search

iFargle / headscale-webui

A simple Headscale web UI for small-scale deployments.
Other
627 stars 57 forks source link

perfect 'docker-compose.yml' file #78

Closed threerog closed 1 year ago

threerog commented 1 year ago

https://github.com/iFargle/headscale-webui/blob/main/docker-compose.yml

Incomplete document information Incomplete parameter information HS_ SERVER is https://www.example.com Unable to work at time But I opened it https://www.example.com/swagger Normal access and opened it https://www.example.com/health Normal access

Also, is the internal port of webui fixed at 5000?

threerog commented 1 year ago 
[2023-04-07 16:06:56 +0900] [1] [INFO] Starting gunicorn 20.1.0
[2023-04-07 16:06:56 +0900] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
[2023-04-07 16:06:56 +0900] [1] [INFO] Using worker: sync
[2023-04-07 16:06:56 +0900] [7] [INFO] Booting worker with pid: 7
[2023-04-07 16:06:56,853] INFO in server: Headscale-WebUI Version:  v0.6.1 / main
[2023-04-07 16:06:56,853] INFO in server: LOG LEVEL SET TO INFO
[2023-04-07 16:06:56,853] INFO in server: DEBUG STATE:  False
[2023-04-07 16:07:01,315] ERROR in app: Exception on / [GET]
Traceback (most recent call last):
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 449, in _make_request
    six.raise_from(e, None)
  File "", line 3, in raise_from
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 444, in _make_request
    httplib_response = conn.getresponse()
                       ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/http/client.py", line 1374, in getresponse
    response.begin()
  File "/usr/local/lib/python3.11/http/client.py", line 318, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/http/client.py", line 287, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/.venv/lib/python3.11/site-packages/requests/adapters.py", line 489, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 787, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/urllib3/util/retry.py", line 550, in increment
    raise six.reraise(type(error), error, _stacktrace)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/urllib3/packages/six.py", line 769, in reraise
    raise value.with_traceback(tb)
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 449, in _make_request
    six.raise_from(e, None)
  File "", line 3, in raise_from
  File "/app/.venv/lib/python3.11/site-packages/urllib3/connectionpool.py", line 444, in _make_request
    httplib_response = conn.getresponse()
                       ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/http/client.py", line 1374, in getresponse
    response.begin()
  File "/usr/local/lib/python3.11/http/client.py", line 318, in begin
    version, status, reason = self._read_status()
                              ^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/http/client.py", line 287, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
urllib3.exceptions.ProtocolError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/app/.venv/lib/python3.11/site-packages/flask/app.py", line 2528, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/server.py", line 129, in decorated
    return view_func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/server.py", line 141, in overview_page
    pass_checks = str(helper.load_checks())
                      ^^^^^^^^^^^^^^^^^^^^
  File "/app/helper.py", line 298, in load_checks
    if access_checks() != "Pass": return 'error_page'
       ^^^^^^^^^^^^^^^
  File "/app/helper.py", line 172, in access_checks
    response = requests.get(str(url)+"/health")
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/requests/api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/.venv/lib/python3.11/site-packages/requests/adapters.py", line 547, in send
    raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
iFargle commented 1 year ago

Can you post your docker-compose.yml?

Also yes, internal is port 5000

threerog commented 1 year ago

Can you post your docker-compose.yml?

Also yes, internal is port 5000

version: "3"
services:
  headscale-webui:
    container_name: headscale-webui
    image: ghcr.io/ifargle/headscale-webui:latest
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    ports:
      - '5000:5000'
    environment:
      - TZ=Asia/Tokyo
      - COLOR=red
      - HS_SERVER=https://www.example.com
      - DOMAIN_NAME=https://www.example.com:5000
      - SCRIPT_NAME=/admin
      - KEY="PSDSzZAXi0UTtod8oQEO/13u8EK0oR+PjB+h2+XUtWI="
      - LOG_LEVEL=info
    volumes:
      - /etc/headscale/webui:/data:rw     
      - /etc/headscale:/etc/headscale:ro
iFargle commented 1 year ago

Are you accessing on https://www.example.com:5000/admin or https://www.example.com:5000?

iFargle commented 1 year ago

You may just need to remove :5000 from the DOMAIN_NAME variable and remove your SCRIPT_NAME variable entirely.

threerog commented 1 year ago

You may just need to remove :5000 from the DOMAIN_NAME variable and remove your SCRIPT_NAME variable entirely.

I understand what you mean. In actual testing, I used the complete path

threerog commented 1 year ago

My headscale has enabled the HTTPS+443 port internally and is configured with a TLS certificate Then go to the external port 8080 of the headscale container through nginx reverse proxy Determine through testing that headscale is running normally

docker run \
  --name headscale \
  --detach \
  --volume /etc/headscale/:/etc/headscale/ \
  --publish 8080:8080\
  --publish 9090:9090 \
  --publish 50443:50443 \
  --publish 3478:3478 \
  headscale/headscale:latest \
  headscale serve

headscale-config.yaml

server_url: https://www.example.com:443
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 127.0.0.1:9090
grpc_listen_addr: 0.0.0.0:50443
threerog commented 1 year ago

Are you accessing on https://www.example.com:5000/admin or https://www.example.com:5000?

I visited before https://www.example.com:5000/admin but I have now deleted SCRIPT_ NAME content, direct access https://www.example.com:5000 and direct access http://server_ip:5000 It's still the same mistake as before

iFargle commented 1 year ago

I think I see the problem... Are you using a reverse proxy?

The container serves on http. Maybe http://example.com:5000 would work?

On April 8, 2023 4:17:07 PM UTC, threerog @.***> wrote:

Are you accessing on https://www.example.com:5000/admin or https://www.example.com:5000?

I visited before https://www.example.com:5000/admin but I have now deleted SCRIPT_ NAME content, direct access https://www.example.com:5000 It's still the same mistake as before

-- Reply to this email directly or view it on GitHub: https://github.com/iFargle/headscale-webui/issues/78#issuecomment-1500924545 You are receiving this because you commented.

Message ID: @.> -- Albert J. Copeland @. PGP Fingerprint:  64F6C4EB46C4543A

iFargle commented 1 year ago

Hm, no I see it's erroring on getting the healthcheck from Headscale... https://example.com/health is reachable from inside your Docker environment, yes? Maybe set your HS_SERVER to the IP inside your Docker network?

threerog commented 1 year ago

I seem to have found the problem, suspected to be caused by curl's HTTP/2 problem https://www.example.com/health Can access curl successfully on other computers But the same server deployed on Headscale cannot be accessed I always said before https://www.example.com/health It can be accessed normally, accessed on my local work computer, not tested locally on the server.

Is the underlying layer of headscale-webui based on curl?

root@VM-12-16-ubuntu:~# curl https://www.example.com/health
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

This is an article sent to me by a colleague https://blog.balasundar.com/curl-92-http2-stream-0-was-not-closed-cleanly-protocolerror-err-1

threerog commented 1 year ago

After I discovered that it was suspected to be related to curl, I attempted to upgrade the curl software package but still failed. I have followed the previously mentioned configuration information and deployment instructions once on another new server, and it can be deployed normally. The UI is normal, and curl can also pass the test.

But I tested the /health interface of the new server using curlfrom the old server and still returned curl: (92) HTTP/2 stream 0 was not closed clean: PROTOCOL'_ ERROR (err 1)

iFargle commented 1 year ago

This I am clueless on. I just use the plain ol' Python requests library for all the HTTP requests

iFargle commented 1 year ago

Which I guess is HTTP/1.1?

threerog commented 1 year ago

I am also at a loss. My new server synchronizes according to the same configuration and image of the old server, but in the end, one server succeeds while the other fails. I am also contacting server provider technical support

threerog commented 1 year ago

I'm sorry, it's not an issue with headscale-webui It's because the IP address of that server triggered firewall restrictions