Mixed content issue when running "local" in https
Stopi opened this issue · 6 comments
Hi there,
I'm trying to run a "local" kobo server but behind an Apache proxy.
The Apache proxy is handling all the HTTPS with let's encrypt. This way, the certificate is renew with my usual environment (fully automatic) and this saves me a lot of configuration hassle.
To be able to do that, I've change the envfile.local.txt file with :
#HOST_ADDRESS=
PUBLIC_DOMAIN_NAME=mydomain.tld
KOBOFORM_PUBLIC_SUBDOMAIN=koboform
KOBOCAT_PUBLIC_SUBDOMAIN=kobocat
ENKETO_EXPRESS_PUBLIC_SUBDOMAIN=enketo
...and it works almost great.
I have one issue : when previewing a form, enketo always refer to http://koboform.mydomain.tld instead of https://koboform.mydomain.tld.
This triggers a mixed content issue in my browser, so the form is blocked and appears blank.
Current error message is triggered by https://koboform.mydomain.tld/static/compiled/app-bf142ef6bd254c370581.js:125:68207 when trying to load http://koboform.mydomain.tld/asset_snapshots/sEop5tcLhcuGm2Hdh3hT2B/preview/
In the same way, when I ask the browser to display https://koboform.pasteur.la/asset_snapshots/sgNidi6zPZwFhkT7mnQ6G3/preview/, it redirects to https://enketo.pasteur.la/preview?form=http://koboform.pasteur.la/asset_snapshots/sgNidi6zPZwFhkT7mnQ6G3.xml
I know I can tell the browser to not block mixed content (and I did in my test machine), however I would prefer a clean solution for my users, so how can I enforce HTTPS ?
Hi @Stopi,
You should give kobo-install a try. It's a beta and still needs improvement but may help to create your configuration files and run KoBo easily. It's based on another branch (not master) of kobo-docker which handles better the HTTPS on a proxy.
Please, use it with advanced options.
https://github.com/kobotoolbox/kobo-install
Do you want to see advanced options?
1) Yes
2) No
[2]: 1
What kind of installation do you need?
1) On your workstation
2) On a server
[1]: 2
Do you want to use separate servers for frontend and backend?
1) Yes
2) No
[2]: 2
...
Do you use a reverse proxy or a load balancer?
1) Yes
2) No
[1]:
Use HTTPS?
Please note that certificate has to be installed on the load balancer!
1) Yes
2) No
[1]:
Internal port used by reverse proxy?
[80]: <port Apache is using to communicate with KoBo nginx>
...
ATTENTION, if you already have data with your installation, you will need to upgrade PostgreSQL and Mongo manually FIRST.
Please read the README.
Hi, thanks for this answer.
I just tried to install from scratch on a new VM but it looks like something's wrong :
git clone https://github.com/kobotoolbox/kobo-install
cd kobo-install
python run.py
╔═══════════════════════════════════════════════════════════════╗
║ Welcome to `kobo-install`! ║
║ ║
║ You are going to be asked some questions that will ║
║ determine how to build the configuration of `KoBoToolBox`. ║
║ ║
║ Some questions already have default values (within brackets). ║
║ Just press `enter` to accept the default value or enter `-` ║
║ to remove previously entered value. ║
║ Otherwise choose between choices or type your answer. ║
╚═══════════════════════════════════════════════════════════════╝
Where do you want to install?
[/home/kobo-docker]:
Do you want to see advanced options?
1) Yes
2) No
[2]: 1
What kind of installation do you need?
1) On your workstation
2) On a server
[2]: 2
Do you want to use separate servers for frontend and backend?
1) Yes
2) No
[2]:
Public domain name [kobo.local]: mydomain.tld
KPI sub domain [kf]: koboform
KoBoCat sub domain [kc]: kobocat
Enketo Express sub domain name [ee]: enketo
Do you use a reverse proxy or a load balancer?
1) Yes
2) No
[1]:
Use HTTPS?
Please note that certificate has to be installed on the load balancer!
1) Yes
2) No
[1]:
Internal port used by reverse proxy?
[80]:
SMTP server: smtp.mydomain.tld
SMTP port [25]: 587
SMTP user: robot@mydomain.tld
SMTP password: xxxx
Use TLS?
1) True
2) False
[1]:
From email address [support@mydomain.tld]: robot@mydomain.tld
Super user's username [super_admin]:
Super user's password [G2DKuG9EUUx~O]: xxxx
Docker Compose prefix? (leave empty for default): iplkobo
Staging mode?
1) Yes
2) No
[2]:
Postgres database [kobotoolbox]:
Postgres user [kobo]:
Postgres password [VmsEXDcam-j4+w^]: xxxx
Do you want to tweak PostgreSQL settings?
1) Yes
2) No
[2]:
Do you want to customize service ports?
1) Yes
2) No
[2]:
Do you want to use AWS S3 storage?
1) Yes
2) No
[2]:
Google Analytics Identifier:
Google API Key:
Intercom App ID:
Do you want to use Sentry?
1) Yes
2) No
[2]:
Do you want to tweak uWSGI settings?
1) Yes
2) No
[2]:
Do you want to activate backups?
1) Yes
2) No
[2]:
Cloning into '/home/kobo-docker'...
remote: Enumerating objects: 2546, done.
remote: Total 2546 (delta 0), reused 0 (delta 0), pack-reused 2546
Receiving objects: 100% (2546/2546), 1.84 MiB | 304.00 KiB/s, done.
Resolving deltas: 100% (1580/1580), done.
Switched to a new branch 'kobo-install'
From https://github.com/kobotoolbox/kobo-docker
* branch kobo-install -> FETCH_HEAD
Traceback (most recent call last):
File "run.py", line 63, in <module>
run()
File "run.py", line 35, in run
Command.start()
File "/home/kobo-install/helpers/command.py", line 206, in start
cls.stop(output=False, frontend_only=frontend_only)
File "/home/kobo-install/helpers/command.py", line 295, in stop
CLI.run_command(backend_command, config.get("kobodocker_path"))
File "/home/kobo-install/helpers/cli.py", line 88, in run_command
stdout = subprocess.check_output(command, universal_newlines=True, cwd=cwd)
File "/usr/lib/python2.7/subprocess.py", line 216, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 394, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
@Stopi,
I've just tried and it worked.
Can you tell me which linux distro you are using? Also which version of docker & docker-compose do you have installed on your new VM?
OK, my bad! I didn't install docker-compose, I just fixed this.
I'm running Alpine Linux and it looks like it still fails.
kobo [/home/kobo-install]# python run.py
Removing network iplkobo_default
WARNING: Network iplkobo_default not found.
Removing network iplkobo_kobo-fe-network
WARNING: Network iplkobo_kobo-fe-network not found.
Launching environment
Creating network "iplkobo_default" with the default driver
Creating iplkobo_mongo_1 ... done
Creating iplkobo_postgres_1 ... done
Creating iplkobo_redis_main_1 ... done
Creating iplkobo_rabbit_1 ... done
Creating iplkobo_redis_cache_1 ... done
Creating network "iplkobo_kobo-fe-network" with driver "bridge"
WARNING: Found orphan containers (iplkobo_redis_cache_1, iplkobo_rabbit_1, iplkobo_redis_main_1, iplkobo_postgres_1, iplkobo_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating iplkobo_kpi_1 ... done
Creating iplkobo_nginx_1 ... done
Creating iplkobo_kobocat_1 ... done
Creating iplkobo_enketo_express_1 ... done
Waiting for environment to be ready. It can take a few minutes.
............................................................
`KoBoToolbox` has not started yet, sometimes frontend containers can not communicate with backend containers.
Let's restart frontend containers.
Stopping iplkobo_enketo_express_1 ... done
Stopping iplkobo_kobocat_1 ... done
Stopping iplkobo_kpi_1 ... done
Stopping iplkobo_nginx_1 ... done
WARNING: Found orphan containers (iplkobo_redis_cache_1, iplkobo_rabbit_1, iplkobo_redis_main_1, iplkobo_postgres_1, iplkobo_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Removing iplkobo_enketo_express_1 ... done
Removing iplkobo_kobocat_1 ... done
Removing iplkobo_kpi_1 ... done
Removing iplkobo_nginx_1 ... done
Removing network iplkobo_kobo-fe-network
Launching frontend containers
Creating network "iplkobo_kobo-fe-network" with driver "bridge"
WARNING: Found orphan containers (iplkobo_redis_cache_1, iplkobo_rabbit_1, iplkobo_redis_main_1, iplkobo_postgres_1, iplkobo_mongo_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating iplkobo_kpi_1 ... done
Creating iplkobo_nginx_1 ... done
Creating iplkobo_enketo_express_1 ... done
Creating iplkobo_kobocat_1 ... done
...........................................................
Something went wrong! Please look at docker logs
I've checked the logs but don't see anything that helps me to understand.
enketo_express_1 | pm2 launched in no-daemon mode (you can add DEBUG="*" env variable to get more messages)
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: Launching in no daemon mode
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: [PM2] Starting /srv/src/enketo_express/app.js in fork_mode (1 instance)
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: App [enketo:0] starting in -fork mode-
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: App [enketo:0] online
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: [PM2] Done.
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: ┌──────────┬────┬─────────┬──────┬─────┬────────┬─────────┬────────┬─────┬───────────┬──────┬──────────┐
enketo_express_1 | │ App name │ id │ version │ mode │ pid │ status │ restart │ uptime │ cpu │ mem │ user │ watching │
enketo_express_1 | ├──────────┼────┼─────────┼──────┼─────┼────────┼─────────┼────────┼─────┼───────────┼──────┼──────────┤
enketo_express_1 | │ enketo │ 0 │ 1.72.2 │ fork │ 90 │ online │ 0 │ 0s │ 0% │ 27.1 MB │ root │ disabled │
enketo_express_1 | └──────────┴────┴─────────┴──────┴─────┴────────┴─────────┴────────┴─────┴───────────┴──────┴──────────┘
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: Use `pm2 show <id|name>` to get more details about an app
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: [--no-daemon] Continue to stream logs
enketo_express_1 | 2019-01-29T03:41:17: PM2 log: [--no-daemon] Exit on target PM2 exit pid=80
enketo_express_1 | 03:41:19 0|enketo | Worker 1 ready for duty at port 8005! (environment: production)
The docker logs stay on this, no issue displayed.
You can get more of this logs here : http://dl.pasteur.la/?t=4200e74e95b79a11cab9551c50884bfd
I don't know if it helps but I've got this on syslog :
time="2019-01-29T10:05:03.265786290+07:00" level=info msg="shim reaped" id=05ebc8fd21dde9d1aa7f43ecf1590be8df558cb38a03b5268a62cd855748d5d1
time="2019-01-29T10:05:03.275649766+07:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
time="2019-01-29T10:05:03.282183650+07:00" level=info msg="shim reaped" id=bc0ebde346b23ea55fea0289c82a932adcff586903007185dde243478bd6ee80
time="2019-01-29T10:05:03.298774309+07:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
time="2019-01-29T10:05:04.655808882+07:00" level=info msg="shim reaped" id=66e72a8577cbce0beada9cfb928be94429a7ea8936b1a0d39ee7a2832f8013ed
time="2019-01-29T10:05:04.665573458+07:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
time="2019-01-29T10:05:05.085999027+07:00" level=info msg="shim reaped" id=8ea2ef94895283253473a5e02dec2720684d6440ecebbfb5661b9316a29cb3e8
time="2019-01-29T10:05:05.095652904+07:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
time="2019-01-29T10:05:06.566538498+07:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/3d296a1f2e59e4f3a87b553a1f13026d078e4b02bb55cb93dee132ded262e54b/shim.sock" debug=false pid=7017
time="2019-01-29T10:05:06.576436174+07:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/de406769193828140c765e7be78e354c95a8a9b2700cd6dd4d132ed48394bbe9/shim.sock" debug=false pid=7018
time="2019-01-29T10:05:06.581227062+07:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/4aad92b6bb04ffc138645dcc8b96f8d6947e4bd22f0d006ac6eeb882fdeff469/shim.sock" debug=false pid=7022
time="2019-01-29T10:05:06.590052040+07:00" level=info msg="shim containerd-shim started" address="/containerd-shim/moby/200bf983c0217ca4c6147637a074d8abdbcd58060e700509c5328a54fa6f5dc3/shim.sock" debug=false pid=7025
time="2019-01-29T10:05:07.855538238+07:00" level=warning msg="OOM monitoring failed" error="cgroups: memory cgroup not supported on this system"
time="2019-01-29T10:05:07.973141849+07:00" level=warning msg="OOM monitoring failed" error="cgroups: memory cgroup not supported on this system"
time="2019-01-29T10:05:07.996791391+07:00" level=warning msg="OOM monitoring failed" error="cgroups: memory cgroup not supported on this system"
time="2019-01-29T10:05:08.016456743+07:00" level=warning msg="OOM monitoring failed" error="cgroups: memory cgroup not supported on this system"
It's weird because I've configured cgroups according to official documentation (https://wiki.alpinelinux.org/wiki/Docker#.22WARNING:_No_.7Bswap.2Cmemory.7D_limit_support.22), but anyway it looks like it's only a warning.
I should add some info :
- Alpine Linux 3.8.2
- docker 18.09.1-r0
- docker-compose 1.23.2
I've tried with a completely fresh reinstall of the whole VM and still no success.
I'm closing this ticket and opening a new one in kobo-install repo, as I think it should be there.