apache
[SIP-112] Allow to deploy Superset under the prefix of an URL
[SIP] Allow to deploy Superset under the prefix of an URL
Motivation
We faced a problem in the deployment of the Superset under the prefix like https://{domain}/superset. We can not use subdomains. Configuring a gateway (like nginx) didn't work since there were problems with redirects. After a lot of efforts we decided to refactor the Superset. Furthermore, we saw many requests and questions about how to deploy Superset under the prefix without any working solutions.
Proposed Change
I refactored a backend code by replacing simple string urls with the url_for function on the backend, or with the APPLICATION_ROOT variable in places with no app context. I added a function withPrefix on the frontend and use it for all the urls, generated on the frontend.
New or Changed Public Interfaces
There are no changes in the public interfaces
New dependencies
No new dependencies
Migration Plan and Compatibility
No migrations
Rejected Alternatives
Configuration of gateways is not enough.
Configuration
To use deployment with the prefix you just need to add the following variables into the Superset config
ENABLE_PROXY_FIX = True
STATIC_ASSETS_PREFIX = "/superset"
APPLICATION_ROOT = "/superset"
and to configure the gateway with this minimal configuration (nginx syntax)
location /superset/ {
proxy_pass http://{superset_host}:{superset_port}/;
proxy_set_header X-Forwarded-Prefix /superset/;
}
Be noticed that the trailing slashes are important for the nginx configuration
People in the Slack chat often ask how to deploy like this, so I can confirm there is community demand for the feature to come out-of-the-box. At the very least, this SIP should result in adding to the docs (though I hope it can result in implementing the feature).
The linked pull request is a draft so no this has not been implemented. @vadym-serdiuk do you need any support/contributions from committers? There is now a recurring SIP call to discuss ideas like this and get them across the finish line
@sfirke
Hi,
I completed refactoring all the places in the code (FE, BE) where urls were created directly without ablity to use prefixes. Currently, we are able to build a docker image and embed it in our solution. However, there is one moment that needs to be solved before it can be used widely. The variable ASSET_BASE_URL used inside the webpack.config.js should be set on the building stage. I can't find a solution for avoiding this or having a workaround. So everyone who wants to use a prefix needs to build his own docker image.
Hi. I hard code the ASSET_BASE_URL="/data" in the docker file and built the image, noticed it breaks all the CSS, images and js and not able to login in to the superset and throws a 302 error code its redirects back to the login page
Thanks Sana
On Tue, Feb 20, 2024 at 7:33 AM vadym-serdiuk @.***> wrote:
@sfirke https://github.com/sfirke Hi, I completed refactoring all the places in the code (FE, BE) where urls were created directly without ablity to use prefixes. Currently we are able to build a docker image and embed it in our solution. However, there is one moment that need to be solved before it can be used widely. The variable ASSET_BASE_URL used inside the webpack.config.js should be set on the building stage. I can't find a solution for avoiding this or having a workaround. So everyone who wants to use a prefix need to build his own docker image.
— Reply to this email directly, view it on GitHub https://github.com/apache/superset/issues/26319#issuecomment-1953370889, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMAZM5N5INY2VC4XZSYNDTDYUP75LAVCNFSM6AAAAABA462M2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJTGM3TAOBYHE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hi,
Attached Dockerfile and nginx.conf and superset_config.py
On Tue, Feb 20, 2024 at 7:54 AM vadym-serdiuk @.***> wrote:
@sanasreenivasulu https://github.com/sanasreenivasulu What is your nginx config?
— Reply to this email directly, view it on GitHub https://github.com/apache/superset/issues/26319#issuecomment-1953384814, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMAZM5JWIGRE6QZPYQCWSKLYUQCN3AVCNFSM6AAAAABA462M2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJTGM4DIOBRGQ . You are receiving this because you were mentioned.Message ID: @.***>
Hi, STATiC_ASSETS_PREFIX change is required in the superset_config.py file
STATIC_ASSETS_PREFIX = "/data"
On Tue, Feb 20, 2024 at 8:06 AM Sana Sreenivasulu < @.***> wrote:
Hi,
Attached Dockerfile and nginx.conf and superset_config.py
On Tue, Feb 20, 2024 at 7:54 AM vadym-serdiuk @.***> wrote:
@sanasreenivasulu https://github.com/sanasreenivasulu What is your nginx config?
— Reply to this email directly, view it on GitHub https://github.com/apache/superset/issues/26319#issuecomment-1953384814, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMAZM5JWIGRE6QZPYQCWSKLYUQCN3AVCNFSM6AAAAABA462M2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJTGM4DIOBRGQ . You are receiving this because you were mentioned.Message ID: @.***>
Hi, Let me resend again
On Tue, Feb 20, 2024 at 8:38 AM vadym-serdiuk @.***> wrote:
@sanasreenivasulu https://github.com/sanasreenivasulu I don't see your attachment
— Reply to this email directly, view it on GitHub https://github.com/apache/superset/issues/26319#issuecomment-1953413760, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMAZM5O2ALL3HM5L5FINWA3YUQHT7AVCNFSM6AAAAABA462M2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJTGQYTGNZWGA . You are receiving this because you were mentioned.Message ID: @.***>
@sanasreenivasulu it looks like you are replying via email and the attachments are not coming through. Maybe copy-paste the relevant portions of those files into a Github post instead with proper code formatting?
there is issue with basic.html file
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'strict-dynamic' 'nonce-PJiqKv1fUV-BDW0GNIyi9khxS9Ic8Ow3'". Either the 'unsafe-inline' keyword, a hash ('sha256-2lnlRuPtBZrqhSGBsKWUf6tH7/uHIa/CHSTRdhivnH8='), or a nonce ('nonce-...') is required to enable inline execution.
@sfirke Hi, I completed refactoring all the places in the code (FE, BE) where urls were created directly without ablity to use prefixes. Currently, we are able to build a docker image and embed it in our solution. However, there is one moment that needs to be solved before it can be used widely. The variable ASSET_BASE_URL used inside the
webpack.config.jsshould be set on the building stage. I can't find a solution for avoiding this or having a workaround. So everyone who wants to use a prefix needs to build his own docker image.
@vadym-serdiuk is it ok if I use hard coded value in webpack.config.js and use that hard coded path in nginx like below ? I have tested it and it works.
webpack.config.js
publicPath: /client/static/assets/,
nginx.conf
location /client/ { proxy_pass http://superset_app/; }
@sanasreenivasulu
I don't see anything that can explain your problem. Be sure, that the correct superset_config.py is used by your superset. Check the actual request/response, may be you'll see something.
highly requested feature. Solving the problem via NGIX configurations is not an option when embedding dashboards in k8s environment where the superset is exposed via a subpath https://acme.com/superser/embedded/.... to avoid CORS issues
If anyone wants to move forward with this SIP officially, please take the next step int he process by starting a [DISCUSS] thread on the dev@ mailing list.
If anyone wants to steward this SIP and move it forward, please do. If nobody does, it will be closed as dismissed/inactive at some point in the near future.
Closing as discarded (stale) since it hasn't been put up for discussion after 6 months. See relevant passed SIP
If you want to rekindle this, just open the discussion, and we can re-open this Issue and move it on the board.
Hi,
As mentioned on the dev mailing list I'm interested in reviving this. I have a draft PR with some changes across the codebase that are working under the circumstances that I have.
I don't know if this approach is acceptable or there would be a better way to implement this behaviour? The downside is that it requires a rebuild of the frontend assets but I'm having difficulty seeing a way around this. Can this issue be reopened to continue the discussion on this?
Thanks, Martyn
