search

tanmng / docker-chevereto-free

Dockerfiles for various release of Chevereto Free
38 stars 26 forks source link

Docker chevereto interact with Nginx proxy manager #33

Closed huangwb8 closed 2 years ago

huangwb8 commented 2 years ago

Hi, everyone!

I install docker-chevereto like:


---
version: '3'

services:
  db:
    image: mariadb
    volumes:
      - ./db:/var/lib/mysql:rw
    restart: always
    networks:
      - private
    environment:
      MYSQL_ROOT_PASSWORD: <password2>
      MYSQL_DATABASE: chevereto_hwb030
      MYSQL_USER: chevereto_hwb030
      MYSQL_PASSWORD: <password1>

  app:
    depends_on:
      - db
    image: nmtan/chevereto
    restart: always
    networks:
      - private
    environment:
      CHEVERETO_DB_HOST: db
      CHEVERETO_DB_NAME: chevereto_hwb030
      CHEVERETO_DB_USERNAME: chevereto_hwb030
      CHEVERETO_DB_PASSWORD: <password1>
    volumes:
      - ./app/images:/var/www/html/images:rw
      - ./app/content:/var/www/html/content:rw
    ports:
      - <che_port>:80

networks:
  private:
    name: chevereto

I can enter the dashboard via http://<local.ip>:<che_port> and do any settings about chevereto.

However, when I use Nginx proxy manager (NPM) to make a reverse proxy for chevereto, and it doesn't work.

Usually, NPM can be OK for reverse proxy of bitwarden, nextcloud. But I don't know how to deal with chevereto. By the way, the 443 port of my NPM outside is 4443, because I couldnot use 443 for some reasons.

I think it's something about Nginx setting, but I don't know how to set it.

Any suggetions?

tanmng commented 2 years ago

Hello,

I'm not very familiar with NPM, usually I use traefik for this purpose, so I had to look up the details from their website.

From what I understand, you configure NPM by using its management GUI. Is that correct?

Also, can you give some more details about your current set up? I guess here's what you have

Are those assumptions correct?

If so, my guess is you will need to do the following

networks:
  chevereto:
    external: true

If all of that work, please consider remove the ports section in your docker-compose.yaml file for Chevereto, since you now no longer need to expose the service by using port mapping.

Let me know if this helped, and please feel free to include any screenshots/code snippets that you think might be useful for the debugging effort.

huangwb8 commented 2 years ago

@tanmng Extremly high-quality and amazing response! I will try immediately. Just keep this issue open. By the way, I'vs never heard about traefik, and it seems to be a great app with docker version. Thank you very much!

huangwb8 commented 2 years ago

@tanmng I was build the chevereto service in /nas/chevereto/ fold.

Here is the docker-compose.yml :

---
version: '3'

services:
  db:
    image: mariadb
    volumes:
      - ./db:/var/lib/mysql:rw
    restart: always
    networks:
      - default
    environment:
      MYSQL_ROOT_PASSWORD: <password2>
      MYSQL_DATABASE: chevereto_hwb030
      MYSQL_USER: chevereto_hwb030
      MYSQL_PASSWORD: <password1>

  app:
    depends_on:
      - db
    image: nmtan/chevereto
    restart: always
    networks:
      - default
    environment:
      CHEVERETO_DB_HOST: db
      CHEVERETO_DB_NAME: chevereto_hwb030
      CHEVERETO_DB_USERNAME: chevereto_hwb030
      CHEVERETO_DB_PASSWORD: <password1>
    volumes:
      - ./app/images:/var/www/html/images:rw
      - ./app/content:/var/www/html/content:rw

  npm:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '6542:81'
      - '6541:443'
      - '6543:80'
    volumes:
      - ./npm/data:/data
      - ./npm/letsencrypt:/etc/letsencrypt
    depends_on:
      - app
    networks:
      - default

networks:
  default:
    name: chevereto

After running this, the NPM, cheverete, and mysql-db had been in the same local network. Just like:

image

Here is the settings in NPM(http://:6542):

image

When I visit https://domain.com:6541, it return 502 Bad Gateway openresty error.

Any suggestions?

Or you can just give a solution about traefik, because I just want it to work, no matter what apps I use. Thanks!

huangwb8 commented 2 years ago

In my experience, using a port of non-443 for https setting of docker-app is sometime annoying. I've also meet similar situation when I install docker-wordpress. Maybe just to focus on the nginx settings specific for the non-443 port. In addition, are there any default setting of docker-chevereto, lock site URL or someting? Because if you can use 443, the URL do not need to use :443 at the end of the https URL.

tanmng commented 2 years ago

Hello again,

A quick fix:

In this config, you should put app under "Forward Hostname / IP"

image

I tried it and this seems to work.

However, please note that in your docker-compose.yaml file, you have this

...
    volumes:
      - ./app/images:/var/www/html/images:rw
      - ./app/content:/var/www/html/content:rw
...

That means the directory /nas/chevereto/app/images will be created and mounted into the Chevereto container under root user. Chevereto will display an error message, stating that it couldn't access the directory. In such case, please fix the permission issue by executing following 2 commands

chown 33:33 nas/chevereto/app/images
chown 33:33 nas/chevereto/app/content

Answers to some of your questions

When I visit https://domain.com:6541/, it return 502 Bad Gateway openresty error.

HTTP 502 is a common issue with misconfigured reverse proxy. Essentially if the reverse proxy cannot communicate with backend server it will return either 502 of 503. In your case, because you gave NPM the wrong hostname chevereto-app instead of chevereto, NPM couldn't resolve the name to forward the request -> 502error.

openresty is a project that combine Nginx with Lua scripting (so that you can manage it via GUI and use it as reverse proxy). Seeing that message should be a clear indication that it was some misconfigurations in NPM that caused the error.

In my experience, using a port of non-443 for https setting of docker-app is sometime annoying. I've also meet similar situation when I install docker-wordpress. Maybe just to focus on the nginx settings specific for the non-443 port. In addition, are there any default setting of docker-chevereto, lock site URL or someting? Because if you can use 443, the URL do not need to use :443 at the end of the https URL.

I'm not sure if I understand your statement 100%, but from what i see, I think you misunderstood the concept of reverse proxy + application ports. You don't have to use non-443 port for HTTPS.

The idea that for a server, you only need 1 reverse proxy (Nginx Proxy Manager in your case), and it should be listening on port 443 + 80. Everything else is launched inside of your server as Docker container, and Nginx will route the request to them. So in theory, you can have Chevereto, NextCloud, HomeAssistant, etc. all running inside your machine (without exposing their ports), and configure NPM to forward traffics to them based on appropriate hostname (a similar concept is Virtual Host in Apache httpd).

Because of that, the port (and even protocol) that the service listen on doesn't really matter, what matter is that

Doing so, not only will you be able to serve multiple services using HTTPS on port 443 at the same time, the bulk of the TLS-related work (encryption/decryption, hostname verification, key negotiations, etc.) are offloaded to the proxy instead of the backend a pp.

Or you can just give a solution about traefik, because I just want it to work, no matter what apps I use. Thanks!

Yes, I'll add an example that use Traefik. However it will be a bit advanced and will requires more explanations. I'll use the README to introduce that.

huangwb8 commented 2 years ago

@tanmng Soory, I'm late!Actually I still test the code. In VPM with 443, it could be very easy. However, in my family NAS without 443 port, everything is different. I don't know why. Just keep this issue open. I will be back sooner or later.

By the way, changing the name from chevereto-app to chevereto or app seemed to not work in my NAS.

huangwb8 commented 2 years ago

@tanmng In the log of chevereto, I saw this :

...
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.64.3. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.64.3. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 17 00:17:44.221680 2022] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
[Sun Apr 17 00:17:44.222625 2022] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

I think that's why I could use local host to visit chevereto but not a https address. The domain name is not reliable for some reasons.

Hope this message could help for debug.

Thx!

tanmng commented 2 years ago

I think that's why I could use local host to visit chevereto but not a https address. The domain name is not reliable for some reasons.

No that's not the cause. Every Apache's based Docker container will print out that message when it starts.

In theory simply changing "Forward Hostname / IP" to be app will be more than enough.

Can you include some screenshot of your current list of containers + your configuration of NPM, because as I mentioned, I tried out the configuration on my end and everything worked

huangwb8 commented 2 years ago

@tanmng Sorry for later reply!

Anyway, I decided to move chevereto to a VPS. I don't know why NPM+docker-chevereto didn't work in my NAS. In my severeal VPS, NPM+docker-chevereto works very well without special settings.

PS:

  1. I want to talk about the difference between 1.6+ and 1.4+ version of chevereto. I don't know why not the latest chevereto support other languages, such as simplified Chinese.
  2. I try to tranfer chevereto between VPSs. I just copy the all the same thing to a new VPS, re-pull and re-install chevereto. However, my user information could not be used normally. Here is my chevereto folder structure: 
    ├── app
│   ├── content
│   ├── images
│   ├── php.ini
│   └── routes
├── db
│   ├── aria_log.00000001
│   ├── aria_log_control
│   ├── chevereto
│   ├── ddl_recovery.log
│   ├── ib_buffer_pool
│   ├── ibdata1
│   ├── ib_logfile0
│   ├── ibtmp1
│   ├── img.dump
│   ├── multi-master.info
│   ├── mysql
│   ├── mysql_upgrade_info
│   ├── performance_schema
│   └── sys
└── docker-compose.yml

    my docker-compose is like: 

    
---
version: '3'

services: db: image: mariadb volumes:

networks: default: name: chevereto



Finally, I found it's because I use v1.4.1 of chevereto in the old VPS, while the latest version 1.6+ was installed in the new VPS. I use `image: nmtan/chevereto:1.4.1` instead of `image: nmtan/chevereto`, and it works. 

Seem there are some incompatiblity between new and old version of chevereto.

By the way,  it's important for `www-data` to hold the `app` foler.

Thanks for your help! You're very nice! @tanmng
huangwb8 commented 2 years ago

For users that can read Chinese, I think this might be helpful. Anyway, I had showed how to install and use chevereto in my private blog.

我在个人博客中介绍了如何安装docker chevereto,并且说明如何在markdown中使用chevereto,包括PicGo的相关设置、个性化album等。

如果想进一步了解的话,可以访问:

希望可以帮助到小伙伴们少踩点坑。

另外,再次感谢tanmng大佬的解答了!