search

ledgersmb / ledgersmb-docker

Dockerfile for LedgerSMB Docker image
17 stars 20 forks source link

Installing ledgersmb in a subfolder #27

Closed jessicana closed 3 years ago

jessicana commented 3 years ago

I need a guide to install ledgersmb in a subfolder: mydomain.com/ledgersmb

jessicana commented 3 years ago

Can anyone please guide me through what I have to change in the docker-compose.yml file if I want to install ledgersmb in subdirectory like domain.com/ledgersmb? When I install in a subfolder, the process stop as highlighted below:

postgres_1  | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres_1  |
postgres_1  | LOG:  received fast shutdown request
postgres_1  | LOG:  aborting any active transactions
postgres_1  | LOG:  autovacuum launcher shutting down
postgres_1  | LOG:  shutting down
postgres_1  | waiting for server to shut down....LOG:  database system is shut down
postgres_1  |  done
postgres_1  | server stopped
postgres_1  |
postgres_1  | PostgreSQL init process complete; ready for start up.
postgres_1  |
postgres_1  | LOG:  database system was shut down at 2021-08-16 04:59:09 UTC
postgres_1  | LOG:  MultiXact member wraparound protections are now enabled
postgres_1  | LOG:  database system is ready to accept connections
postgres_1  | LOG:  autovacuum launcher started
lsmb_1      | Starting Worker on PID 1 Using Built Dojo
lsmb_1      | 2021/08/16-04:59:12 Starman::Server (type Net::Server::PreFork) starting! pid(1)
lsmb_1      | Resolved [*]:5762 to [::]:5762, IPv6
lsmb_1      | Not including resolved host [0.0.0.0] IPv4 because it will be handled by [::] IPv6
lsmb_1      | Binding to TCP port 5762 on host :: with IPv6
**lsmb_1      | Setting gid to "33 33"**
^CGracefully stopping... (press Ctrl+C again to force)
Stopping ledgersmb_lsmb_1     ...
Stopping ledgersmb_postgres_1 ...
Killing ledgersmb_lsmb_1      ... done
Killing ledgersmb_postgres_1  ... done
ERROR: 2
ehuelsmann commented 3 years ago

Thank you for rephrasing your question ("need" came across demanding, although I'm sure you didn't mean it that way).

As with many things in IT, the answer to the question "What do I need to do to achieve X?" is "It depends"; which applies in this case too. Could you provide more context, please? Like: what is the setup you're working on? I mean: could you explain a bit of why it's important to run this on a subdirectory? That will likely provide me some of the information I need to understand which steps are involved to achieve what you want.

Regards, Erik.

ehuelsmann commented 3 years ago

(meaning, yes, I'll guide you through the steps to the best of my ability)

jessicana commented 3 years ago

Thank you Erik for your response. I appreciate your support, and I apologize if I appeared as someone who came across as demanding. Not at all. I am seeking help from the experts.

I run my website in the root directory on Ubuntu 20.04.2 LTS, nginx/1.21.1, and PHP 8.0.9. MySQL Ver is 8.0.26, and I want to install ledgersmb on a subdirectory (or subdomain) to maintain my accounting records there. What do I need to do to achieve this?

ehuelsmann commented 3 years ago

From your description of what you want to achieve, it's important to understand the components and what they need to do in the setup you want to run (assuming the setup in a sub-folder).

First, there's nginx which is serving your website. Since you want LedgerSMB to available on a sub-directory, nginx will need to be told about that subdirectory and how to handle requests for it. You can do that by adding this snippet of configuration to nginx's configuration (untested - I lack a setup like this one) and restarting nginx:

  location /ledgersmb/ {
    # Configuration files don't exist
    location ^~ \.conf$ {
       return 404;
    }
    # 'Hidden' files don't exist
    location ~ /\. {
       return 404;
    }

    try_files $uri $uri/ @starman;

    location @starman {
       # If you changed the port in the Starman service file, change it here too
       proxy_pass http://localhost:5762;
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-Forwarded-Server $host;
       proxy_cookie_path ~^/$ /ledgersmb/;
    }
  }

This configuration block is an adapted version of the example configuration that comes with LedgerSMB.

With the nginx configuration in place, you can start LedgerSMB. Before you used docker-compose up, but this time, since you already have created the containers (which is what up does), you only need to start them. The command to do that is docker-compose start.

After you have completed the steps above, LedgerSMB should be available on your domain under the path /ledgersmb/login.pl for regular users and /ledgersmb/setup.pl for admininstrative users. If you run into any errors, please let me know so we can work through those.

PS: Please note that before you do anything serious with LedgerSMB, you need to change the password (which defaults to 'abc' for the login on setup.pl)!

jessicana commented 3 years ago

Thank you very much, Erik, for the clear and precise instructions. I appreciate it. I have successfully installed ledgersmb, and I can see it on: http://domain.com:5762/login.pl and http://domain.com:5762/setup.pl The above settings for the configuration block did not work on Nginx and when I run sudo nginx -t, I get the below error:

nginx: [emerg] location "\.conf$" is outside location "/ledgersmb/" in /etc/nginx/sites-enabled/domain.com:102
nginx: configuration file /etc/nginx/nginx.conf test failed

My Nginx configuration file is below. When I run an application in the sub-directory, I add the location ^~ /ledgersmb { block similar to the one below and the application works. I cannot get the same configuration to work with ledgersmb. When I visited: http://domain.com/ledgersmb/login.pl I got 404 Not Found:

## Nginx Configuration File
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 ;
    listen [::]:80 ;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/domain.com/html/root;

    # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;

    server_name domain.com www.domain.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.php?$args; 
    }

    # pass PHP scripts to FastCGI server
    #
        location ~ \.php$ {
        include snippets/fastcgi-php.conf;
    #
    #   # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
    #   # With php-cgi (or other tcp sockets):
    #   fastcgi_pass 127.0.0.1:9000;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with Nginx's one
    #
    location ~ /\.ht {
        deny all;
    }

location ^~ /foo {
    root /var/www/domain.com/html/root;
    index index.php;
    try_files $uri $uri/ /foo/index.php;

    location ~ \.php$ {
    try_files $uri =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
  }
}

location ^~ /ledgersmb {
    root /var/www/domain.com/html/root;
    index index.php;
    try_files $uri $uri/ /ledgersmb/index.php;

    location ~ \.php$ {
    try_files $uri =404;
    include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
  }
}

}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

This configuration file is not materially different from the default configuration file for Ubuntu 20.04 on Nginx. I also tried the below block, and it did not work:

location ^~ /ledgersmb {
    root /var/www/domain.com/html/root;
    index index.php;
    try_files $uri $uri/ /ledgersmb/index.php;

    location ~ \.php$ {
        proxy_pass http://localhost:5762;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_cookie_path ~^/$ /ledgersmb/;
    try_files $uri =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
  }
}
ehuelsmann commented 3 years ago

Hi,

Good to see that you have LedgerSMB working on the public port 5762!

You mention trying to add 

location ^~ /ledgersmb {
    root /var/www/domain.com/html/root;
    index index.php;
    try_files $uri $uri/ /ledgersmb/index.php;

    location ~ \.php$ {
    try_files $uri =404;
    include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
  }
}

and that it's not working for LedgerSMB. That's because nginx is trying to connect to php through unix:/run/php/php8.0-fpm.sock, but that doesn't exist: it's a Unix socket and LedgerSMB - although it can be made to work with unix sockets - has been set up to work with TCP/IP connections on the installation you used; a different mechanism entirely.

Based on the erorr you pasted, I have to change my recommendation for the location block you should add. The new recommendation is:

  location /ledgersmb/ {
    try_files $uri $uri/ @starman;
  }

  location @starman {
     # If you changed the port in the Starman service file, change it here too
     proxy_pass http://localhost:5762;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Forwarded-Server $host;
     proxy_cookie_path ~^/$ /ledgersmb/;
  }

(So that's two separate location blocks.)

Let me know if that works!

jessicana commented 3 years ago

Hi Erik,

Thank you very much for your support! We are almost there.

I tried the suggested configuration above, and I got this not found page when I visited http://domain.com/ledgersmb/setup.pl but this is not a 404 not found page. I got 403 forbidden when I visited: http://domain.com/ledgersmb. I changed the block to become:

location /ledgersmb/
{
  root /var/www/domain.com/html/root;
  try_files $uri $uri/ @starman;
}

# Configuration files don't exist
location ^~ \.conf$
{
  return 404;
}

# 'Hidden' files don't exist
location ~ /\.
{
  return 404;
}

location @starman
{
  # If you changed the port in the Starman service file, change it here too
  proxy_pass http://localhost:5762;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_cookie_path ~^/$ /ledgersmb/;
}

I got the same not found page on both http://domain.com/ledgersmb/setup.pl and http://domain.com/ledgersmb. I tested with and without location ^~ \.conf$ { and location ~ /\. { blocks, and I got the same not found page on both URLs above. I was able to see ledgersmb on http://domain.com:5762/login.pl and http://domain.com:5762/setup.pl every time I changed the Nginx configuration file.

Although it might not be required, I created a firewall rule that allowed all connections on port 5762 sudo ufw allow 5762, but I still cannot see legdersmb loading on http://domain.com/ledgersmb/login.pl

ehuelsmann commented 3 years ago

Sorry for the long delay in my response (I was busy working on the security releases done earlier this week). Could you please upload an image of the Not Found page? That way, I'll be able to see if this is a page from LedgerSMB or from Nginx.

jessicana commented 3 years ago

Thanks, Erik! It is a page from LedgerSMB not found page.

Ledgersmb

ehuelsmann commented 3 years ago

Ah! If it's the LedgerSMB error page, then you should be able to run docker-compose ps to see the names of your containers (and whether they have started or not. The output should look somewhat like this:

           Name                          Command              State    Ports
----------------------------------------------------------------------------
ledgersmb-docker_lsmb_1       start.sh                        Exit 0        
ledgersmb-docker_postgres_1   docker-entrypoint.sh postgres   Exit 0

To see the logs for the LedgerSMB container, run docker-compose logs lsmb, or if you want to see them scroll by interactively, run docker-compose logs -f lsmb. The output should look like this:

lsmb_1      | Req:EFEE7CA4040E11ECADE8FBB76C08027E ::ffff:192.168.144.1 - - [23/Aug/2021:12:37:58 +0000] "POST /setup.pl HTTP/1.1" 200 2441 "http://192.168.144.2:5762/setup.pl" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0"

The "200" after the string "POST /setup.pl HTTP/1.1" indicates success. You're looking for a request where the response is 404 in the position this one lists 200. Can you provide the output of taht? It should get a good understanding of what nginx is forwarding. In the mean time: I found https://serverfault.com/a/792343 which may also be of help resolving this situation.

jessicana commented 3 years ago

Thanks, Erick!

Running docker-compose ps produces:

        Name                      Command              State                    Ports
-------------------------------------------------------------------------------------------------------
ledgersmb_lsmb_1       start.sh                        Up      0.0.0.0:5762->5762/tcp,:::5762->5762/tcp
ledgersmb_postgres_1   docker-entrypoint.sh postgres   Up      5432/tcp

Running docker-compose logs -f lsmb produced many outputs with success (i.e., 200) but none of the outputs produced 404. I scanned the log and the below were not success outputs with 200:

lsmb_1      | Req:6206229CFFAA11EBB9FFCF3380DE6E4D ::ffff:192.168.144.1 - - [17/Aug/2021:22:28:02 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 500 203 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:5407B594FFBD11EBB9FFCF3380DE6E4D ::ffff:192.168.144.1 - - [18/Aug/2021:00:43:38 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 400 38 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:82BB1B44FFD911EB83EECF3380DE6E4D ::ffff:192.168.144.1 - - [18/Aug/2021:04:05:23 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 400 38 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:4B3CB8B0011611ECA1D3CF3380DE6E4D ::ffff:192.168.144.1 - - [19/Aug/2021:17:53:00 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 400 38 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:4E01CE6E011611EC83EECF3380DE6E4D ::ffff:192.168.144.1 - - [19/Aug/2021:17:53:05 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 400 38 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:84B24F90021211EC9D88CF3380DE6E4D 2021/08/20 23:58:30 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Invalid credentials at lib/LedgerSMB/Middleware/Authenticate/Company.pm line 106, <$io> line 1.\n
lsmb_1      | Req:84B24F90021211EC9D88CF3380DE6E4D ::ffff:192.168.144.1 - - [20/Aug/2021:23:58:30 +0000] "POST /login.pl?action=authenticate&company= HTTP/1.1" 500 203 "http://example.com:5762/login.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:C92C7C7C021211EC8AF5CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:00:25 +0000] "GET /setup.pl?action=authenticate&company=postgres HTTP/1.1" 401 29 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:C95F9940021211EC8AF5CF3380DE6E4D 2021/08/21 00:00:25 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Could not connect to database: FATAL:  password authentication failed for user "lsmb_dbadmin" at lib/LedgerSMB/Scripts/setup.pm line 244.\n
lsmb_1      | Req:C95F9940021211EC8AF5CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:00:25 +0000] "GET /setup.pl?action=login&database=abc HTTP/1.1" 500 245 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:EDCC949A021211EC93E0CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:01:26 +0000] "GET /setup.pl?action=authenticate&company=postgres HTTP/1.1" 401 29 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:EDF64C86021211EC93E0CF3380DE6E4D 2021/08/21 00:01:26 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Could not connect to database: FATAL:  password authentication failed for user "lsmb_dbadmin" at lib/LedgerSMB/Scripts/setup.pm line 244.\n
lsmb_1      | Req:EDF64C86021211EC93E0CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:01:26 +0000] "GET /setup.pl?action=login&database=testcompany HTTP/1.1" 500 245 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:FA2FDC74021211ECBA8BCF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:01:47 +0000] "GET /setup.pl?action=authenticate&company=postgres HTTP/1.1" 401 29 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:FA5A1C0A021211ECBA8BCF3380DE6E4D 2021/08/21 00:01:47 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Could not connect to database: fe_sendauth: no password supplied at lib/LedgerSMB/Scripts/setup.pm line 244.\n
lsmb_1      | Req:FA5A1C0A021211ECBA8BCF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:01:47 +0000] "GET /setup.pl?action=login&database=testcompany HTTP/1.1" 500 216 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:2F7CE156021311EC9D88CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:03:16 +0000] "GET /setup.pl?action=authenticate&company=postgres HTTP/1.1" 401 29 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:2FA7BF0C021311EC9D88CF3380DE6E4D 2021/08/21 00:03:16 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Could not connect to database: FATAL:  password authentication failed for user "lsmb_dbadmin" at lib/LedgerSMB/Scripts/setup.pm line 244.\n
lsmb_1      | Req:2FA7BF0C021311EC9D88CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:03:16 +0000] "GET /setup.pl?action=login&database=testcompany HTTP/1.1" 500 245 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:3B2818CC021311EC93E0CF3380DE6E4D ::ffff:192.168.144.1 - - [21/Aug/2021:00:03:36 +0000] "GET /setup.pl?action=authenticate&company=postgres HTTP/1.1" 401 29 "http://example.com:5762/setup.pl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/192.168.144.1 Safari/537.36"
lsmb_1      | Req:3B513EC8021311EC93E0CF3380DE6E4D 2021/08/21 00:03:36 - ERROR - LedgerSMB::PSGI::catch {...}  lib/LedgerSMB/PSGI.pm (159) -- Could not connect to database: FATAL:  password authentication failed for user "lsmb_dbadmin" at lib/LedgerSMB/Scripts/setup.pm line 963.\n

I have to mention that when I followed the documentation at: https://ledgersmb.org/content/preparing-ledgersmb-17-first-use to prepare for the first use, I used:

Super-user login: lsmb_dbadmin
Password: abc
Database: testcompany

as listed in the documentation and this produced the below error when I hit create: 

Error!
Could not connect to database: FATAL: password authentication failed for user "lsmb_dbadmin" at lib/LedgerSMB/Scripts/setup.pm line 963.
dbversion: 1.8.17, company:

I had to change the Super-user login from lsmb_dbadmin to postgres for this to work and I was able to access ledgersmb.

I tried:

location ~/ledgersmb(.*)$ {
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://example.com:5762$1;
}

and it returned 502 bad gateway.

ehuelsmann commented 3 years ago

Hi,

This section:

location ~/ledgersmb(.*)$ {
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://example.com:5762$1;
}

contains the explanation: "http://example.com:5762" isn't available for service. You really want have this instead:

location ~/ledgersmb(.*)$ {
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:5762$1;
}

(Note the last row.)

jessicana commented 3 years ago

I am delighted to inform you that I can see ledgersmb on http://example.com/ledgersmb/login.pl. This is awesome. You are a legend!

I tried to sign in, but I could not. I get the below error message. However, I was able to sign in using: http://example.com:5762/login.pl.

wow

ehuelsmann commented 3 years ago

That's good news!

As to the remaining issue, are there any hints in the output of docker-compose logs -f lsmb ?

jessicana commented 3 years ago

docker-compose logs -f lsmb does not show anything on http://example.com/ledgersmb/login.pl. What I saw in the log was for: http://example.com:5762/login.pl, and they were 200 and 401.

ehuelsmann commented 3 years ago

That's to be expected: the configuration block

location ~/ledgersmb(.*)$ {
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:5762$1;
}

maps http://example.com/ledgersmb/login.pl to http://127.0.0.1:5762/login.pl. So the 200 and 401 responses you saw are the ones that came from your browser and were mapped and forwarded to the Docker container by nginx.

In our back-and-forth, an important detail got lost in the configuration block. It should also list

proxy_cookie_path ~^/$ /ledgersmb/;

in the location ~/legersmb(.*)$ section. That could actually be the reason for the problem you're seeing I'm unable to create a 401 response using invalid logins (those generate 500 responses in my testing).

jessicana commented 3 years ago

Thank you, Eric and I apologize for the delay in getting back to you. I have tested:

location ~/ledgersmb(.*)$ {
    proxy_cookie_path ~^/$ /ledgersmb/;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:5762$1;
}

and I got this error: Unknown error preventing login

Ledgersmb1

I don't see any error recorded after I run: docker-compose logs -f lsmb.

All outputs returned with success 200 but none of the URLs in the log came from http://example.com/ledgersmb/login.pl. They all came from http://example.com:5762/login.pl

ehuelsmann commented 3 years ago

Hi,

The fact that the logs show only URLs from http://example.com:5762/login.pl, is because your nginx rewrites the URLs from http://example.com/ledgersmb/login.pl to the other form. Assuming you're using either Chrome/Chromium or Firefox, could you open the login page, press F12 (which opens the developer tools), in the developer tools, select the "Network" tab and try logging in? That should provide more information to be able to help you continue.

jessicana commented 3 years ago

Hello Erik,

Thank you very much! I prepared a video and posted it to this link: https://streamable.com/xuhohb I visited the first tab: http://example.com/ledgersmb/setup.pl, and I entered the credentials as shown in the video. The page refreshed, and I was not redirected anywhere. I repeated the test but used a different URL: http://example.com:5762/setup.pl, and I was redirected, as shown in the video.

The status is 200 in both cases. The question that I cannot answer is why I was not redirected in the first test?

When I perform the test on the login page, the status is 200, and I see: ?action=authenticate&company=testcompany after the URL with (Unknown error preventing login) error.

bruceschaller commented 3 years ago

NGINX is so powerful, but I often find it cumbersome to complete simple tasks like this.

If running another container is also allowed in this case, I've found that NGINX Proxy Manager https://nginxproxymanager.com/ is well maintained and fairly easy to use. Particularly as the number of other containers under management increases, it's useful to be able to be sure only the section of these config files you intend to edit is really changing. I have about 10 containers running and this is able to manage the configuration for all of them.

Here's my configuration. nginx-proxy-manager-config I also use this to provide SSL connection back to the accounting system, so I have a little bit better assurance about security. This automates that process, too.

When working behind a reverse proxy, it can be challenging to get emails out, though. So if you're planning on using the emailling within LedgerSMB, it might be good to look for another solution. There is the ability to use either subdomain or custom location mapping within nginx proxy manager.

My usual workflow is... roll out container using portainer via docker-compose. Add to reverse proxy using NGINX proxy manager, apply SSL.

ehuelsmann commented 3 years ago

Hi @bruceschaller !

Thanks for chipping in and pointing to NGINX Proxy Manager! I've been looking for a container which is able to set up Let'sencrypt for a while and this definitely looks like a good option.

ehuelsmann commented 3 years ago

@jessicana, the password of the user created during company creation is only valid for a short time: only 24 hours. So where you were initially able to log in through http://example.com:5762/ledgersmb/, you might not be able to anymore. I'll have a look at the recordings later today (although I'm being distracted by a bug report that affects a large group of users, so that demands a lot of attention).

jessicana commented 3 years ago

Thanks! I will close the ticket for now, and I will post an update once resolved.