cryptpad-docker icon indicating copy to clipboard operation
cryptpad-docker copied to clipboard

Published 20 hours ago verified publisher icon xwiki-labs

Error 520 when behind nginx reverse proxy

Open leon1995 opened this issue 4 years ago • 6 comments

Hi,

I always get an error when visiting my cryptpad domain behind an nginx reverse proxy: 520: Web server is returning an unknown error. My docker-compose.yml:

version: '3.8'

services:
  cryptpad:
    image: "promasu/cryptpad:nginx"
    hostname: cryptpad
    environment:
      - CPAD_TRUSTED_PROXY=(ip of my reverse proxy)/8
      - CPAD_REALIP_HEADER=X-Forwarded-For
      - CPAD_REALIP_RECURSIVE=on
      - CPAD_MAIN_DOMAIN=cryptpad.mydomain.xyz
      - CPAD_SANDBOX_DOMAIN=sandbox.mydomain.xyz
    volumes:
      - ./data/blob:/cryptpad/blob
      - ./data/block:/cryptpad/block
      - ./data/customize:/cryptpad/customize
      - ./data/data:/cryptpad/data
      - ./data/files:/cryptpad/datastore
      - ./data/config.js:/cryptpad/config/config.js
      - ./data/logs:/cryptpad/data/logs
      - ./data/archive:/cryptpad/data/archive
    ports:
      - "80:80"

I copied the default config from cryptpad and changed

httpUnsafeOrigin: 'https://cryptpad.mydomain.xyz',
httpSafeOrigin: "https://sandbox.mydomain.xyz",

In my reverse proxy I forwarded both domains to the ip address of my cryptpad instance on port 80.

I hope you can help me :)

EDIT: this is the output of docker-compose up:

cryptpad_1  | 2021-08-02 15:44:14,994 INFO Set uid to user 0 succeeded
cryptpad_1  | 2021-08-02 15:44:15,003 CRIT Server 'unix_http_server' running without any HTTP authentication checking
cryptpad_1  | 2021-08-02 15:44:15,004 INFO supervisord started with pid 1
cryptpad_1  | 2021-08-02 15:44:16,007 INFO spawned: 'processes' with pid 20
cryptpad_1  | 2021-08-02 15:44:16,009 INFO spawned: 'node' with pid 21
cryptpad_1  | 2021-08-02 15:44:16,011 INFO spawned: 'nginx' with pid 22
cryptpad_1  | nginx: [warn] low address bits of (ip of my revrese proxy)/8 are meaningless in /etc/nginx/conf.d/cryptpad.conf:11
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: using the "epoll" event method
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: nginx/1.14.2
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: OS: Linux 5.4.114-1-pve
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: getrlimit(RLIMIT_NOFILE): 524288:524288
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker processes
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 29
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 30
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 31
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 32
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 33
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 34
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 35
cryptpad_1  | 2021/08/02 15:44:16 [notice] 22#22: start worker process 36
cryptpad_1  | Serving content for https://cryptpad.mydomain.xyz/ via http://127.0.0.1:3000.
cryptpad_1  | 
cryptpad_1  | Your instance is not correctly configured for safe use in production.
cryptpad_1  | See https://cryptpad.mydomain.xyz/checkup/ for more information.
cryptpad_1  | 
cryptpad_1  | 2021-08-02 15:44:17,181 INFO success: processes entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
cryptpad_1  | 2021-08-02 15:44:17,182 INFO success: node entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
cryptpad_1  | 2021-08-02 15:44:17,182 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

leon1995 avatar Aug 02 '21 15:08 leon1995

Can you access it directly without the second reverse proxy?

promasu avatar Aug 10 '21 11:08 promasu

Do you mean via the ip of the host?

leon1995 avatar Aug 10 '21 11:08 leon1995

Yes exactly. I understand correctly that your setup looks like this? WWW->Nginx->Docker(Nginx->CryptPad)

promasu avatar Aug 16 '21 11:08 promasu

Yes, its www -> nginx -> docker(with stuff) , but the docker container and the nginx are located on different machines. nginx has 10.10.1.10 and cryptpad docker has 10.10.1.27. When I navigate to the ip address of the docker container on port 80 then it downloads an .dms file.

leon1995 avatar Aug 20 '21 08:08 leon1995

hi, if it still helps, i managed to fix the issue by disabling http2 with CPAD_HTTP2_DISABLE=true variable.

llukad avatar Dec 31 '21 15:12 llukad

I'm having a similar issue to this running the Nginx image and trying to use my SWAG reverse proxy on another machine.

Basically, I want to run Cryptpad with Nginx on a machine with one IP address/internal domain name Then I want to proxy it through my SWAG instance (which I use for everything else).

Within the Docker Compose file, should I be setting the CPAD_MAIN_DOMAIN and CPAD_SANDBOX_DOMAIN variables to the domain name of the server the Docker is running on, or the actual domain name that will be used to access it externally?

madindehead avatar Jan 08 '22 11:01 madindehead