search

umami-software / umami

Umami is a simple, fast, privacy-focused alternative to Google Analytics.
https://umami.is
MIT License
22.91k stars 4.26k forks source link

Not able to access Umami v2.7 via httpS (SSL proxy issue?) #2349

Closed zenminimalist closed 10 months ago

zenminimalist commented 1 year ago

Describe the Bug

I can't seem to securely access Umami without the the port number. I can access Umami via http://IP:3001 or http://umami.domain.com:3001 but not via https://umami.domain.com

I have serveral setups with and without docker containers set up the exact same way via reverse proxy on OpenLiteSpeed. However with Umami it does not work. It's the first software that will does not want to talk to be via httpS and without port a number (3001).

I'm not sure if this is related to the last releasae 2.7

The environment variable HOSTNAME is now set to 0.0.0.0 by default for the pre-built Docker images. This fixes an issue with running Umami behind a SSL proxy.

Things I've tried:

I changed the default port to 3001 as with 3000 there was a port conflict with nghttpx.

Here's my stack compose file

``` version: '3' services: umami: image: ghcr.io/umami-software/umami:postgresql-latest container_name: Umami ports: - 3001:3000 environment: TRACKER_SCRIPT_NAME: oishii DATABASE_URL: postgresql://umami:umami@db:5432/umami DATABASE_TYPE: postgresql APP_SECRET: XXXXXXX depends_on: db: condition: service_healthy restart: always db: image: postgres:15-alpine container_name: Umami-db environment: POSTGRES_DB: umami POSTGRES_USER: umami POSTGRES_PASSWORD: umami volumes: - umami-db-data:/var/lib/postgresql/data restart: always healthcheck: test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"] interval: 5s timeout: 5s retries: 5 volumes: umami-db-data: ```

Here are my container details:

``` { "AppArmorProfile": "docker-default", "Args": [ "yarn", "start-docker" ], "Config": { "AttachStderr": true, "AttachStdin": false, "AttachStdout": true, "Cmd": [ "yarn", "start-docker" ], "Domainname": "", "Entrypoint": [ "docker-entrypoint.sh" ], "Env": [ "DATABASE_TYPE=postgresql", "APP_SECRET=XXXXXXXX", "TRACKER_SCRIPT_NAME=oishii", "DATABASE_URL=postgresql://umami:umami@db:5432/umami", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NODE_VERSION=18.18.0", "YARN_VERSION=1.22.19", "NODE_ENV=production", "NEXT_TELEMETRY_DISABLED=1", "HOSTNAME=0.0.0.0", "PORT=3000" ], "ExposedPorts": { "3000/tcp": {} }, "Hostname": "e50d5426ecea", "Image": "ghcr.io/umami-software/umami:postgresql-latest", "Labels": { "com.docker.compose.config-hash": "59bf314e0d5b07f7df6a7987ff96c8275e7c939d995db8bc15252f05ed84a6fe", "com.docker.compose.container-number": "1", "com.docker.compose.depends_on": "db:service_healthy:false", "com.docker.compose.image": "sha256:c89fe2af5818427f55806f9bf2c1e78f79a908cafa46d265278febd6ff02c27b", "com.docker.compose.oneoff": "False", "com.docker.compose.project": "umami", "com.docker.compose.project.config_files": "/data/compose/14/v2/docker-compose.yml", "com.docker.compose.project.environment_file": "/data/compose/14/v2/stack.env", "com.docker.compose.project.working_dir": "/data/compose/14/v2", "com.docker.compose.replace": "78c1d4984532da9aa5ea18eebfeb01873c4e15977306c0ae40e82c783541f491", "com.docker.compose.service": "umami", "com.docker.compose.version": "2.20.2" }, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "Tty": false, "User": "nextjs", "Volumes": null, "WorkingDir": "/app" }, "Created": "2023-10-15T18:19:45.677531251Z", "Driver": "overlay2", "ExecIDs": null, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/20a15e658a8d655ea04c780ac032166da536dc5cb5039fb8b9c6c4d7092419bc-init/diff:/var/lib/docker/overlay2/1bcf2cdc51dd19e59a0a1d965a7f4d6ba6781eb780ccf496f7d4d0d67913bce5/diff:/var/lib/docker/overlay2/2aecbc794841a01fe566a5626cd3a383e137c7bda021e47576cf47cd1c40e7cc/diff:/var/lib/docker/overlay2/9a65f51eff9eab3b7349e46b1597fdca6e046277793c7260cb88587f3c583674/diff:/var/lib/docker/overlay2/978caac0af42211ab34c3080a6373918063ae11361bc02dd4eb4bf7c8dd0475d/diff:/var/lib/docker/overlay2/b01c490c7687e1c5b42d795c69a420516b3d39c6f5e289e9675287e36b2786b0/diff:/var/lib/docker/overlay2/e2c68e2059714d3c1aace2d6aece7aa5836cd8f010642b294ee10d9e7754a885/diff:/var/lib/docker/overlay2/69415e6424438964fc2ec48c2a9aee258430581c9013185f65ff5338db0b6a86/diff:/var/lib/docker/overlay2/2e2eb677686e45f270cbcd58fa46c215d6d0ed80c6dd75cf8f070491b210510c/diff:/var/lib/docker/overlay2/3518714160dc4e5df3ecc6d0611038f61179cc674648489e9d468d3b2b455cf0/diff:/var/lib/docker/overlay2/d57afc07d3d0e5defa8adb3387edd2b92dfa5fe517dcaaec59a64eb6b4629ad9/diff:/var/lib/docker/overlay2/2d008d7ee3cc1817e3a0359998e14068ba231836827ea57a60eaff314a7e647a/diff:/var/lib/docker/overlay2/320d09520cfaa99fe0ba8611828258620fd481420db3ba3d92f6f13066cc850b/diff:/var/lib/docker/overlay2/660c2a45817c252ae160e433f8ac44c7ff83e8800972800f3462949a99c292c2/diff:/var/lib/docker/overlay2/4e74a8f1178dffe84aa83d4ca4f956f0f5150f1ea0214f720b4ce982e0250df5/diff:/var/lib/docker/overlay2/b632cce5d2eabf73ecef9cbf687af956cefa130f6402997bbddf21996ca7c7d3/diff", "MergedDir": "/var/lib/docker/overlay2/20a15e658a8d655ea04c780ac032166da536dc5cb5039fb8b9c6c4d7092419bc/merged", "UpperDir": "/var/lib/docker/overlay2/20a15e658a8d655ea04c780ac032166da536dc5cb5039fb8b9c6c4d7092419bc/diff", "WorkDir": "/var/lib/docker/overlay2/20a15e658a8d655ea04c780ac032166da536dc5cb5039fb8b9c6c4d7092419bc/work" }, "Name": "overlay2" }, "HostConfig": { "AutoRemove": false, "Binds": [], "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": [ "AUDIT_WRITE", "CHOWN", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "MKNOD", "NET_BIND_SERVICE", "NET_RAW", "SETFCAP", "SETGID", "SETPCAP", "SETUID", "SYS_CHROOT" ], "CapDrop": [ "AUDIT_CONTROL", "BLOCK_SUSPEND", "DAC_READ_SEARCH", "IPC_LOCK", "IPC_OWNER", "LEASE", "LINUX_IMMUTABLE", "MAC_ADMIN", "MAC_OVERRIDE", "NET_ADMIN", "NET_BROADCAST", "SYSLOG", "SYS_ADMIN", "SYS_BOOT", "SYS_MODULE", "SYS_NICE", "SYS_PACCT", "SYS_PTRACE", "SYS_RAWIO", "SYS_RESOURCE", "SYS_TIME", "SYS_TTY_CONFIG", "WAKE_ALARM" ], "Cgroup": "", "CgroupParent": "", "CgroupnsMode": "private", "ConsoleSize": [ 0, 0 ], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "DeviceCgroupRules": null, "DeviceRequests": null, "Devices": [], "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": null, "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "private", "Isolation": "", "Links": null, "LogConfig": { "Config": {}, "Type": "json-file" }, "MaskedPaths": [ "/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "NanoCpus": 0, "NetworkMode": "umami_default", "OomKillDisable": null, "OomScoreAdj": 0, "PidMode": "", "PidsLimit": null, "PortBindings": { "3000/tcp": [ { "HostIp": "", "HostPort": "3001" } ] }, "Privileged": false, "PublishAllPorts": false, "ReadonlyPaths": [ "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ], "ReadonlyRootfs": false, "RestartPolicy": { "MaximumRetryCount": 0, "Name": "always" }, "Runtime": "runc", "SecurityOpt": null, "ShmSize": 67108864, "UTSMode": "", "Ulimits": null, "UsernsMode": "", "VolumeDriver": "", "VolumesFrom": null }, "HostnamePath": "/var/lib/docker/containers/72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa/hostname", "HostsPath": "/var/lib/docker/containers/72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa/hosts", "Id": "72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa", "Image": "sha256:c89fe2af5818427f55806f9bf2c1e78f79a908cafa46d265278febd6ff02c27b", "LogPath": "/var/lib/docker/containers/72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa/72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa-json.log", "MountLabel": "", "Mounts": [], "Name": "/Umami", "NetworkSettings": { "Bridge": "", "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "Networks": { "umami_default": { "Aliases": [ "Umami", "umami", "e50d5426ecea", "72ef529df8c0" ], "DriverOpts": null, "EndpointID": "f92dafb05ce988fe0fb288d0f916ce419fe1247f44cf781564abb6534891df0a", "Gateway": "172.19.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": {}, "IPAddress": "172.19.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:ac:13:00:02", "NetworkID": "894efeaf8409634e1efd2bbfb6abafeda9a1e2cfc990311a353890f8ce67f4b9" } }, "Ports": { "3000/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "3001" }, { "HostIp": "::", "HostPort": "3001" } ] }, "SandboxID": "2bcaab96e87191fa57a938dc19535efc4b5bb7cdf56b1bc63db981244428287b", "SandboxKey": "/var/run/docker/netns/2bcaab96e871", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null }, "Path": "docker-entrypoint.sh", "Platform": "linux", "Portainer": { "ResourceControl": { "Id": 24, "ResourceId": "72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa", "SubResourceIds": [], "Type": 1, "UserAccesses": [], "TeamAccesses": [], "Public": false, "AdministratorsOnly": true, "System": false } }, "ProcessLabel": "", "ResolvConfPath": "/var/lib/docker/containers/72ef529df8c008a5eb9a56c950be554b622dd7d37b4b8675ceaa9ab3842e59fa/resolv.conf", "RestartCount": 0, "State": { "Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "OOMKilled": false, "Paused": false, "Pid": 135696, "Restarting": false, "Running": true, "StartedAt": "2023-10-15T18:19:46.096146493Z", "Status": "running" } } ```

Database

PostgreSQL

Relevant log output

PostgreSQL Database directory appears to contain a database; Skipping initialization
2023-10-15 18:43:27.048 UTC [1] LOG:  starting PostgreSQL 15.4 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924, 64-bit
2023-10-15 18:43:27.048 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2023-10-15 18:43:27.049 UTC [1] LOG:  listening on IPv6 address "::", port 5432
2023-10-15 18:43:27.051 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2023-10-15 18:43:27.062 UTC [24] LOG:  database system was shut down at 2023-10-15 18:43:26 UTC
2023-10-15 18:43:27.070 UTC [1] LOG:  database system is ready to accept connections
2023-10-15 18:43:35.246 UTC [38] LOG:  could not receive data from client: Connection reset by peer

How are you deploying your application? (if relevant)

Portainer BE that deployed the umami stack via the docker compose file from above.

I'm running a VPS on Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64), Cyberpanel & OpenLitespeed (both most current versions)

Just a guess Don't docker containers have their own networking thing? As my other stuff like the Cyberpanel & Openlitespeed run natively without docker could that be the problem? And if so how to I fix that?

mikecao commented 1 year ago

The HTTPS connection should be handled by your web server which then just proxies to Umami. Not familiar with your setup, but with Nginx, it handles all SSL and then sends requests to Umami running on HTTP port 3000.

github-actions[bot] commented 10 months ago

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] commented 10 months ago

This issue was closed because it has been inactive for 7 days since being marked as stale.

zenperfect commented 1 month ago

Been searching for an answer to this same issue (surprised it's closed). I'm running behind Apache and I can access all things via HTTP, but the proxy gets caught in a 500 redirect for any Umami pages. However, I can successfully hit any file over https in the container i.e. the images or favicon in the public directory, curiously. This has to be something in the next.js config of the app.