Standalone Traefik reverse proxy & 405 Method Not Allowed

PyrokineticDarkElf commented 8 months ago

Describe the bug After setting up the container I am unable to login through the admin portal with my defined credentials and I can't set up a new user.

grimoire-pocketbase | 2024/03/14 21:27:14 Server started at http://0.0.0.0:80
grimoire-pocketbase | ├─ REST API: http://0.0.0.0:80/api/
grimoire-pocketbase | └─ Admin UI: http://0.0.0.0:80/_/
grimoire      | Configuration used {
grimoire      |   BACKEND_URL: 'https://grimoire.local.mydomain.co.uk/pb',
grimoire      |   POCKETBASE_URL: 'https://grimoire.local.mydomain.co.uk/pb',
grimoire      |   HTTPS_ONLY: false,
grimoire      |   SIGNUP_DISABLED: false
grimoire      | }
grimoire      | Listening on 0.0.0.0:5173
grimoire      | ClientResponseError 405: Method Not Allowed.
grimoire      |     at file:///app/node_modules/.pnpm/pocketbase@0.21.0/node_modules/pocketbase/dist/pocketbase.es.mjs:1:31966
grimoire      |     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
grimoire      |     at async AdminService.authWithPassword (file:///app/node_modules/.pnpm/pocketbase@0.21.0/node_modules/pocketbase/dist/pocketbase.es.mjs:1:10785)
grimoire      |     at async default (file:///app/build/server/chunks/5-QHe1JzzZ.js:9:7)
grimoire      |     at async handle_action_request (file:///app/build/server/index.js:966:18)
grimoire      |     at async render_page (file:///app/build/server/index.js:2525:23)
grimoire      |     at async resolve2 (file:///app/build/server/index.js:3637:24)
grimoire      |     at async Object.handle (file:///app/build/server/chunks/hooks.server-MgKWq-jv.js:33:20)
grimoire      |     at async respond (file:///app/build/server/index.js:3528:22)
grimoire      |     at async Array.ssr (file:///app/build/handler.js:1243:3) {
grimoire      |   url: 'https://grimoire.local.mydomain.co.uk/pb/api/admins/auth-with-password',
grimoire      |   status: 405,
grimoire      |   response: { code: 405, message: 'Method Not Allowed.', data: {} },
grimoire      |   isAbort: false,
grimoire      |   originalError: {
grimoire      |     url: 'https://grimoire.local.mydomain.co.uk/pb/api/admins/auth-with-password',
grimoire      |     status: 405,
grimoire      |     data: { code: 405, message: 'Method Not Allowed.', data: {} }
grimoire      |   }
grimoire      | }

I am unsure whether my Traefik setup may be to blame: I have tried using the labels defined in the docs

    network_mode: bridge
    labels:
      - traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.local.mydomain.co.uk`) && PathPrefix(`/pb/`)
      - traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb
      - traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase

AND

    network_mode: bridge
    labels:
      - traefik.http.routers.grimoire.rule=Host(`grimoire.local.mydomain.co.uk`)

But this will not allow anything to load.

When I use the following, the service will load and I can navigate the login pages, but I can't submit any data.

    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grimoire-pocketbase.entrypoints=http"
      - "traefik.http.routers.grimoire-pocketbase.rule=Host(`grimoire.local.mydomain.co.uk`) && PathPrefix(`/pb/`)"
      - "traefik.http.middlewares.grimoire-pocketbase.stripprefix.prefixes=/pb"
      - "traefik.http.middlewares.grimoire-pocketbase-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase"
      - "traefik.http.routers.grimoire-pocketbase.middlewares=grimoire-pocketbase-https-redirect"
      - "traefik.http.routers.grimoire-pocketbase-secure.entrypoints=https"
      - "traefik.http.routers.grimoire-pocketbase-secure.rule=Host(`grimoire.local.mydomain.co.uk`) && PathPrefix(`/pb/`)"
      - "traefik.http.routers.grimoire-pocketbase-secure.tls=true"
      - "traefik.http.routers.grimoire-pocketbase-secure.service=grimoire-pocketbase"
      - "traefik.http.services.grimoire-pocketbase.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"

AND

    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grimoire.entrypoints=http"
      - "traefik.http.routers.grimoire.rule=Host(`grimoire.local.mydomain.co.uk`)"
      - "traefik.http.middlewares.grimoire-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.grimoire.middlewares=grimoire-https-redirect"
      - "traefik.http.routers.grimoire-secure.entrypoints=https"
      - "traefik.http.routers.grimoire-secure.rule=Host(`grimoire.local.mydomain.co.uk`)"
      - "traefik.http.routers.grimoire-secure.tls=true"
      - "traefik.http.routers.grimoire-secure.service=grimoire"
      - "traefik.http.services.grimoire.loadbalancer.server.port=5173"
      - "traefik.docker.network=proxy"

AND

networks:
  proxy:
    external: true

To Reproduce Steps to reproduce the behavior: Traefik setup following this guide - https://technotim.live/posts/traefik-portainer-ssl/ docker-compose.yml as described. .env:

# Set it if you're using external PocketBase installation (default: http://localhost:8090)
# Example: PUBLIC_POCKETBASE_URL=https://grimoire.mydomain.com:8090
PUBLIC_POCKETBASE_URL=https://grimoire.local.mydomain.co.uk/pb
# RECOMMENDED: Change this to your email
ROOT_ADMIN_EMAIL=me@mydomain.co.uk
# RECOMMENDED: Use a secure password. Can be later changed in PocketBase's admin panel
ROOT_ADMIN_PASSWORD=changeme
# Set this to your domain name (default: http://localhost:5173)
# Example: ORIGIN=grimoire.mydomain.com
ORIGIN=https://grimoire.local.mydomain.co.uk
# Set this to true if you're using HTTPS (default: false)
# Example: PUBLIC_HTTPS_ONLY=true
PUBLIC_HTTPS_ONLY=false
# Change to the port you want the app to listen on (default: 5173)
# Example: PORT=80
PORT=5173
# Set this to true if you want to disable public signups (default: false)
PUBLIC_SIGNUP_DISABLED=false

Additional context I'm no expert on Traefik and I have used the labels I tend to use for my other services. I have tried removing some and modifying some but have not had any luck yet.

goniszewski commented 8 months ago

Hello @Staples1010! Your configuration looks valid, very similar to the one from a guide I made some time ago: https://grimoire.pro/docs/guides/setup-with-a-reverse-proxy.

Were you able to connect to the PocketBase admin panel /pb/_/? If so, was it asking you to create a new admin user (it's a sign that the migrations files weren't visible for PB).

PyrokineticDarkElf commented 7 months ago

Hi @goniszewski! Sorry for the delay... I was able to get this working in the end. I don't think the issue was Traefik. I think I was using invalid admin details in the config. 😅

Thanks for your suggestions!

goniszewski / grimoire

Standalone Traefik reverse proxy & 405 Method Not Allowed #68