Comments (7)
robguthrie
commented on July 30, 2024
Yep, sure there is. Just modify the docker-compose.yml file. Remove nginx and letsencrypt-proxy and expose the app via port 3000.
It's all standard docker-compose or rails stuff. No Loomio specific code at this stage.
from loomio-deploy.
jakkarth
commented on July 30, 2024
Hey, thanks for clarifying. I've made some progress in that regard. I've had to edit the reverse proxy to pass in the original hostname and add the RequestHeader set X-FORWARDED-PROTO "https" to prevent infinite redirects. I've also had to add Header set Access-Control-Allow-Origin "*" in the response headers to avoid CORS errors. I'm not entirely sure what the security implications of that are. At the moment things seem to be working, but I'm getting this message in the console every few seconds:
https://channels.loomio.mydomain.com/socket.io/?channel_token=5cbc455fb9aebd9242be89264c05edb2&EIO=4&transport=polling&t=OczVjI2 404 (Not Found)
Are you sure there isn't some kind of routing config in one of the nginx containers that would route this to the channels container? Or is there some other issue I'm not aware of?
If I can get this working, would you be open to a PR with updated documentation to describe this setup?
from loomio-deploy.
robguthrie
commented on July 30, 2024
channels is the websocket server, which is routed via it's own domain and talks to the main server via the redis db.
I don't have the capacity to offer support for custom configurations (unless you pay me). However if there are some simple patches that make it easier to run I will consider them.
This repo is intentionally opinionated - I made the decision to offer the loomio-deploy config for a particular use case, and that's what 9/10 people want, and I know it well enough to support it. I'm not an expert in the general area of this stuff.
If you'd like to share documentation about your setup, that's great, please do! - but I'm not likely to include it here.
from loomio-deploy.
jakkarth
commented on July 30, 2024
Thanks for explaining. I can certainly understand the desire to keep support efforts low so you can focus on making the software better. I would consider adding documentation to further that desire rather than impede it though. In any case, since you've been generous enough to release the code under gpl3, I'll have a deeper look at the source and see if I can figure out how the websocket piece works, since simply exposing the main app hasn't been sufficient in that regard. Thanks for the help, and best of luck with the project.
from loomio-deploy.
dcava
commented on July 30, 2024
@jakkarth
Just in case you were still looking at getting this working - I think I've managed to sort out Loomio behind an existing nginx proxy with cloudflare as the DNS/CDN proxy. I was having the exact same socket.io errors, the issue was that the nginx-proxy docker container automatically sets up the channels routing, but existing nginx does not. There are also potentially issues with CORS (behind cloudflare, maybe not an issue if you are not proxying through cloudflare.
Essentially, you have to add another location in NGINX and adjust your docker-compose.yml.
- In docker-compose, adjust the channels container to expose port 5000 at localhost. This is done by adding this line:
ports:
- 127.0.0.1:5000:5000
This only exposes on local host. I would not use "5000:5000" as this exposes to world.
Secondly, add another location in nginx conf to route to the channels server. My whole nginx conf is below, but the important part is the "upstream" at the top - there is one for the main loomio app and one for the channels server. Then lower down, there is the location for both. I have removed some lines for privacy only.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream loombackend {
server 127.0.0.1:3001 fail_timeout=0;
}
upstream loomchannels {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80;
listen [::]:80;
server_name loomio.example.com;
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name loomio.example.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_certificate /etc/letsencrypt/live/loomio.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/loomio.example.com/privkey.pem;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 200m;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://loombackend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Server;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
if ($http_origin ~* (https?://(?:.+\.)?(loomio\.example\.com|files\.example\.com|channels\.loomio\.example\.com)$)) {
add_header 'Access-Control-Allow-Origin' '$http_origin';
}
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
add_header 'Access-Control-Expose-Headers' 'X-Amz-SignedHeaders';
add_header 'Access-Control-Expose-Headers' 'X-Requested-With';
add_header 'Access-Control-Expose-Headers' 'Content-Type';
add_header 'Access-Control-Expose-Headers' 'Accept';
add_header 'Access-Control-Expose-Headers' 'Origin';
add_header 'Access-Control-Expose-Headers' 'Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
tcp_nodelay on;
}
location /socket.io {
proxy_pass http://loomchannels;
proxy_buffering off;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
if ($http_origin ~* (https?://(?:.+\.)?(loomio\.example\.com|files\.example\.com|channels\.loomio\.example\.com)$)) {
add_header 'Access-Control-Allow-Origin' '$http_origin';
}
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length';
add_header 'Access-Control-Expose-Headers' 'X-Amz-SignedHeaders';
add_header 'Access-Control-Expose-Headers' 'X-Requested-With';
add_header 'Access-Control-Expose-Headers' 'Content-Type';
add_header 'Access-Control-Expose-Headers' 'Accept';
add_header 'Access-Control-Expose-Headers' 'Origin';
add_header 'Access-Control-Expose-Headers' 'Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
tcp_nodelay on;
}
}
There is another step required for behind cloudflare - let me know if you need it.
from loomio-deploy.
jakkarth
commented on July 30, 2024
@dcava I will try to take a look at this this week and see if I can get it running. I've been doing okay with channels support but having it would be nice. I'll need to figure out how to adapt this approach to my apache2.4 config. Thank you for the information and for tagging me so I'd see it!
from loomio-deploy.
dcava
commented on July 30, 2024
@jakkarth This is my best effort to translate to Apache: (by "mine" I mean "ChatGPT"!!)
# Load required modules
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
# HTTP Server Redirect to HTTPS
<VirtualHost *:80>
ServerName loomio.example.com
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
# HTTPS VirtualHost
<VirtualHost *:443>
ServerName loomio.example.com
# SSL Configuration
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/loomio.example.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/loomio.example.com/privkey.pem"
SSLProtocol TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA
SSLHonorCipherOrder on
SSLSessionTickets Off
# Proxy settings
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /socket.io http://127.0.0.1:5000/socket.io
ProxyPassReverse /socket.io http://127.0.0.1:5000/socket.io
ProxyPass / http://127.0.0.1:3001/
ProxyPassReverse / http://127.0.0.1:3001/
# WebSocket upgrade headers
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* "ws://127.0.0.1:5000/$1" [P,L]
# CORS Headers for specific domains
Header always set Access-Control-Allow-Origin "https://loomio.example.com"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization"
Header always set Access-Control-Allow-Credentials "true"
<Directory "/path/to/app">
AllowOverride All
Require all granted
</Directory>
# Logging
ErrorLog ${APACHE_LOG_DIR}/loomio_error.log
CustomLog ${APACHE_LOG_DIR}/loomio_access.log combined
</VirtualHost>
from loomio-deploy.
Related Issues (20)
- No mail delivery HOT 5
- Cannot use LetsEncrypt HOT 3
- Group Data Import Progress [Stalled?] HOT 4
- Login Email / SMTP Failing HOT 2
- Replace Redis with Redict? HOT 1
- Storage location for user uploads? HOT 1
- Google translate integration for threads and comments HOT 13
- "Connection refused" "failed to load command puma" after update HOT 4
- SMTP Problems HOT 2
- rake db:migrate fails after updating to stable HOT 6
- Postgres connection error HOT 8
- Custom OAuth Provider HOT 3
- FEATURES_DISABLE_PUBLIC_GROUPS=1 has not effect HOT 4
- ActiveRecord::ConnectionNotEstablished: FATAL: password authentication failed for user "postgres" HOT 8
- Mail not sent anymore after upgrade / SSL_connect returned=1 errno=0 state=error: wrong version number) HOT 3
- error on new install when setting up accounts HOT 1
- Cannot install the app with instructions HOT 6
- OAuth set up clarification HOT 10
- Mailin alternatives HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loomio-deploy.