Open vitSkalicky opened 1 year ago
@vitSkalicky I think there is just a slight misconfiguration.
The port of OCIS_URL
and PROXY_HTTP_ADDR
should be the same. So changing PROXY_HTTP_ADDR=0.0.0.0:9200
to PROXY_HTTP_ADDR=0.0.0.0:4321
in your above example should make ocis accessible on port 4321
.
@kobergj You might have misunderstood the configuration. If I do that, ocis tries to listen on port 4321, but there is already NGINX listening on this port proxying requests to port 9200. Also, if I set OCIS_URL=https://ocistest.example.com
(and ports in NGINX setting from 4321 to 443), everything does work. Unfortunately I don't have port 443 available on my machine. (testing this on a VPS)
Is anyone can fix this bug?
almost - I managed to track down the issue to be in Nginx reverse proxy configuration - some HTTP headers are missing the non-default port. The error is therefore in the docs.
Describe the bug
When using a non-default port for oCIS, instead of login page, an error page appears: "Failed to connect to server Unexpected HTTP response: 400. Please check your connection and try again.".
Steps to reproduce
Install oCIS according to the guide at https://doc.owncloud.com/ocis/next/depl-examples/small-scale.html with port set to for example 4321.
Exact steps on fresh Debian 10 server (commands pasted one at time into the terminal):
```bash sudo wget -O /usr/local/bin/ocis https://download.owncloud.com/ocis/ocis/stable/2.0.0/ocis-2.0.0-linux-amd64 sudo chmod +x /usr/local/bin/ocis sudo useradd --system --no-create-home --shell=/sbin/nologin ocis sudo mkdir -p /var/lib/ocis sudo chown ocis:ocis /var/lib/ocis sudo mkdir -p /etc/ocis sudo touch /etc/ocis/ocis.env sudo chown -R ocis:ocis /etc/ocis sudo echo "OCIS_URL=https://ocistest.example.com:4321 PROXY_HTTP_ADDR=0.0.0.0:9200 PROXY_TLS=false OCIS_INSECURE=false OCIS_LOG_LEVEL=warn OCIS_CONFIG_DIR=/etc/ocis OCIS_BASE_DATA_PATH=/var/lib/ocis " | sudo tee /etc/ocis/ocis.env > /dev/null yes | sudo -u ocis ocis init --config-path /etc/ocis echo ' [Unit] Description=OCIS server [Service] Type=simple User=ocis Group=ocis EnvironmentFile=/etc/ocis/ocis.env ExecStart=/usr/local/bin/ocis server Restart=always [Install] WantedBy=multi-user.target ' | sudo tee /etc/systemd/system/ocis.service > /dev/null sudo systemctl daemon-reload sudo systemctl enable --now ocis apt update && \ apt upgrade -y && \ apt install nginx certbot python3-certbot-nginx -y echo ' server { listen 80 ; listen [::]:80 ; server_name ocis.example.com; } ' | sudo tee /etc/nginx/sites-available/ocis > /dev/null sudo ln -s /etc/nginx/sites-available/ocis /etc/nginx/sites-enabled/ocis sudo systemctl reload nginx sudo certbot --nginx --test-cert -d ocistest.example.com --register-unsafely-without-email --agree-tos -n echo ' server { listen 80 ; listen [::]:80 ; server_name ocistest.example.com; # location to redirect to https location / { # add port if deviates via OCIS_URL return 302 https://$server_name:4321$request_uri; } } server { # default 443 but can deviate if set in OCIS_URL listen 4321 ssl http2; listen [::]:4321 ssl http2; server_name ocistest.example.com; # certificates managed by Certbot ssl_certificate /etc/letsencrypt/live/ocistest.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ocistest.example.com/privkey.pem; # options and dhparams managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { proxy_pass http://localhost:9200; proxy_set_header Host $host; client_max_body_size 0; } } ' | sudo tee /etc/nginx/sites-available/ocis > /dev/null sudo systemctl reload nginx ```Then open
https://ocistest.example.com:4321
and you get this:When inspecting requests, everything is 200 OK except for
https://ocistest.example.com:4321/signin/v1/identifier/_/hello
which is 400 Bad Request.oCIS service log:
note: The domain actually used obviously wasn't example.com