search

zulip / docker-zulip

Container configurations, images, and examples for Zulip.
https://zulip.com/
Apache License 2.0
573 stars 238 forks source link

"Too many redirects" after fresh install #313

Closed maeries closed 1 week ago

maeries commented 3 years ago

I just installed Zulip via Docker on my server. When I open the webinterface in a Browser (I tried Firefox, Edge, Firefox Android) I only get a redirection error aka. "too many redirects"

How to reproduce

  1. follow this tutorial: https://github.com/zulip/docker-zulip/blob/master/README.md
  2. Configure the docker-compose.yml so that Zulip runs behind Caddy (tried without Caddy, does not seem to make a difference)
  3. go to zulip.domain.tld

Or

  1. up this docker-compose.yml

    
version: '2'
services:
database:
image: 'zulip/zulip-postgresql:10'
environment:
  POSTGRES_DB: 'zulip'
  POSTGRES_USER: 'zulip'
  # Note that you need to do a manual `ALTER ROLE` query if you
  # change this on a system after booting the postgres container
  # the first time on a host.  Instructions are available in README.md.
  POSTGRES_PASSWORD: 'EkQEmG4aUqYHYqnyTyFcEd76pD'
volumes:
  - './data/postgres:/var/lib/postgresql/data:rw'
restart: unless-stopped

memcached:
image: 'memcached:alpine'
command:
  - 'sh'
  - '-euc'
  - |
    echo 'mech_list: plain' > "$$SASL_CONF_PATH"
    echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
    echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
    exec memcached -S
environment:
  SASL_CONF_PATH: '/home/memcache/memcached.conf'
  MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
  MEMCACHED_PASSWORD: 'Fzxj8Ah2LAUP29wCz7gE3HtMnMJF'
restart: unless-stopped

rabbitmq:
image: 'rabbitmq:3.7.7'
restart: unless-stopped
environment:
    RABBITMQ_DEFAULT_USER: 'zulip'
    RABBITMQ_DEFAULT_PASS: '44AgC4kLvhw55yDk7XtFdR234EoB'
volumes:
  - './data/rabbitmq:/var/lib/rabbitmq:rw'

redis:
image: 'redis:alpine'
restart: unless-stopped
command:
  - 'sh'
  - '-euc'
  - |
    echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
    exec redis-server /etc/redis.conf
environment:
  REDIS_PASSWORD: '36H6ewHLLV3giYyVYiXM8HMpTNG'
volumes:
  - '/opt/docker/zulip/redis:/data:rw'

zulip:
image: 'zulip/docker-zulip:4.3-0'
restart: unless-stopped
#    build:
#      context: .
#      args:
#        # Change these if you want to build zulip from a different repo/branch
#        ZULIP_GIT_URL: https://github.com/zulip/zulip.git
#        ZULIP_GIT_REF: '4.3'
#        # Set this up if you plan to use your own CA certificate bundle for building
#        # CUSTOM_CA_CERTIFICATES:
ports:
  - '1234:80'
#      - '443:443'
environment:
  DB_HOST: 'database'
  DB_HOST_PORT: '5432'
  DB_USER: 'zulip'
  SSL_CERTIFICATE_GENERATION: 'self-signed'
  SETTING_MEMCACHED_LOCATION: 'memcached:11211'
  SETTING_RABBITMQ_HOST: 'rabbitmq'
  SETTING_REDIS_HOST: 'redis'
  SECRETS_email_password: '123456789'
  # These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
  # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
  SECRETS_rabbitmq_password: '44AgC4kLvhw55yDk7XtFdR234EoB'
  SECRETS_postgres_password: 'EkQEmG4aUqYHYqnyTyFcEd76pD'
  SECRETS_memcached_password: 'Fzxj8Ah2LAUP29wCz7gE3HtMnMJF'
  SECRETS_redis_password: '36H6ewHLLV3giYyVYiXM8HMpTNG'
  SECRETS_secret_key: 'K8SCw8geGp6d4JqC8PETGmgKhxjc2aGf8fuSQPFNRAmRvJvote26RT4jxV6fZw'
  SETTING_EXTERNAL_HOST: 'zulip.domain.tld'
  SETTING_ZULIP_ADMINISTRATOR: 'mail@domain.tld'
  SETTING_EMAIL_HOST: ''  # e.g. smtp.example.com
  SETTING_EMAIL_HOST_USER: 'noreply@example.com'
  SETTING_EMAIL_PORT: '587'
  # It seems that the email server needs to use ssl or tls and can't be used without it
  SETTING_EMAIL_USE_SSL: 'False'
  SETTING_EMAIL_USE_TLS: 'True'
  ZULIP_AUTH_BACKENDS: 'EmailAuthBackend'
  # Uncomment this when configuring the mobile push notifications service
  # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
volumes:
  - './data/zulip:/data:rw'
ulimits:
  nofile:
    soft: 1000000
    hard: 1048576
networks:
  - caddy_net
  - default

networks: caddy_net: external: true default:



Server runs on old Xeaon  E5520. Don't know if that matters
maeries commented 3 years ago

The problem seems to be related with Caddy sending HTTP requests while Zulip only listens to HTTPS. I read that DISABLE_HTTPS: "True" does not work anymore. Is there an alternative? The way it's described in the docs does not seem to be made to be used with docker https://zulip.readthedocs.io/en/latest/production/deployment.html#configuring-zulip-to-allow-http

Edit to be more clear: When I set Caddy2 to connect via port 80 I get the "Too many redirects". Then I set it to use port 443 I get "Client sent an HTTP request to an HTTPS server."

maeries commented 3 years ago

Figured it out. Under the environment variables in the docker-compose.yml you have to set DISABLE_HTTPS: 'True'. Then set your reverse proxy to connect to the http (non s) port of zulip

timabbott commented 1 week ago

We've got improved reverse proxy documentation that covers how to do this successfully, so closing.