Closed theonlydoo closed 6 years ago
@theonlydoo hmm this is a Laravel issue, by default http is set. Laravel requires to set the SSL scheme in the webapplication config.
yep but may it be configured through docker environment variables?
ideally, yeah but that would require some changes in the web repository first.
@theonlydoo I was thinking if you made some progress on this issue, or you're waiting for a solution?
hey @cedricve : neither :-) I stayed on zoneminder, because I had also some issues adding my http cgi video input to kerberos and had very little time to test it. I opened the issue just to raise a problem, which may concern a lot of people who are using a reverse proxy
Ok @theonlydoo thanks for the feedback. I'll work on it and update this issue, once I've a resolution. Let's keep in touch.
I am also very interested in a way to enable detection of SSL at the frontend. Ideally the web application should detect this scenario by checking X-Forwarded-Proto
(like described in this answer on SO).
During my research I came accross Laravel Trusted Proxies. It sounds to me (while not having any experience with Laravel) like a way to add support for this topic to the docker image with little overhead.
What do you think?
Will be fixed in next release.
fixed in master image, KiOS 2.4.0
This is still an issue in the kerberos/kerberos:latest
Docker image.
@cedricve any progress on this. Have setup over nginx reverse proxy and let encrypt cert. Main problem is that I have *.dev domain which have hardcoded SSL Preload so I cannot use this domain without SSL. Second is Allow-cross-origin Access-Control-Allow-Origin
header which kill http AJAX requests. So I cannot go trought first language setup beacaus API request is blocked even I force enable cross-origin assets in browser.
Access to XMLHttpRequest at 'https://example.dev/api/v1/user/language' (redirected from 'http://example.dev/api/v1/user/language') from origin 'https://example.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
VM305:1 POST https://example.dev/api/v1/user/language net::ERR_FAILED
This happend when I try send first form on welcome page.
Tried to setup APP_URL
with HTTPS scheme in app.php without effect.
OK, after some research I solved it for now by overwriting .env file in web with SECURE_SSL=true
.
docker-compose.yml
services:
kerberos:
image: kerberos/kerberos:${VERSION}
restart: always
container_name: ${COMPOSE_PROJECT_NAME}
privileged: true
network_mode: "bridge"
ports:
- "127.0.0.1:8080:80"
- "127.0.0.1:8889:8889"
volumes:
- ${CONFIG_DIR}/config:/etc/opt/kerberosio/config:rw
- ${CONFIG_DIR}/captured:/etc/opt/kerberosio/capture:rw
- ${CONFIG_DIR}/logs:/etc/opt/kerberosio/logs:rw
- ${CONFIG_DIR}/webconfig:/var/www/web/config:rw
- ${CONFIG_DIR}/.env:/var/www/web/.env
.env
APP_ENV=local
APP_KEY=base64:XL8nQ5mfLNpEytMEcXuanrPB7PB+sEdlbHTm038UDxE=
APP_DEBUG=true
APP_LOG_LEVEL=debug
APP_URL=http://localhost
SECURE_SSL=true
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=lockfile
SESSION_COOKIE_NAME=kerberosio_session
QUEUE_DRIVER=sync
hello @holantomas,
Actually there is a much easier approach, however I noticed it was not documented on this issue.
You could pass following environment variable in the container (https://github.com/kerberos-io/web/issues/158).
services:
kerberos:
image: kerberos/kerberos:${VERSION}
restart: always
container_name: ${COMPOSE_PROJECT_NAME}
privileged: true
network_mode: "bridge"
ports:
- "127.0.0.1:8080:80"
- "127.0.0.1:8889:8889"
volumes:
- ${CONFIG_DIR}/config:/etc/opt/kerberosio/config:rw
- ${CONFIG_DIR}/captured:/etc/opt/kerberosio/capture:rw
- ${CONFIG_DIR}/logs:/etc/opt/kerberosio/logs:rw
- ${CONFIG_DIR}/webconfig:/var/www/web/config:rw
environment:
- KERBEROSIO_SECURE_SSL=true
That works, thanks I somehow missed that issue.
No worries we will add it to the documentation. Would you mind sharing why you use docker compose?
I'm using docker-compose for everything because it's easy to save, push to git repo etc. I know that you have some kind of your's shell script, but I only want to get it works and check if it's what I need. For now I cannot get stream working. I can ping camera from container, but Machinery keep dropping like it was issued multiple times here. Unfortunetly nothing helped for now. After I get it work and if I will want to use kerberos for NVR I going to look more deeper for features which you offer :)
Turns out, while using a reverse proxy, assets are loaded through http still, is it possible to set a flag "ssl: true" in the docker-compose file ?