- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-23-2017 09:05 PM
Let me preface this by saying that I'm awre i've introduced this fault through my own modifications (and lack of experience with nginx). That being said I'd appreciate and insight into how I've broken this function.
Symptom is that the 'LOGS' tab on the webUI displays nothing inside the frame other than the MM logo and "Loading...", likewise the "Logs" button in the upper right of any given node's detail exhibits this behaviour.
And as to how I've introduced the issue -
I've deployed the jtschichold/minemeld-docker docker container with the following modification -
The nginx runnning config /etc/nginx/sites-enabled/minemeld-web was modified to the following:
upstream app_server { server 127.0.0.1:5000 fail_timeout=0; } server { listen 4000; server_name _; keepalive_timeout 5; # path for static files root /opt/minemeld/www/current; location = / { index index.html; } location ~* \.html$ { try_files $uri @proxy_to_app; expires -1; } # first files then proxy to flask app location / { try_files $uri @proxy_to_app; expires off; } # for SSE location /status/events { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header Connection ''; proxy_http_version 1.1; proxy_redirect off; proxy_buffering off; chunked_transfer_encoding off; proxy_cache off; proxy_read_timeout 120s; expires -1; proxy_pass http://app_server; } # for content that should be handled by mw flask app location @proxy_to_app { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://app_server; }
the end result being that the WebUI would be exposed on port 4000 without TLS.
It's important to note at this point that if I'm to access the service at http://<minemeldserver>:4000 the log displays are all completely functional (i.e this issue is not present)
What introduces the fault is this - I have a second docker container which runs only nginx and embeded within that service's configuration/active-sites I have the following -
server { listen 443 ssl; server_name minemeld.example.com; ssl on; ssl_certificate /cert/cert.pem; ssl_certificate_key /cert/key-no-password.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:MEDIUM:!SSLv2:!PSK:!SRP:!ADH:!AECDH; ssl_prefer_server_ciphers on; location / { gzip off; proxy_set_header X-Forwarded-Ssl on; client_max_body_size 50M; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass http://minemeld:4000; } }
among other (unrelated) servers.
Presently my two ideas about why the logs break is that there's either a conflict with housing that second nginx instance within the minemeld container in addition to the seperate front-end nginx instance or that the issue is as a result of a self-signed certificate currently in use in this development environment.
I'd originally intended to competely disable the nginx instance inside the jtschichold/minemeld-docker container however this broke integration with flask and leaving there with TLS disabled seemed like a viable solution which has otherwise worked fine.
Any troubleshooting suggestions welcome thank you
02-24-2017 05:46 AM
Hi @TickBoxSec,
I think the problem could be related to LOGS being served to the client using server-sent-events.
A location stanza in the original config takes care of setting the correct parameters for the connection:
# for SSE location /status/events { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header Connection ''; proxy_http_version 1.1; proxy_redirect off; proxy_buffering off; chunked_transfer_encoding off; proxy_cache off; proxy_read_timeout 120s; expires -1; proxy_pass http://app_server; }
Could you try replicating this location with these parameters inside the second nginx container ?
Thanks,
luigi
07-10-2017 06:42 PM
07-10-2017 11:36 PM
Server events are passed to the WebUI using a long standing connection (server-sent events). You should check:
- the nginx access log
- the developer tools of the browser to see the flow of events coming into the WebUI. In Chrome: More Tools > Developer Tools - Network pane
07-16-2017 11:22 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!