proxy-manager.

Once again, muchas gracias for your kind words. It's great to be part of your success. Feel free to reach out if you have more questions or need further assistance in the future.

Best regards, Ernesto