| [20:50:17] | * farmBOT has joined #farmos |
| [01:01:46] | <RUros[m]> | This is what I tried now: I changed port like @mstenta mentioned. |
| [01:05:03] | <RUros[m]> | With "reverse_proxy_trusted_headers" there has to be something. If this line is like described in farmos guide for https: $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL; in this case drush command give error with this line mentioned, like constant do not exist. I replaced this line with: settings['reverse_proxy_trusted_headers'] = |
| [01:05:03] | <RUros[m]> | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED; Drush then works, but I don't know if this is right setting to work with proxy and my issue. |
| [01:06:55] | <RUros[m]> | In both cases I get "error 404:Cannot locate document: /" on http access (port 8080), and "error 400:The plain HTTP request was sent to HTTPS port" for https (port 8888). |
| [01:07:30] | <RUros[m]> | * I get erros like: "error 404:Cannot |
| [01:09:54] | <RUros[m]> | * With �reverse\_proxy\_trusted\_headers� there has to be something. If this line is like described in farmos guide for https: �$settings\['reverse\_proxy\_trusted\_headers'\] = \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_ALL;� in this case drush command give error with this line mentioned, like constant do not exist. I replaced this line with: �$settings\['reverse\_proxy\_trusted\_headers'\] = |
| [01:09:54] | <RUros[m]> | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_FOR | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_HOST | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PORT | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PROTO | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_FORWARDED;� Drush then works, but I don't know if this is right setting to work with |
| [01:09:54] | <RUros[m]> | proxy and my issue. |
| [01:12:44] | <RUros[m]> | * With �reverse\_proxy\_trusted\_headers� there has to be something. If this line is like described in farmos guide for https: �$settings\['reverse\_proxy\_trusted\_headers'\] = \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_ALL;� in this case drush command gives error: �Error: Undefined constant Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL in require() (line 425 of |
| [01:12:44] | <RUros[m]> | /opt/drupal/web/sites/default/settings.php)�. , like constant do not exist. I replaced this line with: �$settings\['reverse\_proxy\_trusted\_headers'\] = \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_FOR | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_HOST | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PORT | |
| [01:12:44] | <RUros[m]> | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PROTO | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_FORWARDED;� Drush then works, but I don't know if this is right setting to work with proxy and my issue. |
| [01:13:10] | <RUros[m]> | * With �reverse\_proxy\_trusted\_headers� there has to be something. If this line is like described in farmos guide for https: �$settings\['reverse\_proxy\_trusted\_headers'\] = \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_ALL;� in this case drush command gives error: �Error: Undefined constant Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL in require() (line 425 of |
| [01:13:10] | <RUros[m]> | /opt/drupal/web/sites/default/settings.php)�. I replaced this line with: �$settings\['reverse\_proxy\_trusted\_headers'\] = \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_FOR | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_HOST | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PORT | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_X\_FORWARDED\_PROTO | |
| [01:13:10] | <RUros[m]> | \\Symfony\\Component\\HttpFoundation\\Request::HEADER\_FORWARDED;� Drush then works, but I don't know if this is right setting to work with proxy and my issue. |
| [01:17:32] | <RUros[m]> | * With �reverse_proxy_trusted_headers� there has to be something. If this line is like described in farmos guide for https: �$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL;� in this case drush command gives error: �Error: Undefined constant Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL in require() (line 425 of /opt/drupal/web/sites/default/settings.php)�. I |
| [01:17:32] | <RUros[m]> | replaced this line with: �$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;� Drush then works, but I don't know |
| [01:17:32] | <RUros[m]> | if this is right setting to work with proxy and my issue. |
| [01:53:21] | <RUros[m]> | �ACTION posted a file: (1KiB) < https://matrix.org/oftc/media/v1/media/download/AQpVzsu8YUKKFq0X2YKXLnrV... >� |
| [01:53:22] | <RUros[m]> | �ACTION posted a file: (1KiB) < https://matrix.org/oftc/media/v1/media/download/ARD5nTnxp3WbWIV8Jz1kRE9k... >� |
| [01:53:24] | <RUros[m]> | �ACTION posted a file: (36KiB) < https://matrix.org/oftc/media/v1/media/download/Aful3MPbBD8joern-5Cn2O-_... >� |
| [01:53:28] | <RUros[m]> | My bad 🙈 HTTPS access is working ok, When accessing in browser I used 'localhost:8888' instead of 'https://localhost:8888'. Still strugling to make it work on HTTP access 'http://localhost:8080' (just redirect to HTTPS). But still get error 404. Seems like nginx.conf is not properly configured for HTTP redirect to HTTPS. This are files I am currently running. |
| [07:34:20] | <symbioquine[m]> | My http -> https redirect in `ningx.conf` looks like this;... (full message at <https://matrix.org/oftc/media/v1/media/download/AYa1tdPOTZUmgSXUFQbNaqO-...) |
| [07:36:13] | <symbioquine[m]> | (Obviously, this means my nginx is listening on port 8080 for http - adjust that part as necessary) |
| [07:39:11] | <symbioquine[m]> | I'd recommend trying that simpler/more explicit rewrite version before you add the fancier stuff - not listing the domain names, ipv6, etc |
| [07:40:25] | <symbioquine[m]> | I'm also not sure what the consequences of returning a http 301 like that are compared with using the rewrite directive - though I'm guessing there's an advantage in indicating to the browser that it is a "permanent" redirect so it can be cached aggressively. |
| [08:34:54] | <RUros[m]> | I started from this example for nginx configuration: https://farmos.org/development/environment/https/, and then made changes for different port settings |
| [08:36:04] | <RUros[m]> | I changed this lines you mentioned:... (full message at <https://matrix.org/oftc/media/v1/media/download/Acl9I8tt0o1Y4wJcP9CIfssj...) |
| [08:36:40] | <RUros[m]> | the part for https i didn't change |
| [08:36:47] | <RUros[m]> | but result is the same |
| [08:37:25] | <RUros[m]> | i also try with this line: rewrite ^/(.*)$ https://$host:8888$request_uri? permanent; |
| [08:37:34] | <mstenta[m]> | Does �rewrite ^/(.*)$ https://$host$request_uri? permanent;� need to be changed to include the port? |
| [08:37:44] | <mstenta[m]> | Ah you beat me to it RUros :-) |
| [08:38:22] | <symbioquine[m]> | Try putting in your hostname (matching your certificate) instead of "_" in �server_name _�. |
| [08:38:56] | <mstenta[m]> | RUros: I wonder about taking this back to square one... you said you're doing it because you have other service(s) running on 80 and 443 already. Would it be worth considering setting up a proxy in front of ALL of those, and directing traffic to the correct container accordingly? That way you don't need to mess with ports. |
| [08:39:35] | <symbioquine[m]> | I thought about suggesting that too... (but it should work) |
| [08:39:44] | <symbioquine[m]> | * should work on other ports like this) |
| [08:40:04] | <symbioquine[m]> | (and we don't know what the larger context is) |
| [08:40:31] | <RUros[m]> | Yes this was my thinking also. |
| [08:40:35] | <symbioquine[m]> | (could be network-level port forwarding to entirely different machines for all we know) |
| [08:41:35] | <mstenta[m]> | (yup and if it's not all in docker that's different) |
| [08:43:38] | <RUros[m]> | Yes, i have 2 instances (farmos and grafana) running in docker. Primary OS is Windows. And on Windows there is also video surveillance |
| [08:44:03] | <RUros[m]> | currently all running just http with port forward, but I would like to add some more security to it. |
| [08:44:41] | <RUros[m]> | s/currently/Currently/ |
| [08:48:36] | * FarmerEd[m] has joined #farmos |
| [08:48:37] | <FarmerEd[m]> | I use Cloudflare, to handle https, it also uses a tunnel so need for open ports + you can add additional security like 2FA or Google SSO |
| [11:35:47] | <RUros[m]> | �ACTION posted a file: (1KiB) < https://matrix.org/oftc/media/v1/media/download/AXdHvcEcvI7DQmb7Z1pDOgAx... >� |
| [11:35:47] | <RUros[m]> | �ACTION posted a file: (1KiB) < https://matrix.org/oftc/media/v1/media/download/Aa4BqGq878Dml14sYNIbwlA9... >� |
| [11:40:40] | <RUros[m]> | OMG 🙈 Port 8080 was the whole time taken by another web service in windows. I didn't even know this process is running. When I changed in docker-compose to new port: 8585 it started to work. What a lame mistake 😆. So this are the files, I am running now, and HTTP and HTTPS works fine. Thanks for help guys ! |
| [11:41:13] | <mstenta[m]> | Ah ha! |
| [11:43:14] | <RUros[m]> | What I am observing now is that google maps api do not work. Should be this plugin somehow adjusted to new port ? |
| [11:43:54] | <symbioquine[m]> | Did you put in your own Google maps API key? |
| [11:44:05] | <RUros[m]> | yes |
| [11:44:41] | <symbioquine[m]> | Did you set a domain whitelist in the Google api console? |
| [11:46:25] | <RUros[m]> | for this api key i have restrictions so only my IP is on the list |
| [11:48:07] | <symbioquine[m]> | So you didn't put your domain in as a restriction, only the requester ip? |
| [11:48:47] | <RUros[m]> | on no domain, it is IP nubmer of requester (farmos server) |
| [11:49:16] | <RUros[m]> | s/on//, s/nubmer/number/ |
| [11:50:04] | <symbioquine[m]> | You probably want to put in a "Websites" type restriction with your domain: https://developers.google.com/maps/api-security-best-practices#restricti... |
| [11:50:36] | <symbioquine[m]> | That restricts access to the API based on the referrer header passed to google's servers by the browser. |
| [11:51:19] | <symbioquine[m]> | In turn that means that visitors to your website (farmOS install) can use your maps API key regardless of what network they are on (e.g. not just on your home network) |
| [11:51:55] | <symbioquine[m]> | but, I think the "Websites" type restriction may need the whitelist to include the port... |
| [11:53:03] | <symbioquine[m]> | �ACTION uploaded an image: (79KiB) < https://matrix.org/oftc/media/v1/media/download/AYqnmrhQ-5tplRnSokHv2J0z... >� |
| [11:53:20] | <mstenta[m]> | Maybe worth disabling all restrictions first just to see if that fixes it. Then figure out the right ones. |
| [11:53:25] | <symbioquine[m]> | (i.e. I suspect it is "optional", but only when the port is the standard one - like 80/443) |
| [11:55:23] | <RUros[m]> | OK, thanks I'll have to look into that. At first like mstenta mentioned, i disabled all restrictions. Now I have to wait for changes to take effect. |
| [11:55:27] | <RUros[m]> | Thanks for now 😀 |
| [11:55:52] | <mstenta[m]> | Just don't forget to add restrictions! Don't want to get a bill from Google for unauthorized use! ;-) |
| [11:59:57] | <symbioquine[m]> | Weekly dev call in ~1 minute! All are welcome. https://meet.jit.si/farmos-dev |
| [13:13:55] | <mstenta[m]> | ah jeez - the docker hub drupal image changed to trixie by default |
| [13:14:14] | <mstenta[m]> | great for 4.x, but maybe we want to pin it to bookworm for 3.x? |
| [13:14:31] | <mstenta[m]> | (just noticed tests started failing last night... investigating the fix now...) |
| [13:42:26] | <mstenta[m]> | paul121: I'm going to pin both 3.x and 4.x to bookworm |
| [13:42:33] | <mstenta[m]> | To fix failing tests |
| [13:42:52] | <mstenta[m]> | And then we can follow-up to upgrade 4.x to trixie after that |
| [13:43:09] | <mstenta[m]> | Any objection? |
| [13:59:16] | * paul121[m] has joined #farmos |
| [13:59:16] | <paul121[m]> | <mstenta[m]> "Any objection?" <- sounds good to me |
| [16:52:30] | <mstenta[m]> | OK merged, and I figured out the Trixie build issue, so here's a PR to update to Trixie: https://github.com/farmOS/farmOS/pull/992 |
| [16:52:45] | <mstenta[m]> | (which also allows us to remove the SQLite3 update workaround we added for D11) |