aggregate icon indicating copy to clipboard operation
aggregate copied to clipboard

Published 20 hours ago verified publisher icon getodk

[Docker Compose] Inifinite redirect loop

Open dosanjosfilho opened this issue 6 years ago • 3 comments

Software and hardware versions

Ubuntu Server 18.04, Aggregate v2.0.0

Problem description

My ODK Aggregate is working normally under my domain example.com:8080 and www.example.com:8080, but when trying to use nginx for redirect I go into an infinite loop.

Steps to reproduce the problem

I'm setting up the ODK Agregator on my server following the "ODK Aggregate - Build and run with Docker Compose", I have changed the security.server.checkHostnames to false. And in my nginx installation is configured with Let's Encrypt.

security.properties:

security.server.deviceAuthentication=digest
security.server.secureChannelType=REQUIRES_INSECURE_CHANNEL
security.server.channelType=REQUIRES_INSECURE_CHANNEL
security.server.forceHttpsLinks=false
security.server.hostname=
security.server.port=8080
security.server.securePort=8443
security.server.superUserUsername=administrator
security.server.realm.realmString=ODK Aggregate
security.server.checkHostnames=false

nginx config.: *I changed my domain to example.com

server {

    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;
		
	if ($host = example.com) {
		return 301 https://www.$host$request_uri;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # ma$
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # $
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	
	location / {
        try_files $uri $uri/ =404;
    }
	
	rewrite ^/rstudio$ $scheme://$http_host/rstudio/ permanent; 
    
    location /rstudio/ {
      rewrite ^/rstudio/(.*)$ /$1 break;
      proxy_pass http://localhost:8787;
      proxy_redirect http://localhost:8787/ $scheme://$http_host/rstudio/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_read_timeout 20d;
    }	
	rewrite ^/aggregate$ $scheme://$http_host/aggregate/ permanent; 
    
    location /aggregate/ {
      rewrite ^/aggregate/(.*)$ /$1 break;
      proxy_pass http://localhost:8080;
      proxy_redirect http://localhost:8080/ $scheme://$http_host/aggregate/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_read_timeout 20d;
    }

}

server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
	
}

dosanjosfilho avatar Feb 08 '19 13:02 dosanjosfilho

Hi, @DosAnjosFilho!

Until we can verify there's a bug to be fixed, support questions are better asked in the Support Forum. Please create a new post with the information you've detailed here. I'd ask you expand on some things:

  • Can you double check the conf files you've attached? In the issue description, you mention that you've configured the checkHostnames param to false, but the config you're attaching doesn't match that.
  • Can you describe your network environment a little bit more and how are you launching the Docker Compose stack?

In any case, please, take into account that the Docker Compose stacks are not quite there yet. They're meant for experimental and development use. If you need to host Aggregate for production, you have better (and supported) Cloud-Config stack alternatives with full SSL and domain support.

ggalmazor avatar Feb 08 '19 13:02 ggalmazor

Hi, @DosAnjosFilho!

Until we can verify there's a bug to be fixed, support questions are better asked in the Support Forum. Please create a new post with the information you've detailed here. I'd ask you expand on some things:

  • Can you double check the conf files you've attached? In the issue description, you mention that you've configured the checkHostnames param to false, but the config you're attaching doesn't match that.
  • Can you describe your network environment a little bit more and how are you launching the Docker Compose stack?

In any case, please, take into account that the Docker Compose stacks are not quite there yet. They're meant for experimental and development use. If you need to host Aggregate for production, you have better (and supported) Cloud-Config stack alternatives with full SSL and domain support.

Hello, @ggalmazor

  • It was a mistake when I wrote the issue.
  • On my system I made the default installation of docker and docker compose, according to official documentation. I tested various configurations during installation, using docker and docker compose, using virtualbox and installing directly into the system according to the wiki. But it always has a problem when redirecting to ODK Aggregate. I believe the problem is when using nginx with the ssl certificate and the redirect to the ODK Aggregate.

dosanjosfilho avatar Feb 08 '19 16:02 dosanjosfilho

Hi @DosAnjosFilho , did you fix this in the end? I recently tried setting up aggregate via docker-compose with an nginx reverse-proxy and letsencrypt for https and all worked fine. Let me know if you want me to share any compose files

chrismclarke avatar Feb 11 '20 11:02 chrismclarke