grimoire

grimoire copied to clipboard

Describe the bug

• Grimoire instance webpage shows Could not connect to Pocketbase on https://grimoire.mydomain.de/pb. Is it running?.
• Browser's dev console shows 404 in health check (GET https://grimoire.mydomain.de/internal/pb/api/health [HTTP/2 404 295ms])

To Reproduce Steps to reproduce the behavior:

1. Setup docker container with traefik reverse proxy (similar to #68 ) with pocketbae host label set to "traefik.http.routers.pocketbase.rule=Host(grimoire.mydomain.de) && PathPrefix(/pb/)".
2. Set PUBLIC_POCKETBASE_URL=https://grimoire.mydomain.de/pb
3. Start docker container and goto https://grimoire.mydomain.de
4. Error on webpage and dev console is shown

Expected behavior Webpage shoul dbe reachable without errors. Also I'm confused why the health check url contains internal/?

Additional context This issue might be related to #68 and #97, but I didn't want to "hijack" these issues. Feel free to close this as duplicate if I should continue in one of them :)

Hello @v1r0x!

The latest version contains multiple fixes, one related to this exact issue, please check https://github.com/goniszewski/grimoire/releases/tag/v0.3.5!

Also I'm confused why the health check url contains internal/?

A: This is Grimoire's proxy path that is proxied internally to the default Pocketbase instance. Thus, we can keep all the API calls in the app itself and not via an external connection.

I'll keep this issue open and wait for your confirmation if it's fixed for you in the latest version!

Hello @goniszewski

Thanks for your fast reply. I already tried that version after it came out :wink:

Edit: Is it enough to run docker-compose pull? Or should I checkout the git repo again?

Maybe I did something wrong with my setup? I'm far from an expert in docker or traefik :grinning:

Here's my docker-compose.yml

version: '3.7'
services:
  pocketbase:
    image: spectado/pocketbase:0.22.10
    container_name: grimoire-pocketbase
    restart: unless-stopped
    ports:
      - '8090:80'
    volumes:
      - pb_data:/pb_data
      - pb_migrations:/pb_migrations/
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:80/api/health || exit 1
      interval: 5s
      timeout: 5s
      retries: 5
    env_file: .env
    depends_on:
      - grimoire
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      # PocketBase
      - "traefik.http.routers.pocketbase.entrypoints=http"
      - "traefik.http.routers.pocketbase.rule=Host(`grimoire.mydomain.de`) && PathPrefix(`/pb/`)"
      - "traefik.http.middlewares.pocketbase.stripprefix.prefixes=/pb"
      - "traefik.http.middlewares.pocketbase-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.pocketbase.middlewares=pocketbase"
      - "traefik.http.routers.pocketbase.middlewares=pocketbase-https-redirect"
      - "traefik.http.routers.pocketbase-secure.entrypoints=https"
      - "traefik.http.routers.pocketbase-secure.rule=Host(`grimoire.mydomain.de`) && PathPrefix(`/pb/`)"
      - "traefik.http.routers.pocketbase-secure.tls=true"
      - "traefik.http.routers.pocketbase-secure.tls.certresolver=http"
      - "traefik.http.routers.pocketbase-secure.service=pocketbase"
      - "traefik.http.services.pocketbase.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
  grimoire:
    image: goniszewski/grimoire:latest
    container_name: grimoire
    restart: unless-stopped
    env_file: .env
    volumes:
      - pb_migrations:/app/pb_migrations/
    build:
      context: .
      dockerfile: Dockerfile
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:$PORT/api/health || exit 1
      interval: 5s
      timeout: 5s
      retries: 5
    ports:
      - '$PORT:$PORT'
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grimoire.entrypoints=http"
      - "traefik.http.routers.grimoire.rule=Host(`grimoire.mydomain.de`)"
      - "traefik.http.middlewares.grimoire-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.grimoire.middlewares=grimoire-https-redirect"
      - "traefik.http.routers.grimoire-secure.entrypoints=https"
      - "traefik.http.routers.grimoire-secure.rule=Host(`grimoire.mydomain.de`)"
      - "traefik.http.routers.grimoire-secure.tls=true"
      - "traefik.http.routers.grimoire-secure.tls.certresolver=http"
      - "traefik.http.routers.grimoire-secure.service=grimoire"
      - "traefik.http.services.grimoire.loadbalancer.server.port=5173"
      - "traefik.docker.network=proxy"

networks:
  proxy:
    external: true
volumes:
  pb_data:
  pb_migrations:

and .env

# Set it if you're using external PocketBase installation (default: http://pocketbase)
PUBLIC_POCKETBASE_URL=https://grimoire.mydomain.de/pb
[email protected]
ROOT_ADMIN_PASSWORD=password
PUBLIC_ORIGIN=https://grimoire.mydomain.de
PUBLIC_HTTPS_ONLY=true
PORT=5173
PUBLIC_SIGNUP_DISABLED=true

I've checked again the configuration you've provided. I do not have a single suspect, but rather a couple of ideas, so please bear with me:

1. Did you check this configuration while using PUBLIC_POCKETBASE_URL without any value after =? It should then default to http://pocketbase
2. Are you able to get to the app container and check related logs? The internal proxy may be to blame, and if it's true, then we can possibly have some logs to further investigate
3. And there's the Origin, aka PUBLIC_ORIGIN env that, if not matching request's origin, can lead to CORS errors

Sorry I kept you waiting for so long!

Sorry I kept you waiting for so long!

No problem at all! :heart: Really appreciate your help!

Is there a specific log file inside the container? docker-compose logs doesn't log much. (couldn't find anything related to internal log files)

I left PUBLIC_POCKETBASE_URL empty and now the initial error is gone! :tada:

BUT When trying to add a new user and I click on "Sign up" nothing happens in the browser, but in the JS console/docker logs I get this error:

grimoire             | {
grimoire             |   invalid: true,
grimoire             |   settings: {
grimoire             |     code: 'validation_json_size_limit',
grimoire             |     message: 'The maximum allowed JSON size is 0 bytes.'
grimoire             |   }
grimoire             | }

What value do you have in your .env for BODY_SIZE_LIMIT?

I didn't set anything, but I tried to set it to the value from your Dockerfile. Still the same error with 0 bytes

Strange. Looks more like a proxy issue that is not directly related to the app itself.

Ok, thanks for the info. Then I'll dig into traefik to find my problem. Should I keep this issue open? Feel free to close it :) I'll add a new comment when I fixed my problem

It's OK to left it open. I hope you will stumble upon a solution to this problem and share it with us!

Something is clearly wrong here with ENV variables in general or PUBLIC_POCKETBASE_URL specifically.

After adding some debug to all places where this is used (config.ts, server.ts, lib/utils/pb.ts), this is what is seen and used at those places.

With the following .env file:

PUBLIC_POCKETBASE_URL=http://192.168.2.100:8090
[email protected]
ROOT_ADMIN_PASSWORD=changeme
PUBLIC_ORIGIN=http://localhost:5173
PUBLIC_HTTPS_ONLY=
PORT=5173
PUBLIC_SIGNUP_DISABLED=false

Env as seen from https://github.com/goniszewski/grimoire/blob/65427281c0874546101af88713393e6c8607e00a/src/lib/config.ts#L6 is:

 ~ config.ts env: {
  PUBLIC_HTTPS_ONLY: '',
  PUBLIC_ORIGIN: 'http://localhost:5173',
  PUBLIC_POCKETBASE_URL: 'http://192.168.2.100:8090',
  PUBLIC_SIGNUP_DISABLED: 'false'
}

so correctly so far.

but then immediately below (https://github.com/goniszewski/grimoire/blob/65427281c0874546101af88713393e6c8607e00a/src/lib/config.ts#L9), config object gets PUBLIC_POCKETBASE_URL differently:

🚀 ~ config.ts config: {
  HTTPS_ONLY: false,
  IS_DEV: false,
  ORIGIN: 'http://localhost:5173',
  POCKETBASE_URL: 'http://localhost:8090',
  SIGNUP_DISABLED: false
}

and therefore the app prints:

Configuration used {
  HTTPS_ONLY: false,
  IS_DEV: false,
  ORIGIN: 'http://localhost:5173',
  POCKETBASE_URL: 'http://localhost:8090',
  SIGNUP_DISABLED: false
}

and pb.ts also:

🚀 ~ pb.ts config: {
  HTTPS_ONLY: false,
  IS_DEV: false,
  ORIGIN: 'http://localhost:5173',
  POCKETBASE_URL: 'http://localhost:8090',
  SIGNUP_DISABLED: false
}
🚀 ~ pbUrl: http://localhost:5173/internal/pb

The condition should be updated to something like:

POCKETBASE_URL:
		env.PUBLIC_POCKETBASE_URL || getProcessEnvValue('PUBLIC_POCKETBASE_URL') || 'http://pocketbase',

or more elaborate to account for DEV environment. Right now the PUBLIC_POCKETBASE_URL is never used. @goniszewski

Quick update from my side. I bought a new home server and tried to setup grimoire again. Now it works flawlessly! :tada: Maybe this was related to my old arm setup instead of x86? I did not change anything, but somehow it works :shrug:

I also have this error message and I think @anarion80 might be on something. What is printed is not what I have in the config.

Doing the changes suggested for the config and building anew image worked for me. (see the image here https://hub.docker.com/r/rllola/grimoire)

Some things I believe is important in my case is that in my docker-compose I don't forward the port for pocketbase and I have HTTPS_ONLY=true.

The docker-compose example will work for people who have the -p 8090:80 set but not everyone might do it like this. And in this case the config will be a problem.

Sharing my docker-compose.yml (only a part of it)

  pocketbase:
    image: elestio/pocketbase:v0.22.14
    container_name: pocketbase
    user: 0:0
    volumes:
      - ./data/pocketbase:/pb_data/
      - ./data/migrations:/pb_migrations/
    # healthcheck:
    #   test: wget --no-verbose --tries=1 --spider http://localhost:80/api/health || exit 1
    #   interval: 5s
    #   timeout: 5s
    #   retries: 5
    depends_on:
      - grimoire
    environment:
      - PUBLIC_POCKETBASE_URL=https://pocketbase.evil.corp
      - [email protected]
      - ROOT_ADMIN_PASSWORD=evil
      - PUBLIC_ORIGIN=https://grimoire.evil.corp
      - PUBLIC_HTTPS_ONLY=true
      - PORT=5173
      - PUBLIC_SIGNUP_DISABLED=false
    expose:
        - 8090
    networks:
      default:
      evilnet:
        ipv4_address: 10.0.0.114


  grimoire:
    image: rllola/grimoire:v0.3.5
    container_name: grimoire
    restart: unless-stopped
    environment:
      - PUBLIC_POCKETBASE_URL=https://pocketbase.evil.corp
      - [email protected]
      - ROOT_ADMIN_PASSWORD=evil
      - PUBLIC_ORIGIN=https://grimoire.evil.corp
      - PUBLIC_HTTPS_ONLY=true
      - PORT=5173
      - PUBLIC_SIGNUP_DISABLED=false
      - NODE_EXTRA_CA_CERTS=/opt/evil/ca/cert.pem # Because I have selfsigned certificate
    volumes:
      - ./data/migrations:/pb_migrations/
      - ./config/ca:/opt/evil/ca
    # healthcheck:
    #   test: wget --no-verbose --tries=1 --spider http://localhost:$PORT/api/health || exit 1
    #   interval: 5s
    #   timeout: 5s
    #   retries: 5
    expose:
        - 5173
    networks:
      default:
      evil:
        ipv4_address: 10.0.0.115

One of the reason I am doing it like this is because I have my reverse proxy in another VM.

also meet that problem: POCKETBASE_URL is localhost which should be "https://gri.domain.com" even has been configurred in env

Opened a PR to fix this https://github.com/goniszewski/grimoire/pull/112 , I had the same issue and applied the fix locally and then rebuilt the container which fixes the issue for me

Please upgrade to the latest version of Grimoire. You can use the integrated migration tool to transfer your data to new format.