hcengineering
Dokploy template and HTTPS issue
Hello
I deployed Huly using dokploy. First it creates traefik.me link without https which is working fine and when I assign my custom domain without https, it's working fine also. The problem comes when I enable HTTPS and I start getting "Unknown Error: Load Failed". When I checked the console, This is what is get when I access using http:
Navigated to http://huly-huly-000000.traefik.me/login/login location.ts:145 desktopPlatform undefined platform.ts:349 loading configuration {ACCOUNTS_URL: 'http://huly-huly-000000.traefik.me/_accounts', UPLOAD_URL: '/files', FILES_URL: '/files/:workspace/:filename?file=:blobId&workspace=:workspace', MODEL_VERSION: '0.6.436', VERSION: '0.6.468', …}ACCOUNTS_URL: "http://huly-huly-00000.traefik.me/_accounts"CALENDAR_URL: "http://huly-huly-00000.traefik.me/_calendar"COLLABORATOR_URL: "ws://huly-huly-0000.traefik.me/_collaborator"DESKTOP_UPDATES_CHANNEL: "selfhost"FILES_URL: "/files/:workspace/:filename?file=:blobId&workspace=:workspace"GITHUB_APP: ""GITHUB_CLIENTID: ""GITHUB_URL: ""GMAIL_URL: "http://huly-huly-00000000.traefik.me/_gmail"INTERCOM_API_URL: ""INTERCOM_APP_ID: ""LIVEKIT_WS: ""LOVE_ENDPOINT: "http://huly-huly-000000.traefik.me/_love"MODEL_VERSION: "0.6.436"PRESENCE_URL: ""PREVIEW_CONFIG: "/files/:workspace?file=:blobId&size=:size"PRINT_URL: ""PUSH_PUBLIC_KEY: ""REKONI_URL: "http://huly-huly-00000.traefik.me/_rekoni"SENTRY_DSN: ""SIGN_URL: ""STATS_URL: "http://huly-huly-00000.traefik.me/_stats"TELEGRAM_URL: "http://huly-huly-000000.traefik.me/_telegram"UPLOAD_CONFIG: ""UPLOAD_URL: "/files"VERSION: "0.6.468"[[Prototype]]: Object platform.ts:350 loaded branding {} platform.ts:400 Minimal Model version requirement 0.6.436 platform.ts:404 Minimal version requirement 0.6.468
but when I access it using https this happens:
Navigated to https://huly.mydomain.com/ location.ts:145 desktopPlatform undefined platform.ts:349 loading configuration {ACCOUNTS_URL: 'http://huly-huly-0000.traefik.me/_accounts', UPLOAD_URL: '/files', FILES_URL: '/files/:workspace/:filename?file=:blobId&workspace=:workspace', MODEL_VERSION: '0.6.436', VERSION: '0.6.468', …}ACCOUNTS_URL: "http://huly-huly-00000.traefik.me/_accounts"CALENDAR_URL: "http://huly-huly-00000.traefik.me/_calendar"COLLABORATOR_URL: "ws://huly-huly-00000.traefik.me/_collaborator"DESKTOP_UPDATES_CHANNEL: "selfhost"FILES_URL: "/files/:workspace/:filename?file=:blobId&workspace=:workspace"GITHUB_APP: ""GITHUB_CLIENTID: ""GITHUB_URL: ""GMAIL_URL: "http://huly-huly-00000.traefik.me/_gmail"INTERCOM_API_URL: ""INTERCOM_APP_ID: ""LIVEKIT_WS: ""LOVE_ENDPOINT: "http://huly-huly-00000.traefik.me/_love"MODEL_VERSION: "0.6.436"PRESENCE_URL: ""PREVIEW_CONFIG: "/files/:workspace?file=:blobId&size=:size"PRINT_URL: ""PUSH_PUBLIC_KEY: ""REKONI_URL: "http://huly-huly-000000.traefik.me/_rekoni"SENTRY_DSN: ""SIGN_URL: ""STATS_URL: "http://huly-huly-0000000.traefik.me/_stats"TELEGRAM_URL: "http://huly-huly-0000000.traefik.me/_telegram"UPLOAD_CONFIG: ""UPLOAD_URL: "/files"VERSION: "0.6.468"[[Prototype]]: Object platform.ts:350 loaded branding {} platform.ts:400 Minimal Model version requirement 0.6.436 platform.ts:404 Minimal version requirement 0.6.468 5Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure resource '<URL>'. This request has been blocked; the content must be served over HTTPS.
It seems that the templates is getting loaded over http from traefik.me and thats what is blocking the request.
I don't know whether this is a dokploy issue or huly. but I posted it here to see if you have any idea about it.
![huly-github-staging[bot] avatar](https://avatars.githubusercontent.com/in/811546?v=4 "Published by a pub.dev verified publisher"){kind=small}
First of all, try to update to the latest version, there might be a bug in the old version or configuration. Please let me know if the issue persists after update.
I installed a fresh Ubuntu and installed Dokploy's installation script to avoid any outdated image. Huly seems up and running but it's not accessible. not via Traefik nor the domain name. Traefik gives "404 page not found" and domain name gives "no available server"
Hi, I was experiencing the same error. I tried to run the dokploy huly temlate with secure connection under my domain (proxied by cloudflare)
Today I could make it work.
I share my config right below:
For the environment section I use this:
# Docker Base Config
DOCKER_NAME=huly
HULY_VERSION=v0.7.235
# Hosts & Network config
MINIO_SUBDOMAIN=hfiles
HOST_ADDRESS=huly.mydomain.com
# Huly General config
TITLE="Huly CRM"
DEFAULT_LANGUAGE=en
LAST_NAME_FIRST=true
DISABLE_SIGNUP=false
# Database config
CR_DATABASE=hulycrm
CR_USERNAME=huly
CR_USER_PASSWORD=CHANGE_ME
CR_DB_URL=postgres://huly:CHANGE_ME@cockroach:26257/hulycrm?sslmode=disable
# Queue config
REDPANDA_ADMIN_USER=admin
REDPANDA_ADMIN_PWD=CHANGE_ME
# MinIO config
MINIO_ROOT_USER=huly
MINIO_ROOT_PASSWORD=CHANGE_ME
# LiveKIT config
LIVEKIT_HOST=CHANGE_ME
LIVEKIT_API_KEY=CHANGE_ME
LIVEKIT_API_SECRET=CHANGE_ME
# SMTP config
SMTP_HOST=smtp.mydomain.com
SMTP_PORT=587
[email protected]
[email protected]
SMTP_PASSWORD=CHANGE_ME
# Security
SECRET=CHANGE_ME
Notice that I've updated the version, so many things may be different. For the docker compose use mine, because in the new version some containers changed.
name: ${DOCKER_NAME}
version: "3"
services:
nginx:
image: "nginx:1.21.3"
container_name: huly-nginx
ports:
- 80
volumes:
- ../files/volumes/nginx/.huly.nginx:/etc/nginx/conf.d/default.conf
restart: unless-stopped
networks:
- huly-net
cockroach:
image: cockroachdb/cockroach:latest-v24.2
container_name: huly-cockroach
command: start-single-node --accept-sql-without-tls
environment:
- COCKROACH_DATABASE=${CR_DATABASE}
- COCKROACH_USER=${CR_USERNAME}
- COCKROACH_PASSWORD=${CR_USER_PASSWORD}
volumes:
- cr_data:/cockroach/cockroach-data
- cr_certs:/cockroach/certs
restart: unless-stopped
networks:
- huly-net
redpanda:
image: docker.redpanda.com/redpandadata/redpanda:v24.3.6
container_name: huly-redpanda
command:
- redpanda
- start
- --kafka-addr internal://0.0.0.0:9092,external://0.0.0.0:19092
- --advertise-kafka-addr internal://redpanda:9092,external://localhost:19092
- --pandaproxy-addr internal://0.0.0.0:8082,external://0.0.0.0:18082
- --advertise-pandaproxy-addr internal://redpanda:8082,external://localhost:18082
- --schema-registry-addr internal://0.0.0.0:8081,external://0.0.0.0:18081
- --rpc-addr redpanda:33145
- --advertise-rpc-addr redpanda:33145
- --mode dev-container
- --smp 1
- --default-log-level=info
volumes:
- redpanda:/var/lib/redpanda/data
environment:
- REDPANDA_SUPERUSER_USERNAME=${REDPANDA_ADMIN_USER}
- REDPANDA_SUPERUSER_PASSWORD=${REDPANDA_ADMIN_PWD}
healthcheck:
test: ["CMD", "rpk", "cluster", "info", "-X", "user=${REDPANDA_ADMIN_USER}", "-X", "pass=${REDPANDA_ADMIN_PWD}"]
interval: 10s
timeout: 5s
retries: 10
networks:
- huly-net
minio:
image: "minio/minio:RELEASE.2024-11-07T00-52-20Z"
container_name: huly-minio
command: server /data --address ":9000" --console-address ":9001"
environment:
- MINIO_ROOT_USER=${MINIO_ROOT_USER}
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}
- MINIO_SERVER_URL=https://${MINIO_SUBDOMAIN}.${HOST_ADDRESS}
volumes:
- files:/data
restart: unless-stopped
networks:
- huly-net
elastic:
image: "elasticsearch:7.14.2"
container_name: huly-elasticsearch
command: |
/bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
/usr/local/bin/docker-entrypoint.sh eswrapper"
volumes:
- elastic:/usr/share/elasticsearch/data
environment:
- ELASTICSEARCH_PORT_NUMBER=9200
- BITNAMI_DEBUG=true
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
- http.cors.enabled=true
- http.cors.allow-origin=http://localhost:8082
healthcheck:
interval: 20s
retries: 10
test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
restart: unless-stopped
networks:
- huly-net
rekoni:
image: hardcoreeng/rekoni-service:${HULY_VERSION}
container_name: huly-rekoni
environment:
- SECRET=${SECRET}
deploy:
resources:
limits:
memory: 500M
restart: unless-stopped
networks:
- huly-net
transactor:
image: hardcoreeng/transactor:${HULY_VERSION}
container_name: huly-transactor
environment:
- SERVER_PORT=3333
- SERVER_SECRET=${SECRET}
- DB_URL=${CR_DB_URL}
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
- FRONT_URL=https://${HOST_ADDRESS}
- ACCOUNTS_URL=http://account:3000
- FULLTEXT_URL=http://fulltext:4700
- STATS_URL=http://stats:4900
- LAST_NAME_FIRST=${LAST_NAME_FIRST:-true}
- QUEUE_CONFIG=redpanda:9092
- MAIL_URL=http://mail:8097
- EMAIL_SERVICE_URL=http://mail:8097
restart: unless-stopped
networks:
- huly-net
collaborator:
image: hardcoreeng/collaborator:${HULY_VERSION}
container_name: huly-collaborator
environment:
- COLLABORATOR_PORT=3078
- SECRET=${SECRET}
- ACCOUNTS_URL=http://account:3000
- STATS_URL=http://stats:4900
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
restart: unless-stopped
networks:
- huly-net
account:
image: hardcoreeng/account:${HULY_VERSION}
container_name: huly-account
environment:
- SERVER_PORT=3000
- SERVER_SECRET=${SECRET}
- DB_URL=${CR_DB_URL}
- TRANSACTOR_URL=ws://transactor:3333;wss://${HOST_ADDRESS}/_transactor
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
- FRONT_URL=https://${HOST_ADDRESS}
- STATS_URL=https://${HOST_ADDRESS}/stats
- MODEL_ENABLED=*
- ACCOUNTS_URL=https://${HOST_ADDRESS}
- ACCOUNT_PORT=3000
- QUEUE_CONFIG=redpanda:9092
- DISABLE_SIGNUP=${DISABLE_SIGNUP:-false}
- MAIL_URL=http://mail:8097
- EMAIL_SERVICE_URL=http://mail:8097
restart: unless-stopped
networks:
- huly-net
workspace:
image: hardcoreeng/workspace:${HULY_VERSION}
container_name: huly-workspace
environment:
- SERVER_SECRET=${SECRET}
- DB_URL=${CR_DB_URL}
- TRANSACTOR_URL=ws://transactor:3333;wss://${HOST_ADDRESS}/_transactor
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
- MODEL_ENABLED=*
- ACCOUNTS_URL=http://account:3000
- STATS_URL=http://stats:4900
- QUEUE_CONFIG=redpanda:9092
- ACCOUNTS_DB_URL=${CR_DB_URL}
restart: unless-stopped
networks:
- huly-net
front:
image: hardcoreeng/front:${HULY_VERSION}
container_name: huly-front
environment:
- SERVER_PORT=8080
- SERVER_SECRET=${SECRET}
- LOVE_ENDPOINT=https://${HOST_ADDRESS}/_love
- ACCOUNTS_URL=https://${HOST_ADDRESS}/_accounts
- ACCOUNTS_URL_INTERNAL=http://account:3000
- REKONI_URL=https://${HOST_ADDRESS}/_rekoni
- CALENDAR_URL=https://${HOST_ADDRESS}/_calendar
- GMAIL_URL=https://${HOST_ADDRESS}/_gmail
- TELEGRAM_URL=https://${HOST_ADDRESS}/_telegram
- STATS_URL=https://${HOST_ADDRESS}/_stats
- UPLOAD_URL=/files
- ELASTIC_URL=http://elastic:9200
- COLLABORATOR_URL=wss://${HOST_ADDRESS}/_collaborator
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
- TITLE=${TITLE:-Huly Self Host}
- DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE:-en}
- LAST_NAME_FIRST=${LAST_NAME_FIRST:-true}
- DESKTOP_UPDATES_CHANNEL=${HULY_VERSION}
- LIVEKIT_WS=${LIVEKIT_HOST}
- DISABLE_SIGNUP=${DISABLE_SIGNUP:-false}
restart: unless-stopped
networks:
- huly-net
fulltext:
image: hardcoreeng/fulltext:${HULY_VERSION}
container_name: huly-fulltext
environment:
- SERVER_SECRET=${SECRET}
- DB_URL=${CR_DB_URL}
- FULLTEXT_DB_URL=http://elastic:9200
- ELASTIC_INDEX_NAME=huly_storage_index
- STORAGE_CONFIG=minio|minio?accessKey=${MINIO_ROOT_USER}&secretKey=${MINIO_ROOT_PASSWORD}
- REKONI_URL=http://rekoni:4004
- ACCOUNTS_URL=http://account:3000
- STATS_URL=http://stats:4900
- QUEUE_CONFIG=redpanda:9092
restart: unless-stopped
networks:
- huly-net
stats:
image: hardcoreeng/stats:${HULY_VERSION}
container_name: huly-stats
environment:
- PORT=4900
- SERVER_SECRET=${SECRET}
restart: unless-stopped
networks:
- huly-net
mail:
image: hardcoreeng/mail:${HULY_VERSION}
container_name: huly-mail
environment:
- PORT=8097
- SOURCE=${SMTP_FROM}
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
restart: unless-stopped
networks:
- huly-net
love:
image: hardcoreeng/love:${HULY_VERSION} # (o la tag que corresponda)
container_name: huly-love
environment:
- SERVER_PORT=8096
- SERVER_SECRET=${SECRET}
- SECRET=${SECRET}
- ACCOUNTS_URL=http://account:3000
- DB_URL=${CR_DB_URL}
- LIVEKIT_HOST=${LIVEKIT_HOST}
- LIVEKIT_API_KEY=${LIVEKIT_API_KEY}
- LIVEKIT_API_SECRET=${LIVEKIT_API_SECRET}
# MinIO / S3 (lo que te falta)
- MINIO_ENDPOINT=http://minio:9000 # interno (nombre de servicio)
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
- MINIO_BUCKET=huly-love # el bucket que quieras usar
- MINIO_REGION=us-east-1 # cualquiera; MinIO lo ignora pero muchas libs lo piden
- MINIO_USE_SSL=false # true solo si exponés MinIO con TLS directo
- MINIO_PUBLIC_URL=https://${HOST_ADDRESS}/files # URL pública vía Nginx (/files)
restart: unless-stopped
networks:
- huly-net
volumes:
elastic:
files:
cr_data:
cr_certs:
redpanda:
networks:
huly-net:
Finally, It´s important to update the mounted file to config correctly the nginx container, to do it, go to the Advance section in the Dokploy panel and click con edit button then paste this config:
server {
listen 80;
server_name huly.mydomain.com; # mejor que "_"
# tamaño de subida (adjuntos)
client_max_body_size 512m;
# FRONT
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
proxy_pass http://front:8080;
}
# ACCOUNTS
location /_accounts {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
rewrite ^/_accounts(/.*)$ $1 break;
proxy_pass http://account:3000/;
}
# COLLABORATOR (WebSocket)
location /_collaborator {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
rewrite ^/_collaborator(/.*)$ $1 break;
proxy_pass http://collaborator:3078/;
}
# TRANSACTOR (WebSocket)
location /_transactor {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
rewrite ^/_transactor(/.*)$ $1 break;
proxy_pass http://transactor:3333/;
}
# TRANSACTOR por token (atajos de WS)
location ~ ^/eyJ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_pass http://transactor:3333;
}
# REKONI
location /_rekoni {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
rewrite ^/_rekoni(/.*)$ $1 break;
proxy_pass http://rekoni:4004/;
}
# STATS
location /_stats {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # <<< forzar https
rewrite ^/_stats(/.*)$ $1 break;
proxy_pass http://stats:4900/;
}
# FILES (MinIO) — lo usa el front como UPLOAD_URL=/files
# (Opcional) FULLTEXT si lo exponés por Nginx
location /_fulltext/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://fulltext:4700/;
}
location /_love/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://love:8096/;
}
}
IMPORTANT: Remember to change the server_name inside the config.
