standardnotes / forum

Support from other community members. For 1-on-1 help, please contact help@standardnotes.com.
https://forum.standardnotes.org
199 stars 8 forks source link

FileSafe-relay not working on Synology NAS #1083

Closed BobWs closed 4 years ago

BobWs commented 4 years ago

Hi, Would you please share a step-by-step how you configure your Synology NAS to work with FileSafe-Relay?

I keep getting a error that the file couldn't be uploaded.

Now everything works for me. Thanks for helping me solve my problems. BTW where can I find out about ROADMAP for 2019?

Originally posted by @konklon in https://github.com/standardnotes/forum/issues/407#issuecomment-451674276

JaspalSuri commented 4 years ago

I'm not sure if we can provide a guide yet on how to set it up, but maybe we can help by resolving some issues that coincidentally make things work in your case. Can you give us some more details about your current set up and provide any logs that have been outputted?

BobWs commented 4 years ago

I'm not sure if we can provide a guide yet on how to set it up, but maybe we can help by resolving some issues that coincidentally make things work in your case. Can you give us some more details about your current set up and provide any logs that have been outputted?

Hi, Thanks for replying.

This is how I setup the relay server on Docker Synology

docker pull standardnotes/filesafe-relay:stable
docker run -d \
 -p 3004:3000 \
 --name standardnotes-filesafe-relay\
 --hostname='standardnotes-filesafe-relay' \
 -e TZ='My/Timezone'\
 -v /etc/localtime:/etc/localtime:ro \
 -v /etc/TZ:/etc/timezone:ro \
 -e SECRET_KEY_BASE='use "secret-key"'\
 -e HOST='http://192.168.178.115:3004'\
 -e RAILS_ENV='production'\
 -e RAILS_LOG_TO_STDOUT='false'\
 -e DATADOG_ENABLED='false'\
 --restart='always' standardnotes/filesafe-relay:stable

When trying to login to a webdav-server I see this when I enter this in my browser http://192.168.178.115:3004

screen_1

Screen_2

Screen_3

Screen_4

After this when trying to upload a file/picture I get an error that the file couldn't be uploaded. I can't find anything in the log file

moughxyz commented 4 years ago

Who is the WebDAV host in this case? What is the endpoint you are using when configuring it? And is SN running locally on the same machine as the relay server (it would have to with your configuration)?

BobWs commented 4 years ago

Who is the WebDAV host in this case? What is the endpoint you are using when configuring it? And is SN running locally on the same machine as the relay server (it would have to with your configuration)?

Thanks for your reply. I just figured it out. Everything is working now! I have manage to connect and upload to my pCloud account via FileSafe-Relay/Webdav and uploaded a test file.

moughxyz commented 4 years ago

What was the issue :)

BobWs commented 4 years ago

What was the issue :)

Well I guess the problem was that the link wasn't going outside my NAS. The moment I used my reverse proxy for the FileSafe intergration link (e.g. https://relay.mydomain.com) it started to work and I could upload to pCloud through Webdav.

Thanks again for reaching out!

BobWs commented 4 years ago

This is how I setup a working Relay-server on Docker Synology

docker pull standardnotes/filesafe-relay:stable
docker run -d \
 -p 3004:3000 \
 --name standardnotes-filesafe-relay\
 --hostname='standardnotes-filesafe-relay' \
 -e TZ='My/Timezone'\
 -v /etc/localtime:/etc/localtime:ro \
 -v /etc/TZ:/etc/timezone:ro \
 -e SECRET_KEY_BASE='use "secret-key"'\
 -e HOST='https://relay.mydomain.com'\
 -e RAILS_ENV='production'\
 -e RAILS_LOG_TO_STDOUT='false'\
 -e DATADOG_ENABLED='false'\
 --restart='always' standardnotes/filesafe-relay:stable

Screen_5

This setup is working with pCloud Webdav.

I only noticed just now this in the logs HTTP Origin header (http://127.0.0.1:45653) didn't match request.base_url (https://relay.mydomain.com)

Do you know what it mean? Or how to fix it?

BobWs commented 4 years ago

Fixed it!

Screen 6 Need to add this to the Reverse Proxy "X-Frame-Options" => "SAMEORIGIN"

BobWs commented 4 years ago

I'm sorry guess I spoke to soon, I'm still seeing these HTTP Origin header (http://127.0.0.1:45653) didn't match request.base_url (https://relay.mydomain.com) messages in the log file.

Any thoughts on how to solve it?

BobWs commented 4 years ago

So now I’m also getting this message in the logs. Any idea how to solve this?

HTTP Origin header (https://snotesextenions.netlify.app) didn't match request.base_url (https://relay.mydomain.com) | stdout

karolsojko commented 4 years ago

You might want to adjust your nginx config for that: https://github.com/rails/rails/issues/22965

BobWs commented 4 years ago

I have adjusted the headers but I still get the error message in the logs: HTTP Origin header (https://snotesextenions.netlify.app) didn't match request.base_url (https://relay.mydomain.com) | stdout

FBB1BBA2-8F4A-41D9-8D8C-C2D796783C36

Anything I’m doing wrong?

moughxyz commented 4 years ago

Not sure but I'd say double check the value for Access-Control-Allow-Headers. Maybe try a wildcard there.

BobWs commented 4 years ago

Not sure but I'd say double check the value for Access-Control-Allow-Headers. Maybe try a wildcard there.

Tried a wildcard but didn’t help, still have the same error message

jrruethe commented 4 years ago

Hello, I am also trying to self-host the filesafe-relay and connect it to a webdav server (Nextcloud). It sounds like @BobWs has things working better than I do so far. Here is where I am at:

I have my Nextcloud running at "cloud.jrruethe.info" (This is internal to my network only). I have verified that I can connect to it properly by following the instructions here, so I know that I have both the path and credentials correct:

image

Next, I have the various Standard Notes pieces running in Docker containers (in Kubernetes). I am using all the official images here, along with the self-hosted extensions here. This all works well without issues.

The problem comes when I try to use the web client to hook up my Nextcloud webdav server into the Bold Editor via the filesafe-relay. First, I click "Add New" next to Integrations. This pops open the official link (here) which I just close out of, and instead open up my self-hosted filesafe-relay (at the address notes-filesafe.jrruethe.info).

This gives me the following. There seems to be no CSS, but other than that it generates invitation links: image The CSS errors in the network monitor: image

Pasting this invite code into the box works, and lets me add the integration. However, attempting to upload something fails. (The message on the UI is "Error Uploading File", but it disappears before I was able to get a screenshot): image

The network monitor shows the following: image It looks like there is a "null" in the url: /extensions/bold-editor/1.1.0/dist/filesafe-js/null/integrations/save-item I'm not very good at Javascript so I'm stuck debugging this. I wonder if I am missing an environment variable? My Kubernetes manifest has the following environment variables set:

      containers:
      - name: notes-filesafe
        image: "standardnotes/filesafe-relay:f1692e0cbeea39f5716737db2a084bd529dc6478"
        imagePullPolicy: IfNotPresent
        env:
        - name: RAILS_ENV
          value: production
        - name: HOST
          value: "https://notes-filesafe.jrruethe.info"
        - name: RAILS_LOG_TO_STDOUT
          value: "false"
        - name: SECRET_KEY_BASE
          value: censored

@BobWs (or anyone else), how were you able to get your filesafe-relay working? Which step am I missing? Thanks in advance for any help or tips!

The next thing I will try is building my own Docker image, instead of using the one from the hub.

moughxyz commented 4 years ago

/extensions/bold-editor/1.1.0/dist/filesafe-js/null/integrations/save-item

This URL is incorrect. It looks like it's combining a local file path with a remote URL. Can you base64 decode your integration code, and make sure the URL embedded within is an absolute URL (should include https://)

jrruethe commented 4 years ago

Ok, I'm making progress. I thought I had the HOST environment variable set, however it was actually not set, so that was causing the null. (The https:// is important! I also had that left off, and it caused different issues).

After fixing that, I managed to get further. Its still failing, but I can see the following in my Nextcloud logs when I attempt to do a file upload, so I think that the relay is doing its part. I just need to figure out what I am missing:

10.42.0.219 - jrruethe [22/Sep/2020:14:54:14 +0000] "PUT /remote.php/dav/files/filesafe/3581bfed-729b-44d7-b4cf-1e0906122efc.sf.json HTTP/1.1" 404 1527 "-" "Ruby"

That folder exists, as far as I can tell. Anyway, thanks for your help, I'll report back if I can get this bit working in case someone else stumbles upon issues like mine.

jrruethe commented 4 years ago

Yahoo! It works!

For anyone trying to get the self-hosted filesafe-relay working with Nextcloud, here was the trick:

moughxyz commented 4 years ago

Awesome, glad you got it working!

BobWs commented 4 years ago

So I guess there is a routing problem with my self-host FileSafe Relay

I still keep getting these message in my logs. HTTP Origin header (https://snotesextenions.netlify.app) didn't match request.base_url (https://relay.mydomain.com) | stdout

After further digging around and after an update of Standardnotes-web I have noticed that you now can preview the uploaded files.

preview

When I press on preview the file is being download from my Webdav server and I'm being routed to my browser and I get an error the the file cannot be opened. This is because the redirected link doesn't match to my FileSafe-relay.

Screen_Shot As you can see the link above is the link to my standardnotes extensions.

HTTP Origin header (https://snotesextenions.netlify.app) didn't match request.base_url (https://relay.mydomain.com) | stdout https://snotesextenions.netlify.app is my extensions link https://relay.mydomain.com is my filesafe relay link

I guess that is why I keep getting these error messages. But now the question is how do I fix this?

BobWs commented 4 years ago

Yahoo! It works!

For anyone trying to get the self-hosted filesafe-relay working with Nextcloud, here was the trick:

* Make sure your `HOST` variable is set correctly to a DNS name that can be reached from your browser (ie: not an internal-to-docker ip:port) and make sure it has the `https://` on the front

* Make sure the `filesafe` folder exists on your Nextcloud

* Set up the integration like this:
  ![image](https://user-images.githubusercontent.com/4493273/93906385-bdb70f80-fcc1-11ea-861f-bf22cc0a5cef.png)
  Note that I had to prepend my username to the folder, and that it is NOT an absolute path.
  After this, things work great!

@jrruethe Can you explain what you mean by Host "Make sure your HOST variable is set correctly to a DNS name..." Is this the URL of your webdav or the URL of the filesafe-relay server?

jrruethe commented 4 years ago

When I launch the filesafe-relay docker image, I set the "HOST" environment variable to the URL of the filesafe-relay server. I'm using Kubernetes, but the equivalent Docker run command would be something like:

docker run --rm -e HOST=https://notes-filesafe.example.com -p 3000:3000 standardnotes/filesafe-relay:4d2aff5cf7be34f9a27a515186d99bb20fe9a61b

(There are other env vars needed as well, like the secret_key_base, etc).

From what I can tell, this variable is used to populate the authorization token with details so that the web client knows where to find the filesafe-relay server.

BobWs commented 4 years ago

When I launch the filesafe-relay docker image, I set the "HOST" environment variable to the URL of the filesafe-relay server. I'm using Kubernetes, but the equivalent Docker run command would be something like:

docker run --rm -e HOST=https://notes-filesafe.example.com -p 3000:3000 standardnotes/filesafe-relay:4d2aff5cf7be34f9a27a515186d99bb20fe9a61b

(There are other env vars needed as well, like the secret_key_base, etc).

From what I can tell, this variable is used to populate the authorization token with details so that the web client knows where to find the filesafe-relay server.

Okay thanks for sharing, that is the same way I had set my filesafe-reay docker config. So I guess the error message I'm receiving isn't related to that.