Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Single server behind nginx reverse proxy - no content #535

Open
OWA-dbell opened this issue Oct 6, 2022 · 9 comments
Open

Single server behind nginx reverse proxy - no content #535

OWA-dbell opened this issue Oct 6, 2022 · 9 comments

Comments

@OWA-dbell
Copy link

Summary

I have a working instance of cronicle running on a single server. things look good and I can access it via http://[hostname]:3012. For my end users, and for getting HTTPS going, we run everything behind an nginx reverse proxy. I set all that up and now I try to go to https://[url] and get odd behavior. The background of the page loads, then nothing else. Just the Cronicle logo up top and an empty box.

I looked at the load balancer instructions, but that doesn't seem to apply in this case given its only the one server.

Steps to reproduce the problem

setup nginx with the following config:

server {
        #internal server
        set $upstream [server IP];

        #external URL
        server_name [public url];

        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;

        location / {
                proxy_pass http://$upstream:3012;
        }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[url]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[url]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = [public url]) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name [public url];

        listen 80;
        listen [::]:80;
    return 404; # managed by Certbot
}

Your Setup

Just a single server.

Operating system and version?

Ubuntu 20.04

Node.js version?

v16.17.1

Cronicle software version?

Version 0.9.12

Are you using a multi-server setup, or just a single server?

Are you using the filesystem as back-end storage, or S3/Couchbase?

Filesystem as storage

Can you reproduce the crash consistently?

Log Excerpts
@OWA-dbell
Copy link
Author

Just to add, I also tried doing the nginx config with the local hostname instead of the IP and got the same results.

@mikeTWC1984
Copy link

In general nginx config for cronicle might be a bit of PITA. To debug - open dev tools in browser. First of all, check "console" tab. Do you see any error about websockets? (something like "io is not defined"). If so you need to specify another rout to /socket.io in your config. If it's not an issue then go to "network" tab. You'll see which files are failing to load.
Here is a sample for socket.io config:

  location /socket.io/ {
        client_max_body_size                    2048m;
        proxy_read_timeout                      86400s;
        proxy_send_timeout                      86400s;
        proxy_set_header                        X-Forwarded-Host $host;
        proxy_set_header                        X-Forwarded-Server $host;
        proxy_set_header                        X-Real-IP $remote_addr;
        proxy_set_header                        Host $host;
        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version                      1.1;
        proxy_redirect                          off;
        proxy_set_header                        Upgrade $http_upgrade;
        proxy_set_header                        Connection "upgrade"; 

    proxy_pass          http://localhost:3012/socket.io/;
  }

@soulteary
Copy link

maybe you can try traefik https://github.com/soulteary/docker-cronicle

it simple and stable. @OWA-dbell

@matthenning
Copy link

matthenning commented Oct 10, 2023
edited
Loading

Did you ever solve this? I'm running into the same issue with an almost identical setup but only in Firefox. Chrome seems to be working fine.
Firefox is reporting

Firefox can’t establish a connection to the server at wss://cronicle/socket.io/?EIO=4&transport=websocket. [websocket.js:43:26](https://cronicle/node_modules/engine.io-client/build/esm/transports/websocket.js)
The connection to wss://cronicle/socket.io/?EIO=4&transport=websocket was interrupted while the page was loading.

My nginx config:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name cronicle;

    ssl_certificate /etc/ssl/certs/cronicle.pem;
    ssl_certificate_key /etc/ssl/private/cronicle.key;

    location /socket.io/ {
        client_max_body_size                    2048m;
        proxy_read_timeout                      86400s;
        proxy_send_timeout                      86400s;
        proxy_set_header                        X-Forwarded-Host $host;
        proxy_set_header                        X-Forwarded-Server $host;
        proxy_set_header                        X-Real-IP $remote_addr;
        proxy_set_header                        Host $host;
        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version                      1.1;
        proxy_redirect                          off;
        proxy_set_header                        Upgrade $http_upgrade;
        proxy_set_header                        Connection "upgrade";

        proxy_pass          http://127.0.0.1:3012/socket.io/;
    }

    location / {
        proxy_pass http://127.0.0.1:3012;

        proxy_http_version 1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection "upgrade";
        proxy_set_header        Host $host;
        #proxy_set_header        X-Real-IP $remote_addr;
        #proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header        X-Forwarded-Proto $scheme;
    }

    include /etc/nginx/snippets/ssl.conf;
}

cronicle docker container is listening on 127.0.0.1:3012

@OWA-dbell
Copy link
Author

@matthenning I didn't ever get it solved. I'm stuck with NGINX because of all our other systems behind it, don't want to try and cut over to traefik, and NGINX works for everything else.

I think @mikeTWC1984 is on the right path. All my errors are related to socket.io. But I never dug into it much further.

@matthenning
Copy link

Thanks for your reply. Seeing that it works in Chrome but not in FF I'll live with it for now as it doesn't look like something I can fix within nginx.

@tomihbk
Copy link

tomihbk commented Oct 10, 2023

Hey @OWA-dbell and @matthenning

Finding this issue at the same day is quite a miracle.

I went through hell to make my config work but alas, I'm happy.

Here's my config on nginx, I have decided to put my cronicle behind a subdomain and used certbot to create my own certificate for https :

server {
    server_name jobscheduler.xxxxxx.xxx;

    location / {
        client_max_body_size                    2048m;
        proxy_read_timeout                      86400s;
        proxy_send_timeout                      86400s;
        proxy_set_header                        X-Forwarded-Host $host;
        proxy_set_header                        X-Forwarded-Server $host;
        proxy_set_header                        X-Real-IP $remote_addr;
        proxy_set_header                        Host $host;
        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version                      1.1;
        proxy_redirect                          off;
        proxy_set_header                        Upgrade $http_upgrade;
        proxy_set_header                        Connection "upgrade";
        proxy_pass                              http://localhost:3012/;
    }

   location /socket.io/ {
        client_max_body_size                    2048m;
        proxy_read_timeout                      86400s;
        proxy_send_timeout                      86400s;
        proxy_set_header                        X-Forwarded-Host $host;
        proxy_set_header                        X-Forwarded-Server $host;
        proxy_set_header                        X-Real-IP $remote_addr;
        proxy_set_header                        Host $host;
        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version                      1.1;
        proxy_redirect                          off;
        proxy_set_header                        Upgrade $http_upgrade;
        proxy_set_header                        Connection "upgrade";
        proxy_pass                              http://localhost:3012/socket.io/;
}

  location /api/ {
        client_max_body_size                    2048m;
        proxy_read_timeout                      86400s;
        proxy_send_timeout                      86400s;
        proxy_set_header                        X-Forwarded-Host $host;
        proxy_set_header                        X-Forwarded-Server $host;
        proxy_set_header                        X-Real-IP $remote_addr;
        proxy_set_header                        Host $host;
        proxy_set_header                        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version                      1.1;
        proxy_redirect                          off;
        proxy_set_header                        Upgrade $http_upgrade;
        proxy_set_header                        Connection "upgrade";
        proxy_pass                              http://localhost:3012/api/;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/..../fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/...../privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Despite not successful to make the Live Log Watcher work (but I still get info when the job is finished). I can still live without.

@matthenning
Copy link

Hi @tomihbk, can confirm it's working, thank you.
One small addition: I had to set add_header Content-Security-Policy "frame-ancestors domain.com"; to see the job log after it finished. Otherwise Firefox would throw a content policy error.
Now if we can get the Live Log Watcher to use the URL of the reverse proxy we're golden. At the moment it's switched to HTTPS but still trying to access the server IP and Port 3012 directly.

@adocampo
Copy link

FYI, I got running Cronicle with Nginx Proxy Manager quite easily
image
I don't know what Live Log Watcher is but I can manage the interface and see the cron results, and that all what I want.

@jhuckaby jhuckaby mentioned this issue Mar 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@soulteary @adocampo @matthenning @tomihbk @mikeTWC1984 @OWA-dbell