metasfresh / metasfresh-docker

GNU General Public License v2.0
37 stars 40 forks source link

White page solution / Weiße Seite Lösung (reverse proxy nginx caddy) #61

Open sutidor opened 4 years ago

sutidor commented 4 years ago

Is this a bug or feature request?

Bug

What is the current behavior?

When using a (nginx) reverse proxy and passing WEBAPI_URL=https://metasfresh.domain.tld through docker-compose.yml, start_webui.sh replaces https to http and thus provokes a mixed content issue.

File in question: https://github.com/metasfresh/metasfresh-docker/blob/master/docker-src/webui/sources/start_webui.sh

after else, line sed -i 's/\https\b/http/g' /opt/metasfresh-webui-frontend/dist/config.js

#!/bin/bash

if [[ ! -z $WEBAPI_URL ]]; then
    sed -i 's,http\:\/\/MYDOCKERHOST\:PORT,'$WEBAPI_URL',g' /opt/metasfresh-webui-frontend/dist/config.js
fi

if [[ -f "/etc/apache2/certs/fullchain.pem" ]] && [[ -f "/etc/apache2/certs/privkey.pem" ]]; then
        sed -i 's/\bhttp\b/https/g' /opt/metasfresh-webui-frontend/dist/config.js
        a2ensite metasfresh_webui_ssl.conf
        echo "[METASFRESH] Activated SSL!"
else
        sed -i 's/\https\b/http/g' /opt/metasfresh-webui-frontend/dist/config.js
        a2ensite metasfresh_webui.conf
        a2dissite metasfresh_webui_ssl.conf
        echo "[METASFRESH] Runnning Non-SSL!"
fi

Which are the steps to reproduce?

Run metasfresh docker using the example docker-compose file without certificates and then reverse proxy it.

What is the expected or desired behavior?

Assume that the input in WEBAPI_URL is correct including the protocol and write it as is into the config.js file. Alternative: Provide an option for reverse proxy.

Hotfix

bash into your container docker exec -it metasfresh_docker_webui_1 /bin/bash install editor nano, vi.. apt-get install nano edit files nano start_webui.sh comment out the line like so #sed -i 's/\https\b/http/g' /opt/metasfresh-webui-frontend/dist/config.js or remove it ctrl / strg+x, y to exit nano nano /opt/metasfresh-webui-frontend/dist/config.js replace http with https again

        API_URL: 'https://metasfresh.domain.tld/rest/api',
        WS_URL: 'https://metasfresh.domain.tld/stomp'

(you can also add the ports if you have a different one like https://metasfresh.domain.tld:8443) ctrl / strg+x, y to exit nano you dont need to restart anything, because the config is read as the site is accessed. Changing the start script start_webui.sh makes sure it stays that way even after restarting.

Hotfix 2

I created a start_webui.sh in the sources folder path/metasfresh-docker/webui/sources/ with the line #sed -i 's/\https\b/http/g' /opt/metasfresh-webui-frontend/dist/config.js and changed the Dockerfile in path/metasfresh-docker/webui/ as follows:

after COPY sources/configs/config.js /opt/metasfresh-webui-frontend/dist/

add 2 lines:

COPY sources/start_webui.sh /
RUN ["chmod", "+x", "start_webui.sh"]
csaeum commented 3 years ago

This HotFix helped me and now Metasfresh is working in Docker with Traefik as a proxy. Please integrate quickly!

unl1m173d commented 3 years ago

Thanks! I tried this but the blank page still persists with 503 errors. Any ideas?

image

sutidor commented 3 years ago

503 means service unavailable. Check "docker ps" whether all containers are up and running, especially the API one. Secondly you might wanna check the docker-compose.yml for correct config.

In the meantime I stopped using this project and started using another one (hint: name has 4 letters, 3 of which are an o) You might wanna check that out it's much easier to set up and use

unl1m173d commented 3 years ago

Haha thanks @sutidor, I actually probed around that one with the three o's ;) and decided to give metasfresh a spin because it doesn't come with accounting features in the community edition. It does seem like metasfresh is harder to set up and not as intuitive.

l4b4r4b4b4 commented 3 years ago

@csaeum Would you be able to share your code to get metasfresh running behind traefik? I tried this hotfix with Traefik 2.4 but unfortunately I still don't get it running with SSL. When connecting on SSL Port I get an 400 Bad Request Error in the Browser, saying:

You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

Meine docker-compose.yml

version: "2"

services:
  webui:
    build: webui
    environment:
      - WEBAPI_URL=https://erp.my-domain.de/
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.webui.rule=Host(`erp.${DOMAIN}`)"
      - "traefik.http.routers.webui.entrypoints=websecure"
      - "traefik.http.routers.webui.tls=true"
      - "traefik.http.routers.webui.service=webui"
      - "traefik.http.routers.webui.tls.certresolver=lets-encrypt"
      - "traefik.http.services.webui.loadbalancer.server.port=443"
    networks:
      web:
        aliases:
          - erp.my-domain.de
      erp-network:
        aliases:
          - webui

  webapi:
    build: webapi
    ports:
      - "8080:8080"
    restart: always
    volumes:
      - ./volumes/webapi/log:/opt/metasfresh-webui-api/log:rw
      - ./volumes/webapi/heapdump:/opt/metasfresh-webui-api/heapdump:rw
      - /etc/localtime:/etc/localtime:ro
    networks:
      erp-network:
        aliases:
          - webapi

  app:
    build: app
    restart: always
    volumes:
      - ./volumes/app/log:/opt/metasfresh/log:rw
      - ./volumes/app/heapdump:/opt/metasfresh/heapdump:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      - METASFRESH_HOME=/opt/metasfresh
    networks:
      erp-network:
        aliases:
          - app

  rabbitmq:
    build: rabbitmq
    expose:
      - "5672"
    restart: always
    volumes:
      - ./volumes/rabbitmq/log:/var/log/rabbitmq/log
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      RABBITMQ_DEFAULT_USER: "metasfresh"
      RABBITMQ_DEFAULT_PASS: "metasfresh"
      RABBITMQ_DEFAULT_VHOST: "/"
    networks:
      erp-network:
        aliases:
          - rabbitmq

  search:
    build: search
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    volumes:
      - ./volumes/search/data:/usr/share/elasticsearch/data
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - "ES_JAVA_OPTS=-Xms128M -Xmx256m"
    restart: always
    networks:
      erp-network:
        aliases:
          - search

  db:
    build: db
    ports:
      - "5432:5432"
    restart: always
    volumes:
      - ./volumes/db/data:/var/lib/postgresql/data
      - ./volumes/db/log:/var/log/postgresql
      - /etc/localtime:/etc/localtime:ro
    environment:
      - METASFRESH_USERNAME=metasfresh
      - METASFRESH_PASSWORD=metasfresh
      - METASFRESH_DBNAME=metasfresh
      - DB_SYSPASS=System
    networks:
      erp-network:
        aliases:
          - db

networks:
  web:
    external: true
  erp-network:
    driver: bridge
zarthcode commented 3 years ago

Evaluating ERP software, with docker install as a requirement, and ran headlong into this while trying to reverse proxy w/traefik for mTLS. I'm a bit surprised that this isn't fixed (along with using docker secrets).

@l4b4r4b4b4 Use "traefik.http.services.webui.loadbalancer.server.port=80"

Henry17888 commented 3 years ago

Thank you for the great ERP system. While I got a problem when I installed it. I installed this system without error step by step according to: https://docs.metasfresh.org/installation_collection/EN/How_do_I_setup_the_metasfresh_stack_using_Docker And I didn't change anything.

When I visit the local IP address: 192.168.79.151 on my browser, I got a blank page and some errors as blow. Could you please help to check the reason and advise how to config it. Thank you. image

Aldiwildan77 commented 2 years ago

@Henry17888 you should try to configure the webui config at /metasfresh-docker/webui/sources/configs/config.js don't forget to set your domain and port.

Henry17888 commented 2 years ago

@Aldiwildan77 thank you. here is the config.js content. while I don't know how to config it. please kindly help advise how to set it. thank you so much! const config = { API_URL: 'http://192.168.79.151/rest/api', WS_URL: 'http://192.168.79.151/stomp' }

l4b4r4b4b4 commented 2 years ago

@Aldiwildan77 thank you. here is the config.js content. while I don't know how to config it. please kindly help advise how to set it. thank you so much! const config = { API_URL: 'http://192.168.79.151/rest/api', WS_URL: 'http://192.168.79.151/stomp' }

Well it should match the containers hostname. So my guess would be that in your setting you have to make sure, the IP in config.js matches the IP of your containers. Since docker assigns random available IP addresses to containers in the (virtual) docker networks they participate in. So you would have to set IPAM configuration for the respective containers as describted here.

Or as you can see here:

version: '3'
services:
    app1:
        image: 'nginx:1.20.0-alpine'
        ports:
            - '8181:80'
        networks:
            appnet:
                ipv4_address: 172.24.2.1
    app2:
        image: 'nginx:1.20.0-alpine'
        ports:
            - '8282:80'
        networks:
            appnet:
                ipv4_address: 172.24.2.2
networks:
    appnet:
        driver: bridge
        ipam:
            driver: default
            config:
                - subnet: "172.24.2.0/16"

Though in the end I though, that the Dockerfile assigns the right address in the context of a local installation... But to be honest mostly I just ramp metasfresh up on a dev server directly with a dev domain and not on a local machine.