Hello,
I am trying to deploy a Camunda instance behind a reverse proxy. I am using docker and have a proxy container and a camunda container. When I try to access the camunda instance I get a camunda page that shows a “Not found 404” error and says " The Page you are requesting was not found on this server." It is strange, since the page that shows that has a camunda header…
My nginx,config looks like this:
server {
listen <LISTEN_PORT>;
server_name <SERVER_NAME>;
location <CAMUNDA_PATH>/ {
proxy_pass <CAMUNDA_HOST>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
My docker-entrypoint.sh file for nginx like this:
if [ -f “/etc/nginx/conf.d/default.conf.template” ]; then
echo “first server start: creating NGINX config”
mv /etc/nginx/conf.d/default.conf.template /etc/nginx/conf.d/default.conf
sed -i -r “s|<LISTEN_PORT>|8080|g” /etc/nginx/conf.d/default.conf
sed -i -r “s|<SERVER_NAME>|localhost|g” /etc/nginx/conf.d/default.conf
sed -i -r “s|<PT_CAMUNDA_PATH>|${PT_CAMUNDA_PATH}|g” /etc/nginx/conf.d/default.conf
sed -i -r “s|<PT_CAMUNDA_HOST>|${PT_CAMUNDA_HOST}|g” /etc/nginx/conf.d/default.conf
fi
exec nginx -g ‘daemon off;’
And I start the containers with the following docker commands.
For the proxy:
sudo docker run -d --name proxy–network=demo -p 80:8080 -e PT_CAMUNDA_PATH=/pt-camunda -e PT_CAMUNDA_HOST=http://pt-camunda:8080 -e proxy:latest
And for camunda:
sudo docker run -d --name pt-camunda --network=demo -p 7075:8080 camunda:latest
When going to server_ip/pt-camunda I get the following 44 error:
What am I missing?
As written, your webapp location in Tomcat is going to be fighting with your configured nginx location. To see this in action, open up your dev tools and look at the network requests. Likely you’ll see redirects and/or resources being retrieved at the wrong locations. The simplest way to achieve what you’re looking to do without a rewrite rule or updating your tomcat config is to have your location in nginx match the webapp root (by default /camunda). More details on why here
server {
listen 80;
server_name localhost;
location /camunda {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Hopefully after you get an example up and running you can tweak the nginx or tomcat configs to fit exactly what you want your environment to look like.
Hello jgigliotti, thank you for your response. Sadly that did not fix the issue. After doing some more digging I think I found the root of the problem, but I still cannot fix it.
My camunda app is running in a container that I can access on port 7075. When I access http://localhost:7075 I get redirected to http://localhost:7075/app/welcome/default/#!/welcome.
This should work when accessing the app from the reverse proxy too, however it appears “#” is an illegal character in nginx. I tried escaping it with %23 (the hexadecimal number for “#”) but it did not work.
Is there anyway around this?
Hey @jominga,
Okay, we should probably backup a bit… I made the assumption you were running the official docker container via camunda/camunda-bpm-platform:latest. I see now that you’re not, so there’s a good chance my previous answer isn’t quite right. Having said that, when you navigate to http://localhost:7075 you say that you’re getting redirected to ../app/welcome.., is that working as expected? No 404’s? I’ll assume that it’s working right seeing as you didn’t mention otherwise.
That tells me that your nginx config needs a little more work. Based on the fact that your default root location of the webapp is /, I would expect an nginx config a little more like this…
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Did you see something in the nginx logs that made you think # was illegal? In truth, the # (fragment) and anything that comes after it is for the browser only. It should never make it server side.
If you’re not able to get it working based on the info above, please post the dockerfile you’re using to build your camunda container. Honestly, having your custom nginx dockerfile would also help me to reproduce.
Hello @jgigliotti,
your assumption is correct, if I navigate to http://localhost:7075 and I get redirected to http://localhost:7075/app/welcome/default/#!/welcome camunda works just fine.
I also tried with your suggested nginx config but I’m still getting a 404 error.
The reason I thought the problem was the # ist that I tried setting the proxy_pass to app/welcome/default/#!/welcome. And then, when accessing localhost/pt-camunda I got redirected to http://localhost/pt-camunda/app/welcome/ and got the following error:
So I assumed that the proxy is not redirecting where it’s supposed to beacuse of the #.
This is the camunda dockerfile:
FROM camunda/camunda-bpm-platform:7.12.0
RUN rm -rf /camunda/webapps/ROOT;
rm -rf /camunda/webapps/camunda-invoice;
rm -rf /camunda/webapps/camunda-welcome;
rm -rf /camunda/webapps/docs;
rm -rf /camunda/webapps/examples;
rm -rf /camunda/webapps/h2;
mv /camunda/webapps/camunda /camunda/webapps/ROOT
COPY --chown=camunda:camunda deployment/camunda-bpm-identity-keycloak-all-1.4.0.jar /camunda/lib/
COPY --chown=camunda:camunda deployment/camunda-setenv.sh /camunda/bin/setenv.sh
COPY --chown=camunda:camunda deployment/bpm-platform.xml /camunda/conf/bpm-platform.xml
COPY --chown=camunda:camunda ptos/target/ptos.war /camunda/webapps/
RUN chmod 664 /camunda/lib/camunda-bpm-identity-keycloak-all-1.4.0.jar;
chmod 750 /camunda/bin/setenv.sh;
chmod 644 /camunda/conf/bpm-platform.xml
And this is the nginx dockerfile:
FROM nginx:1.16.1-alpine AS prod
ENV SERVER_NAME=localhost
LISTEN_PORT=8080 \
COPY ./nginx.conf.template /etc/nginx/conf.d/default.conf.template
COPY ./docker-entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT /usr/local/bin/entrypoint
Okay, I was able to reproduce and get it working. I think the issue lies mostly in the nginx config and the docker entrypoint files. Notice, your nginx config uses <CAMUNDA_PATH>, but your entrypoint script replaces PT_CAMUNDA_PATH. So, I updated the nginx config to look like this:
server {
listen <LISTEN_PORT>;
server_name <SERVER_NAME>;
location <PT_CAMUNDA_PATH> {
proxy_pass <PT_CAMUNDA_HOST>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Notice that I removed the / that comes after <PT_CAMUNDA_PATH>. That way, when you run the nginx container, you can pass just the slash as I alluded to in my previous post.
docker run -d --name proxy --network=demo -p 80:8080 -e PT_CAMUNDA_PATH=/ -e PT_CAMUNDA_HOST=http://pt-camunda:8080 proxy:latest
Then simply navigating to http://localhost should do the trick!
1 Like
I followed your instructions, I updated the nginx config and removed the /, but when I visit http://localhost I get redirected to http://localhost:8080// and get the following error…
Your config still isn’t right, you ended up with two slashes in your nginx config (you can always exec into the running container or cat the running config to verify it).
I really don’t understand why. I exec into the container and this is the config inside:
server {
listen 8080;
server_name localhost;
location / {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
(I also tried with listen 80 but then the redirect to other containers that I also have running stop working)
Just out of curiosity, does your container redirect from root to another path with #! on the link?
Config looks okay. At this point, I’m running out of ideas… my nginx config matches yours:
/ # cat /etc/nginx/conf.d/default.conf
server {
listen 8080;
server_name localhost;
location / {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Proxy is being run with
docker run -d --name proxy --network=demo -p 80:8080 -e PT_CAMUNDA_PATH=/ -e PT_CAMUNDA_HOST=http://pt-camunda:8080 proxy:latest
Camunda is being run with
docker run -d --name pt-camunda --network=demo -p 7075:8080 camunda:latest
Hitting http://localhost in the browser results in a couple of redirects and then ultimately…
To answer your last question, there are several redirects from the root… first http://localhost/app/welcome then to http://localhost/app/welcome/default/. The rest, #!/login, is tacked on by the frontend code.
1 Like
I tried with location /app and it seems a step in the right direction. Here’s the nginx config:
server {
listen 8080;
server_name localhost;
location /app {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Now when I visit http://localhost/app I get redirected to http://localhost/app/welcome/default/ and I don’t get any 404 error. However, the site gets stuck in the loading screen:
And the proxy logs this:
172.22.0.1 - - [28/Apr/2020:06:36:58 +0000] "GET /app/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" "-"
172.22.0.1 - - [28/Apr/2020:06:36:58 +0000] "GET /app/welcome/default/ HTTP/1.1" 200 3631 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" "-"
2020/04/28 06:36:59 [error] 14#14: *12 open() "/etc/nginx/html/lib/require.js" failed (2: No such file or directory), client: 172.22.0.1, server: localhost, request: "GET /lib/require.js HTTP/1.1", host: "localhost", referrer: "http://localhost/app/welcome/default/"
172.22.0.1 - - [28/Apr/2020:06:36:59 +0000] "GET /lib/require.js HTTP/1.1" 404 555 "http://localhost/app/welcome/default/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36" "-"
Got it working with 2 nginx-locations. The app-location is for starting the web-app which is reachable at
The camunda-location is used for requests issued by the webapp. The camunda-webapp doesn’t know about the app-location and its requests assume absolute pathes ie http://pt-camunda:8080/camunda/…
Give it a try…
location /app {
rewrite /app/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://pt-camunda:8080;
}
location /camunda {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://pt-camunda:8080;
}
1 Like
@jgigliotti - Thanks your solutions worked for me:
/ # cat /etc/nginx/conf.d/default.conf
server {
listen 8080;
server_name localhost;
location / {
proxy_pass http://pt-camunda:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
But I found that to go to login you need to use absolute url like :
http://localhost:8080/app/welcome/default/#!/login
The redirects dont work because they are missing the port number when they send you back to …app/ url.
