docker-zulip icon indicating copy to clipboard operation
docker-zulip copied to clipboard

Published 20 hours ago verified publisher icon zulip

"Too many redirects" after fresh install

Open maeries opened this issue 2 years ago • 2 comments

I just installed Zulip via Docker on my server. When I open the webinterface in a Browser (I tried Firefox, Edge, Firefox Android) I only get a redirection error aka. "too many redirects"

How to reproduce

  1. follow this tutorial: https://github.com/zulip/docker-zulip/blob/master/README.md
  2. Configure the docker-compose.yml so that Zulip runs behind Caddy (tried without Caddy, does not seem to make a difference)
  3. go to zulip.domain.tld

Or

  1. up this docker-compose.yml
version: '2'
services:
  database:
    image: 'zulip/zulip-postgresql:10'
    environment:
      POSTGRES_DB: 'zulip'
      POSTGRES_USER: 'zulip'
      # Note that you need to do a manual `ALTER ROLE` query if you
      # change this on a system after booting the postgres container
      # the first time on a host.  Instructions are available in README.md.
      POSTGRES_PASSWORD: 'EkQEmG4aUqYHYqnyTyFcEd76pD'
    volumes:
      - './data/postgres:/var/lib/postgresql/data:rw'
    restart: unless-stopped

  memcached:
    image: 'memcached:alpine'
    command:
      - 'sh'
      - '-euc'
      - |
        echo 'mech_list: plain' > "$$SASL_CONF_PATH"
        echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
        echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
        exec memcached -S
    environment:
      SASL_CONF_PATH: '/home/memcache/memcached.conf'
      MEMCACHED_SASL_PWDB: '/home/memcache/memcached-sasl-db'
      MEMCACHED_PASSWORD: 'Fzxj8Ah2LAUP29wCz7gE3HtMnMJF'
    restart: unless-stopped

  rabbitmq:
    image: 'rabbitmq:3.7.7'
    restart: unless-stopped
    environment:
        RABBITMQ_DEFAULT_USER: 'zulip'
        RABBITMQ_DEFAULT_PASS: '44AgC4kLvhw55yDk7XtFdR234EoB'
    volumes:
      - './data/rabbitmq:/var/lib/rabbitmq:rw'

  redis:
    image: 'redis:alpine'
    restart: unless-stopped
    command:
      - 'sh'
      - '-euc'
      - |
        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
        exec redis-server /etc/redis.conf
    environment:
      REDIS_PASSWORD: '36H6ewHLLV3giYyVYiXM8HMpTNG'
    volumes:
      - '/opt/docker/zulip/redis:/data:rw'

  zulip:
    image: 'zulip/docker-zulip:4.3-0'
    restart: unless-stopped
#    build:
#      context: .
#      args:
#        # Change these if you want to build zulip from a different repo/branch
#        ZULIP_GIT_URL: https://github.com/zulip/zulip.git
#        ZULIP_GIT_REF: '4.3'
#        # Set this up if you plan to use your own CA certificate bundle for building
#        # CUSTOM_CA_CERTIFICATES:
    ports:
      - '1234:80'
#      - '443:443'
    environment:
      DB_HOST: 'database'
      DB_HOST_PORT: '5432'
      DB_USER: 'zulip'
      SSL_CERTIFICATE_GENERATION: 'self-signed'
      SETTING_MEMCACHED_LOCATION: 'memcached:11211'
      SETTING_RABBITMQ_HOST: 'rabbitmq'
      SETTING_REDIS_HOST: 'redis'
      SECRETS_email_password: '123456789'
      # These should match RABBITMQ_DEFAULT_PASS, POSTGRES_PASSWORD,
      # MEMCACHED_PASSWORD, and REDIS_PASSWORD above.
      SECRETS_rabbitmq_password: '44AgC4kLvhw55yDk7XtFdR234EoB'
      SECRETS_postgres_password: 'EkQEmG4aUqYHYqnyTyFcEd76pD'
      SECRETS_memcached_password: 'Fzxj8Ah2LAUP29wCz7gE3HtMnMJF'
      SECRETS_redis_password: '36H6ewHLLV3giYyVYiXM8HMpTNG'
      SECRETS_secret_key: 'K8SCw8geGp6d4JqC8PETGmgKhxjc2aGf8fuSQPFNRAmRvJvote26RT4jxV6fZw'
      SETTING_EXTERNAL_HOST: 'zulip.domain.tld'
      SETTING_ZULIP_ADMINISTRATOR: '[email protected]'
      SETTING_EMAIL_HOST: ''  # e.g. smtp.example.com
      SETTING_EMAIL_HOST_USER: '[email protected]'
      SETTING_EMAIL_PORT: '587'
      # It seems that the email server needs to use ssl or tls and can't be used without it
      SETTING_EMAIL_USE_SSL: 'False'
      SETTING_EMAIL_USE_TLS: 'True'
      ZULIP_AUTH_BACKENDS: 'EmailAuthBackend'
      # Uncomment this when configuring the mobile push notifications service
      # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
    volumes:
      - './data/zulip:/data:rw'
    ulimits:
      nofile:
        soft: 1000000
        hard: 1048576
    networks:
      - caddy_net
      - default

networks:
  caddy_net:
    external: true
  default:

Server runs on old Xeaon E5520. Don't know if that matters

maeries avatar Jul 16 '21 17:07 maeries

The problem seems to be related with Caddy sending HTTP requests while Zulip only listens to HTTPS. I read that DISABLE_HTTPS: "True" does not work anymore. Is there an alternative? The way it's described in the docs does not seem to be made to be used with docker https://zulip.readthedocs.io/en/latest/production/deployment.html#configuring-zulip-to-allow-http

Edit to be more clear: When I set Caddy2 to connect via port 80 I get the "Too many redirects". Then I set it to use port 443 I get "Client sent an HTTP request to an HTTPS server."

maeries avatar Jul 16 '21 18:07 maeries

Figured it out. Under the environment variables in the docker-compose.yml you have to set DISABLE_HTTPS: 'True'. Then set your reverse proxy to connect to the http (non s) port of zulip

maeries avatar Jul 28 '21 16:07 maeries