openrepo icon indicating copy to clipboard operation
openrepo copied to clipboard
verified publisher icon openkilt

Can't change hardcoded port 8080

Open k0ste opened this issue 2 years ago • 9 comments

Hi, I was modify docker-compose to expose port 80

version: "3.9"
services:
  nginx:
    image: openkilt/openrepo:latest
    command: nginx
    restart: unless-stopped
    ports:
      - "80:80"
    depends_on:
      - "django"
    volumes:
      - ./openrepo-data:/var/lib/openrepo

But when I'm try to curl repo without trailing slash, OpenRepo return url with port number

√ ~ % curl -v http://openrepo.opentech.local/infra-el8  <--- request without port number
*   Trying 100.100.101.22:80...
* Connected to openrepo.opentech.local (100.100.101.22) port 80 (#0)
> GET /infra-el8 HTTP/1.1
> Host: openrepo.opentech.local
> User-Agent: curl/7.87.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 11 May 2023 13:06:34 GMT
< Content-Type: text/html
< Content-Length: 178
< Location: http://openrepo.opentech.local:8080/infra-el8/  <-------- problem here
< Connection: keep-alive
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host openrepo.opentech.local left intact

I was try to resolve this via definition env OPENREPO_DOMAIN to host:80 - seems this option isn't working for this case as well

k0ste avatar May 11 '23 13:05 k0ste

You'll want to forward to port 8080 inside Docker, rather than port 80.

The Nginx config inside the Docker container exposes two ports: 80 and 8080. Port 80 is just there to forward to SSL/443 (i.e., you want to serve exclusively HTTPS content, and as a convenience, auto redirect people who hit the HTTP endpoint).

In your case, I believe you just want to forward the HTTP app (8080). So the following config I think should be what you want.

version: "3.9"
services:
  nginx:
    image: openkilt/openrepo:latest
    command: nginx
    restart: unless-stopped
    ports:
      - "80:8080"
    depends_on:
      - "django"
    volumes:
      - ./openrepo-data:/var/lib/openrepo

matthill avatar May 12 '23 15:05 matthill

Nope

[root@openrepo openrepo]# cat docker-compose.yml | grep ports -A 1
    ports:
      - "80:8080"
[root@openrepo openrepo]# curl -v http://openrepo.opentech.local/infra-el8
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to openrepo.opentech.local (127.0.0.1) port 80 (#0)
> GET /infra-el8 HTTP/1.1
> Host: openrepo.opentech.local
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 12 May 2023 16:37:02 GMT
< Content-Type: text/html
< Content-Length: 178
< Location: http://openrepo.opentech.local:8080/infra-el8/  <------ the same
< Connection: keep-alive
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host openrepo.opentech.local left intact

k0ste avatar May 12 '23 16:05 k0ste

To be clear, the "repo" is only one page who acts like this. The OpenRepo web interface & API works as expected

k0ste avatar May 12 '23 16:05 k0ste

I tested and it works fine for me. One caveat seems to be that you need to upload a single package file to the repo. Before a RPM/Deb or generic file is uploaded, the repo directory doesn't yet exist and Nginx will return a 404.

I wonder if your docker images didn't get recreated when you ran docker-compose? From your command output, that port (8080) shouldn't even be open if you made the changes I posted.

Here is the full docker-compose.yml file I'm using for reference:

version: "3.9"
services:
  nginx:
    image: openkilt/openrepo:latest
    command: nginx
    restart: unless-stopped
    ports:
      - "80:8080"
    depends_on:
      - "django"
    volumes:
      - ./openrepo-data:/var/lib/openrepo



  django:
    image: openkilt/openrepo:latest
    expose:
      - "8000"
    command: run_openrepoweb
    restart: unless-stopped
    volumes:
      - ./openrepo-data:/var/lib/openrepo
    environment:
      - OPENREPO_DB_TYPE=postgresql
      - OPENREPO_PG_DATABASE=openrepo
      - OPENREPO_PG_USERNAME=postgres
      - OPENREPO_PG_PASSWORD=postgres
      - OPENREPO_PG_HOSTNAME=db
    depends_on:
      - "db"


  worker:
    image: openkilt/openrepo:latest
    command: ./django/manage.py runworker
    volumes:
      - ./openrepo-data:/var/lib/openrepo
    restart: unless-stopped
    environment:
      - OPENREPO_DB_TYPE=postgresql
      - OPENREPO_PG_DATABASE=openrepo
      - OPENREPO_PG_USERNAME=postgres
      - OPENREPO_PG_PASSWORD=postgres
      - OPENREPO_PG_HOSTNAME=db
    depends_on:
      - "django"


  db:
    image: postgres:15.1
    expose:
      - "5432"
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_USER=postgres
      - POSTGRES_DB=openrepo
    volumes:
      - ./openrepo-data/postgres:/var/lib/postgresql/data

matthill avatar May 18 '23 17:05 matthill

I tested and it works fine for me. One caveat seems to be that you need to upload a single package file to the repo. Before a RPM/Deb or generic file is uploaded, the repo directory doesn't yet exist and Nginx will return a 404.

Yes, it is

I wonder if your docker images didn't get recreated when you ran docker-compose? From your command output, that port (8080) shouldn't even be open if you made the changes I posted.

Here is the full docker-compose.yml file I'm using for reference:

I'm removed all openrepo data, copy this reference and start build's again for fresh packages

Check that packages exists:

[root@openrepo openrepo]# curl http://openrepo.opentech.local/infra-el8/
<html>
<head><title>Index of /infra-el8/</title></head>
<body>
<h1>Index of /infra-el8/</h1><hr><pre><a href="../">../</a>
<a href="repodata/">repodata/</a>                                          19-May-2023 08:34                   -
<a href="ethq-0.6.2-1.el8.x86_64.rpm">ethq-0.6.2-1.el8.x86_64.rpm</a>                        19-May-2023 08:25               71292
<a href="public.gpg">public.gpg</a>                                         19-May-2023 08:34                1648
<a href="sst-1.7.237-1.el8.x86_64.rpm">sst-1.7.237-1.el8.x86_64.rpm</a>                       19-May-2023 08:34            57348328
</pre><hr></body>
</html>

Then check for original issue (same request without trailing slash):

[root@openrepo openrepo]# curl -Ss -v http://openrepo.opentech.local/infra-el8 | grep Location
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to openrepo.opentech.local (127.0.0.1) port 80 (#0)
> GET /infra-el8 HTTP/1.1
> Host: openrepo.opentech.local
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
< Date: Fri, 19 May 2023 09:00:03 GMT
< Content-Type: text/html
< Content-Length: 178
< Location: http://openrepo.opentech.local:8080/infra-el8/ <--------- port still present
< Connection: keep-alive
<
{ [178 bytes data]
* Connection #0 to host openrepo.opentech.local left intact

k0ste avatar May 19 '23 09:05 k0ste

I apologize, maybe I'm misunderstanding. Are you saying that this URL works: http://openrepo.opentech.local/infra-el8/

But this URL provides a redirect: http://openrepo.opentech.local/infra-el8 to: http://openrepo.opentech.local:8080/infra-el8/

The bug here being the reference to port 8080 instead of redirecting to: http://openrepo.opentech.local/infra-el8/

is that right?

matthill avatar May 22 '23 15:05 matthill

I apologize, maybe I'm misunderstanding. Are you saying that this URL works: http://openrepo.opentech.local/infra-el8/

But this URL provides a redirect: http://openrepo.opentech.local/infra-el8 to: http://openrepo.opentech.local:8080/infra-el8/

The bug here being the reference to port 8080 instead of redirecting to: http://openrepo.opentech.local/infra-el8/

is that right?

Exactly! At least, because this port (obviously) unreachable:

√ ~ % curl -v http://openrepo.opentech.local/infra-el8
*   Trying 100.100.101.22:80...
* Connected to openrepo.opentech.local (100.100.101.22) port 80 (#0)
> GET /infra-el8 HTTP/1.1
> Host: openrepo.opentech.local
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.18.0 (Ubuntu)
< Date: Mon, 22 May 2023 18:35:37 GMT
< Content-Type: text/html
< Content-Length: 178
< Location: http://openrepo.opentech.local:8080/infra-el8/
< Connection: keep-alive
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host openrepo.opentech.local left intact
√ ~ % curl -v http://openrepo.opentech.local:8080/infra-el8/
*   Trying 100.100.101.22:8080...
* connect to 100.100.101.22 port 8080 failed: Connection refused
* Failed to connect to openrepo.opentech.local port 8080 after 69 ms: Couldn't connect to server
* Closing connection 0
curl: (7) Failed to connect to openrepo.opentech.local port 8080 after 69 ms: Couldn't connect to server

k0ste avatar May 22 '23 18:05 k0ste

I pushed a change (commit c43f6385) that hopefully resolves that issue. You can test it by either rebuilding the docker image and redeploying, or you can manually replace the config in your Nginx container and run:

/etc/init.d/nginx reload

matthill avatar May 22 '23 22:05 matthill

Seems this changes are not landed on latest tag on docker hub Screenshot 2023-05-23 at 12 11 01

k0ste avatar May 23 '23 09:05 k0ste