search

requarks / wiki

Wiki.js | A modern and powerful wiki app built on Node.js
https://js.wiki
GNU Affero General Public License v3.0
24.69k stars 2.73k forks source link

[Help] Working example of config.yml #696

Closed gkoerk closed 5 years ago

gkoerk commented 5 years ago

This is a help request.

Is it possible to get a working example of a config.yml file which matches/works with a given docker-compose.yml file? I'm trying to get this set up behind a reverse proxy (traefik) and can't figure out what is going wrong. The image is running, but I cannot access it. I suspect a problem with the host: and port: settings in the config.yml file. I know it needs to match the address used to access it, but I don't know how to configure my reverse proxy: I don't know which port to use in the reverse proxy because it is specified in the config.yml file and in the docker-compose.yml file. Please help!

winkelement commented 5 years ago

Part of my config.yml:

# ---------------------------------------------------------------------
# Full public path to the site, without the trailing slash
# ---------------------------------------------------------------------
# INCLUDE CLIENT PORT IF NOT 80/443!

host: http://mydomain.ddns.net:3003

# ---------------------------------------------------------------------
# Port the main server should listen to (80 by default)
# ---------------------------------------------------------------------
# To use process.env.PORT, comment the line below:

port: 3000

Part of my docker-compose.yml:

ports:
    - '3000:3000'

I use haproxy as a reverse proxy. It listens on port 3003 and redirects to port 3000 (the docker container):

frontend ssl_entry
    bind *:3003 ssl crt /usr/local/etc/certs/cert-combined.pem
    redirect scheme https code 301 if !{ ssl_fc }
    mode http
    acl node dst_port 3003
    use_backend node_server if node

backend node_server
    server servername wiki.local:3000 check
    acl authOk http_auth(users)
    http-request auth realm MyAuthRealm if !authOk

I hope this helps.

gkoerk commented 5 years ago

It does - I assume it's http:// because HAProxy terminates your SSL (like Traefik, which I run)? What if my proxy basically support all traffic coming in over ports 80/443 and routes them all over HTTPS/443. If the final address I want is "https://wiki.qnapunofficial.com" then does that assume I need to use port 80 in my config.yml (i.e. leave the port off the host entry and leave port entry as default - 80)? If so, then what does my mapping need to be in my config.json? I really appreciate the help! Been working on it on my own for a couple weeks before nearly giving up. Now the finish line is in site!

gkoerk commented 5 years ago

Sorry! Meant to ask this last question in context of what I wrote: What does my mapping need to look like in my docker-compose.yml?

FWIW, Traefik by default looks for port 80 as a backend port (can be changed but not sure what it should listen on for Wiki.js) and connects to backends via HTTP (handling the SSL termination itself) - but can be configured to proxy on HTTPS, and specified port, etc.

gkoerk commented 5 years ago

I think I have it figured out, but when I browse to the final site URL (as recorded in the config.json file), All I get is a long "waiting on hostname" spinner, and then ultimately a timeout. Specifically, a 504 gateway timeout error. Does that mean I've messed something up?

winkelement commented 5 years ago

I'm not really an expert here but my understanding is that if you are running your (reverse)proxy and wikijs on the same machine (as i am doing) you cannot have them listening on the same port. In my example i use port 3003 as the external port (haproxy listens on it) and 3000 as the internal (wikijs listens on it). I could use 80 and/or 443 for external also but in my setup i have another webserver listening on these ports. So if you are running traefik on the same machine as wikijs you should definitely change the container port in your docker-compose.yml to something different than the traefik frontend port(s) and adjust the traefik backend for wikijs accordingly. Also have you checked for the error logs for traefik and wikijs? Also i'm not sure if this applies to the provided docker container but if you choose a port <1024 in your config.yml (the port to connect nodejs to the docker environment) you might run into problems. https://docs.requarks.io/wiki/install/troubleshooting#wiki-js-wont-start So from my understanding the whole routing thingy is something like this:

bildschirmfoto 2018-11-13 um 15 00 58
NGPixel commented 5 years ago

You can specify a custom port for Traefik using docker labels.

gkoerk commented 5 years ago

You can specify a custom port for Traefik using docker labels.

Yes, this is how I specify all Traefik configuration for the route & port. But I'm not sure which port to point it at. Traefik is a bit confusing in that it determines the backend in part by the container its labelling and the port specified in the label. This is problematic, because it (by default) looks for the EXPOSED ports on a given container. Using the example above, Traefik may not be able to use port 3003, since it isn't a port in the relevant container.

gkoerk commented 5 years ago

Here is the error I am getting in wiki-stderr.log::

/logs # cat wiki-stderr.log
Unhandled rejection MongoError: not authorized on wiki to execute command { listIndexes: "sessions", cursor: {}, $db: "wiki" }
    at Function.MongoError.create (/var/wiki/node_modules/mongodb-core/lib/error.js:31:11)
    at queryCallback (/var/wiki/node_modules/mongodb-core/lib/cursor.js:212:36)
    at /var/wiki/node_modules/mongodb-core/lib/connection/pool.js:469:18
    at _combinedTickCallback (internal/process/next_tick.js:131:7)
    at process._tickCallback (internal/process/next_tick.js:180:9)
Unhandled rejection MongoError: not authorized on wiki to execute command { find: "users", filter: { email: "guest", provider: "local" }, projection: {}, limit: 1, singleBatch: true, batchSize: 1, $db: "wiki" }
    at Function.MongoError.create (/var/wiki/node_modules/mongodb-core/lib/error.js:31:11)
    at queryCallback (/var/wiki/node_modules/mongodb-core/lib/cursor.js:212:36)
    at /var/wiki/node_modules/mongodb-core/lib/connection/pool.js:469:18
    at _combinedTickCallback (internal/process/next_tick.js:131:7)
    at process._tickCallback (internal/process/next_tick.js:180:9)
Unhandled rejection MongoError: not authorized on wiki to execute command { find: "users", filter: { email: "guest", provider: "local" }, projection: {}, limit: 1, singleBatch: true, batchSize: 1, $db: "wiki" }
    at Function.MongoError.create (/var/wiki/node_modules/mongodb-core/lib/error.js:31:11)
    at queryCallback (/var/wiki/node_modules/mongodb-core/lib/cursor.js:212:36)
    at /var/wiki/node_modules/mongodb-core/lib/connection/pool.js:469:18
    at _combinedTickCallback (internal/process/next_tick.js:131:7)
    at process._tickCallback (internal/process/next_tick.js:180:9)
Unhandled rejection MongoError: not authorized on wiki to execute command { delete: "entries", ordered: true, $db: "wiki" }
    at Function.MongoError.create (/var/wiki/node_modules/mongodb-core/lib/error.js:31:11)
    at /var/wiki/node_modules/mongodb-core/lib/connection/pool.js:497:72
    at authenticateStragglers (/var/wiki/node_modules/mongodb-core/lib/connection/pool.js:443:16)
    at Connection.messageHandler (/var/wiki/node_modules/mongodb-core/lib/connection/pool.js:477:5)
    at Socket.<anonymous> (/var/wiki/node_modules/mongodb-core/lib/connection/connection.js:331:22)
    at emitOne (events.js:116:13)
    at Socket.emit (events.js:211:7)
    at addChunk (_stream_readable.js:263:12)
    at readableAddChunk (_stream_readable.js:250:11)
    at Socket.Readable.push (_stream_readable.js:208:10)
    at TCP.onread (net.js:597:20)
NGPixel commented 5 years ago

Seems like the mongodb user doesn't have the necessary permissions on the tables.

gkoerk commented 5 years ago

Wiping out mongo and letting it be rebuilt solved the error just above. And you also helped me resolve my reverse-proxy issue! Thanks so much!