opf/openproject-docker-compose

Cannot access application after following quickstart docs

mic-appiani opened this issue · 4 comments

I followed the quick start instructions from this page https://www.openproject.org/docs/installation-and-operations/installation/docker/ (both using compose and the single container) and I cannot access the application after starting it. I specified http:// in the address but I seem to get redirected to https. Error follows:

Secure Connection Failed
An error occurred during a connection to localhost:8080. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I tried a curl:

*   Trying 127.0.0.1:8080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 16 Aug 2022 08:23:13 GMT
< Server: Apache/2.4.38 (Debian)
< Content-Type: text/html
< Location: https://localhost:8080/
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Referrer-Policy: origin-when-cross-origin
< Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self' https://augur.openproject.com; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://releases.openproject.com/v1/check.svg; img-src * data: blob:; object-src https://releases.openproject.com/v1/check.svg; script-src 'self'; style-src 'self' 'unsafe-inline'
< Content-Length: 0
<
* Connection #0 to host localhost left intact

Is additional configuration required or should it work out of the box?

I have similar issues running the latest openproject/community:12 as described in the Quickstart:

$ curl -Lvv http://localhost:8080/
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 17 Aug 2022 09:22:26 GMT
< Server: Apache/2.4.38 (Debian)
< Content-Type: text/html
< Location: https://localhost:8080/
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Referrer-Policy: origin-when-cross-origin
< Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self' https://augur.openproject.com; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://releases.openproject.com/v1/check.svg; img-src * data: blob:; object-src https://releases.openproject.com/v1/check.svg; script-src 'self'; style-src 'self' 'unsafe-inline'
< Content-Length: 0
<
* Connection #0 to host localhost left intact
* Clear auth, redirects scheme from HTTP to https
* Issue another request to this URL: 'https://localhost:8080/'
* Found bundle for host localhost: 0x563573e9fff0 [serially]
* Can not multiplex, even if we wanted to!
* Hostname localhost was found in DNS cache
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* (5454) (IN), , Unknown (72):
* error:0A00010B:SSL routines::wrong version number
* Closing connection 1
curl: (35) error:0A00010B:SSL routines::wrong version number

Switching to the latest previous minor version openproject/community:12.1 appears to work, when following the Quickstart Guide. Maybe sth. broke in 12.2:

$ curl -Lvv http://localhost:8080/
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 17 Aug 2022 09:29:42 GMT
< Server: Apache/2.4.38 (Debian)
< Content-Type: text/html; charset=utf-8
< Vary: Accept,Accept-Encoding
< Cache-Control: max-age=0, private, must-revalidate
< ETag: W/"f7ba45d3aea802cc7299573b52dd5f4d"
< X-Request-Id: 5d023eeb-12ee-48de-9aa7-256aa83be6cb
< X-Runtime: 0.294223
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Referrer-Policy: origin-when-cross-origin
< Content-Security-Policy: default-src 'self'; base-uri 'self'; connect-src 'self' https://augur.openproject.com; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://player.vimeo.com https://releases.openproject.com/v1/check.svg; img-src * data: blob:; object-src https://releases.openproject.com/v1/check.svg; script-src 'self' 'nonce-o1GuE1lcPsWoy+5Td+YZRuv4ww4TENdBMns3TgymrsI=' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
< Set-Cookie: _open_project_session=297b38e478be40034fd455d88b72b5ee; path=/; HttpOnly; SameSite=Lax
< Transfer-Encoding: chunked
<

<!DOCTYPE html>
...

It is a problem with the 12.2 release, which switched to SSL encryption as default. The containers do not provide this and hence they fail. Was told they fix it asap.

opf/openproject#11157

Do not edit the docker-compose.yml
create a .env file in the compose directory with this. This will override the default settings.

#OpenProject environment variables
TAG=12
OPENPROJECT_HTTPS=false
OPENPROJECT_HOST__NAME=localhost:8080
OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
IMAP_ENABLED=false
DATABASE_URL=postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true
RAILS_MIN_THREADS=4
RAILS_MAX_THREADS=16
PGDATA="/var/lib/postgresql/data"
OPDATA="/var/openproject/assets"

Your browser will be stuck with a 301 redirect so you will also either need to use a different browser, clear your browser cache or use a private window.