Closed huangwb8 closed 2 years ago
Hello,
I'm not very familiar with NPM, usually I use traefik for this purpose, so I had to look up the details from their website.
From what I understand, you configure NPM by using its management GUI. Is that correct?
Also, can you give some more details about your current set up? I guess here's what you have
docker-compose
.docker-compose.yaml
file.Are those assumptions correct?
If so, my guess is you will need to do the following
docker-compose.yaml
file:networks:
chevereto:
external: true
NPM
on chevereto
network80
(this you already know).If all of that work, please consider remove the ports
section in your docker-compose.yaml
file for Chevereto, since you now no longer need to expose the service by using port mapping.
Let me know if this helped, and please feel free to include any screenshots/code snippets that you think might be useful for the debugging effort.
@tanmng Extremly high-quality and amazing response! I will try immediately. Just keep this issue open. By the way, I'vs never heard about traefik
, and it seems to be a great app with docker version. Thank you very much!
@tanmng
I was build the chevereto service in /nas/chevereto/
fold.
Here is the docker-compose.yml
:
---
version: '3'
services:
db:
image: mariadb
volumes:
- ./db:/var/lib/mysql:rw
restart: always
networks:
- default
environment:
MYSQL_ROOT_PASSWORD: <password2>
MYSQL_DATABASE: chevereto_hwb030
MYSQL_USER: chevereto_hwb030
MYSQL_PASSWORD: <password1>
app:
depends_on:
- db
image: nmtan/chevereto
restart: always
networks:
- default
environment:
CHEVERETO_DB_HOST: db
CHEVERETO_DB_NAME: chevereto_hwb030
CHEVERETO_DB_USERNAME: chevereto_hwb030
CHEVERETO_DB_PASSWORD: <password1>
volumes:
- ./app/images:/var/www/html/images:rw
- ./app/content:/var/www/html/content:rw
npm:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '6542:81'
- '6541:443'
- '6543:80'
volumes:
- ./npm/data:/data
- ./npm/letsencrypt:/etc/letsencrypt
depends_on:
- app
networks:
- default
networks:
default:
name: chevereto
After running this, the NPM, cheverete, and mysql-db had been in the same local network. Just like:
Here is the settings in NPM(http://
When I visit https://domain.com:6541, it return 502 Bad Gateway openresty
error.
Any suggestions?
Or you can just give a solution about traefik, because I just want it to work, no matter what apps I use. Thanks!
In my experience, using a port of non-443 for https setting of docker-app is sometime annoying. I've also meet similar situation when I install docker-wordpress. Maybe just to focus on the nginx settings specific for the non-443 port. In addition, are there any default setting of docker-chevereto, lock site URL or someting? Because if you can use 443, the URL do not need to use :443
at the end of the https URL.
Hello again,
In this config, you should put app
under "Forward Hostname / IP"
I tried it and this seems to work.
However, please note that in your docker-compose.yaml
file, you have this
...
volumes:
- ./app/images:/var/www/html/images:rw
- ./app/content:/var/www/html/content:rw
...
That means the directory /nas/chevereto/app/images
will be created and mounted into the Chevereto container under root
user. Chevereto will display an error message, stating that it couldn't access the directory. In such case, please fix the permission issue by executing following 2 commands
chown 33:33 nas/chevereto/app/images
chown 33:33 nas/chevereto/app/content
When I visit https://domain.com:6541/, it return 502 Bad Gateway openresty error.
HTTP 502
is a common issue with misconfigured reverse proxy. Essentially if the reverse proxy cannot communicate with backend server it will return either 502
of 503
. In your case, because you gave NPM the wrong hostname chevereto-app
instead of chevereto
, NPM couldn't resolve the name to forward the request -> 502
error.
openresty
is a project that combine Nginx with Lua scripting (so that you can manage it via GUI and use it as reverse proxy). Seeing that message should be a clear indication that it was some misconfigurations in NPM that caused the error.
In my experience, using a port of non-443 for https setting of docker-app is sometime annoying. I've also meet similar situation when I install docker-wordpress. Maybe just to focus on the nginx settings specific for the non-443 port. In addition, are there any default setting of docker-chevereto, lock site URL or someting? Because if you can use 443, the URL do not need to use :443 at the end of the https URL.
I'm not sure if I understand your statement 100%, but from what i see, I think you misunderstood the concept of reverse proxy + application ports. You don't have to use non-443 port for HTTPS.
The idea that for a server, you only need 1 reverse proxy (Nginx Proxy Manager in your case), and it should be listening on port 443 + 80. Everything else is launched inside of your server as Docker container, and Nginx will route the request to them. So in theory, you can have Chevereto, NextCloud, HomeAssistant, etc. all running inside your machine (without exposing their ports), and configure NPM to forward traffics to them based on appropriate hostname (a similar concept is Virtual Host in Apache httpd
).
Because of that, the port (and even protocol) that the service listen on doesn't really matter, what matter is that
Doing so, not only will you be able to serve multiple services using HTTPS on port 443 at the same time, the bulk of the TLS-related work (encryption/decryption, hostname verification, key negotiations, etc.) are offloaded to the proxy instead of the backend a pp.
Or you can just give a solution about traefik, because I just want it to work, no matter what apps I use. Thanks!
Yes, I'll add an example that use Traefik. However it will be a bit advanced and will requires more explanations. I'll use the README to introduce that.
@tanmng Soory, I'm late!Actually I still test the code. In VPM with 443, it could be very easy. However, in my family NAS without 443 port, everything is different. I don't know why. Just keep this issue open. I will be back sooner or later.
By the way, changing the name from chevereto-app
to chevereto
or app
seemed to not work in my NAS.
@tanmng In the log of chevereto, I saw this :
...
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.64.3. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.64.3. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 17 00:17:44.221680 2022] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.51 (Debian) PHP/7.4.26 configured -- resuming normal operations
[Sun Apr 17 00:17:44.222625 2022] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
I think that's why I could use local host to visit chevereto but not a https address. The domain name is not reliable for some reasons.
Hope this message could help for debug.
Thx!
I think that's why I could use local host to visit chevereto but not a https address. The domain name is not reliable for some reasons.
No that's not the cause. Every Apache's based Docker container will print out that message when it starts.
In theory simply changing "Forward Hostname / IP" to be app
will be more than enough.
Can you include some screenshot of your current list of containers + your configuration of NPM, because as I mentioned, I tried out the configuration on my end and everything worked
@tanmng Sorry for later reply!
Anyway, I decided to move chevereto to a VPS. I don't know why NPM+docker-chevereto
didn't work in my NAS. In my severeal VPS, NPM+docker-chevereto
works very well without special settings.
PS:
simplified Chinese
. ├── app
│ ├── content
│ ├── images
│ ├── php.ini
│ └── routes
├── db
│ ├── aria_log.00000001
│ ├── aria_log_control
│ ├── chevereto
│ ├── ddl_recovery.log
│ ├── ib_buffer_pool
│ ├── ibdata1
│ ├── ib_logfile0
│ ├── ibtmp1
│ ├── img.dump
│ ├── multi-master.info
│ ├── mysql
│ ├── mysql_upgrade_info
│ ├── performance_schema
│ └── sys
└── docker-compose.yml
my docker-compose is like:
---
version: '3'
services: db: image: mariadb volumes:
default environment: MYSQL_ROOT_PASSWORD: MYSQL_DATABASE: MYSQL_USER: MYSQL_PASSWORD:
app: image: nmtan/chevereto restart: always ports:
networks: default: name: chevereto
Finally, I found it's because I use v1.4.1 of chevereto in the old VPS, while the latest version 1.6+ was installed in the new VPS. I use `image: nmtan/chevereto:1.4.1` instead of `image: nmtan/chevereto`, and it works.
Seem there are some incompatiblity between new and old version of chevereto.
By the way, it's important for `www-data` to hold the `app` foler.
Thanks for your help! You're very nice! @tanmng
For users that can read Chinese, I think this might be helpful. Anyway, I had showed how to install and use chevereto in my private blog.
我在个人博客中介绍了如何安装docker chevereto,并且说明如何在markdown中使用chevereto,包括PicGo的相关设置、个性化album等。
如果想进一步了解的话,可以访问:
希望可以帮助到小伙伴们少踩点坑。
另外,再次感谢tanmng大佬的解答了!
Hi, everyone!
I install docker-chevereto like:
I can enter the dashboard via
http://<local.ip>:<che_port>
and do any settings about chevereto.However, when I use Nginx proxy manager (NPM) to make a reverse proxy for chevereto, and it doesn't work.
Usually, NPM can be OK for reverse proxy of bitwarden, nextcloud. But I don't know how to deal with chevereto. By the way, the 443 port of my NPM outside is 4443, because I couldnot use 443 for some reasons.
I think it's something about Nginx setting, but I don't know how to set it.
Any suggetions?