SWAG + Webtrees = Fail (for me at least)

LSIO Discussion Container Support
, ,
1

So I have this container up and running ; GitHub - H2CK/webtrees: Docker Image containing Webtrees with the docker-compose.yml looking like this for that container;

   webtrees:
    image: dtjs48jkt/webtrees:latest
    container_name: webtrees
    depends_on:
      - db
    environment:
      - PUID=1000
      - PGID=1000
      - PORT=8088
    volumes:
      - /webtrees_config:/var/www/html/data
    ports:
      - 8088:8088
    restart: unless-stopped

This is what my “webtrees.subdomain.conf” looks like;

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name webtrees.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app webtrees;
        set $upstream_port 8088;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
    }

    # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
    # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
    # location ~ (/<container_name>)?/api {
    #     include /config/nginx/proxy.conf;
    #     include /config/nginx/resolver.conf;
    #     set $upstream_app <container_name>;
    #     set $upstream_port <port_number>;
    #     set $upstream_proto <http or https>;
    #     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    #
    #     # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
    # }
}

So I can access “webtrees” when I enter the internal IP-adress of the server i.e. https://192.168.X.XXX:8088

But when I try;

https://webtrees.Mydomain.duckdns.org I get this error message (400 Bad request);

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

I’ve already redirected all traffic to https via the default site config.

I works fine for other containers, e.g. “BItwarden”.

I’ve tried googling the error message, but I’m stuck…

Any help much appreciated!

2

Try this from the webtrees docs:

Using http only

It is possible to use the image without https support. For that you have to start the container with the following environament variables set:

docker run -d -p 80:80 --name webtrees --link mysql:db -v /webtrees/data:/var/www/html/data -e DISABLE_SSL=TRUE -e PO

Seems you have double https in your current config.

Also in your example you are trying to proxy https to http, while the application is expecting https

       set $upstream_proto http;
       proxy_pass $upstream_proto://$upstream_app:$upstream_port;

That is why when trying https://192.168.X.XXX:8088 , that it is working.

I would turn off SSL for the application, no need to double it, only causes problems.

3

Thanks for helping me out Glitch!

I tried your suggestion - adding “DISABLE_SSL=TRUE” as an environmental variable, but using port 8088 instead (as port 80 is used by another container, but I’m thinking that shouldn’t matter).

As I’m already redirecting all traffic to https via NGINX default site config, I am now sending HTTPS to a HTTP port only, and thus I’m getting this error message in my browser (Chrome) “This site can’t provide a secure connection” (ERR_SSL_PROTOCOL_ERROR).

Later I’ll try shutting down the container using port 80, and se if that matters…
(and changing to port 80 in the nginx “webtrees.subdomain.conf”)

4

Ok, so I tinkered a bit more…

  1. added “-e DISABLE_SSL=TRUE -e PORT=8088” as an environmental variable, and “p 8088:8088”
  2. Changed "“webtrees.subdomain.conf” from “set $upstream_proto http;” to “set $upstream_proto https;”

Now I get " 502 Bad Gateway - Ngnix"…

Still lost… :slight_smile:

5

You don’t need to change the upstream protocol to https if you are using DISABLE_SSL, that is kind of the point. You are routing to a http port after all.

As long as both the proxy container and the webtrees container are on the same docker network you don’t need the port forward at all.

        set $upstream_app webtrees;
        set $upstream_port 8088;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

This should work if the environment variable PORT is set to 8088 and ssl is disabled, in theory…

6

Thanks for trying Glitch, however I still doesn’t work.

This site can’t be reached

192.168.X.XXX refused to connect.

Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

I believe this is because I’ve already redirected all traffic to https via the default site config.

So I just want to be able to send https to this container - like I have many before, but it just doesn’t work.,.

Maybe I should post a request for this particular container and keep my fingers crossed?

7

I think I found what you are missing in the webtrees docs (I think you should read them again :wink: )’

It seems to want a base-url like this, try your external url:

It is also possible to active pretty urls by using environment variables. You could set -e PRETTYURLS=TRUE and -e BASE_URL=http://localhost . This will set the necessary settings in the config.ini.php.

1 Like
8

Wait - what, read the manual…? Isn’t that cheating…:wink:

I finally got it working - many thanks Glitch for nudging my in the right direction!

So in case someone else stumbles upon this same problem, here is my config that works (for me at least);

docker-compose.yml

   webtrees:
    image: dtjs48jkt/webtrees:latest
    container_name: webtrees
    depends_on:
      - db
    environment:
      - PUID=1000
      - PGID=1000
      - PORT=8088
      - PRETTYURLS=TRUE
      - BASE_URL=https://webtrees.Mydomain.duckdns.org    
      - DISABLE_SSL=TRUE
    volumes:
      - /webtrees_config:/var/www/html/data
    restart: unless-stopped

webtrees.subdomain.conf

## Version 2021/05/18
# REMOVE THIS LINE BEFORE SUBMITTING: The structure of the file (all of the existing lines) should be kept as close as possible to this template.
# REMOVE THIS LINE BEFORE SUBMITTING: Look through this file for <tags> and replace them. Review other sample files to see how things are done.
# REMOVE THIS LINE BEFORE SUBMITTING: The comment lines at the top of the file (below this line) should explain any prerequisites for using the proxy such as DNS or app settings.
# make sure that your dns has a cname set for <container_name> and that your <container_name> container is not using a base url

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name webtrees.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app webtrees;
        set $upstream_port 8088;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
    }

    # REMOVE THIS LINE BEFORE SUBMITTING: Some proxies require one or more additional location blocks for things like API or RPC endpoints.
    # REMOVE THIS LINE BEFORE SUBMITTING: If the proxy you are making a sample for does not require an additional location block please remove the commented out section below.
    # location ~ (/<container_name>)?/api {
    #     include /config/nginx/proxy.conf;
    #     include /config/nginx/resolver.conf;
    #     set $upstream_app <container_name>;
    #     set $upstream_port <port_number>;
    #     set $upstream_proto <http or https>;
    #     proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    #
    #     # REMOVE THIS LINE BEFORE SUBMITTING: Additional proxy settings such as headers go below this line, leave the blank line above.
    # }
}

With this I can reach webtrees with https://webtrees.Mydomain.duckdns.org - just like intended.

Note that I put the base URL as “https” not “http”.

Many thanks Glitch!

9

Glad I could help. I do still think you need to change

set $upstream_proto https;

to

set $upstream_proto http;

Because you have DISABLE_SSL=TRUE. That is the “correct” way to proxy with swag.

10

I tried changing as you suggested and it still works, so I’ll trust you when you say this is the “correct” way, and keep “http” instead of “https”.

Again, thanks for helping me out.

11

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.