I am trying to get Metasfresh running with SSL on a dedicated Debian 10 server with the help of docker-compose. I have tried several settings, first behind a traefik 2.4 reverse proxy as well as without it.
I can’t seem to get the WebUI connect to the API or WebSocket. For the API I get a 403 Error code and the console says:
WARN 20 — [nio-8080-exec-9] o.s.w.s.s.t.h.DefaultSockJsService : Origin header value ‘https://erp.my-domain.com:8443’ not allowed.
I generated the key and cert file with LetsEncrypt and put them in the webui/source/certs folder.
I am using the v2 compose file provided with SSL port mapping to 8443.
db:
build: db
restart: always
volumes:
- ./volumes/db/data:/var/lib/postgresql/data
- ./volumes/db/log:/var/log/postgresql
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- METASFRESH_USERNAME=metasfresh
- METASFRESH_PASSWORD=metasfresh
- METASFRESH_DBNAME=metasfresh
- DB_SYSPASS=System
- POSTGRES_PASSWORD=ip2LmNzXX8p8iXg9lZTWEJ9524kQDbXFudB7LR03T-xK9fLweX3TLMkA2AYcEiaS
app:
build: app
hostname: app
links:
- db:db
- rabbitmq:rabbitmq
- search:search
expose:
- "8282"
- "61616"
- "8788"
restart: always
volumes:
- ./volumes/app/log:/opt/metasfresh/log:rw
- ./volumes/app/heapdump:/opt/metasfresh/heapdump:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- METASFRESH_HOME=/opt/metasfresh
webapi:
build: webapi
links:
- app:app
- db:db
- rabbitmq:rabbitmq
- search:search
expose:
- "8789"
restart: always
volumes:
- ./volumes/webapi/log:/opt/metasfresh-webui-api/log:rw
- ./volumes/webapi/heapdump:/opt/metasfresh-webui-api/heapdump:rw
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
webui:
build: webui
links:
- webapi:webapi
ports:
- "8443:443"
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- WEBAPI_URL=https://erp.iem-experten.de:8443
rabbitmq:
build: rabbitmq
expose:
- "5672"
restart: always
volumes:
- ./volumes/rabbitmq/log:/var/log/rabbitmq/log
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
RABBITMQ_DEFAULT_USER: "metasfresh"
RABBITMQ_DEFAULT_PASS: "metasfresh"
RABBITMQ_DEFAULT_VHOST: "/"
search:
build: search
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
cap_add:
- IPC_LOCK
volumes:
- ./volumes/search/data:/usr/share/elasticsearch/data
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- "ES_JAVA_OPTS=-Xms128M -Xmx256m"
restart: always
And adjusted config.js as follows:
const config = {
API_URL: 'https://erp.iem-experten.de:8443/rest/api',
WS_URL: 'https://erp.iem-experten.de:8443/stomp'
}
Interestingly when asigning networks and putting labels for traefik v2.4 I can only route to 443 or 80. While routing to port 80 still lets me login, but is still not able to connect to the api and websocket, port 443 gives me a 400 Error code, for connecting to a SSL enabled server with plain http.
webui:
build: webui
links:
- webapi:webapi
ports:
- "8443:443"
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- WEBAPI_URL=https://erp.${DOMAIN}/
labels:
- "traefik.enable=true"
- "traefik.http.routers.erp.entrypoints=websecure"
- "traefik.http.routers.erp.rule=Host(`erp.${DOMAIN}`)"
- "traefik.http.routers.erp.tls=true"
- "traefik.docker.network=web"
- "traefik.http.routers.erp.service=erp"
- "traefik.http.services.erp.loadbalancer.server.port=8443"
networks:
erp-network:
web:
→ Bad Gateway Error
webui:
build: webui
links:
- webapi:webapi
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- WEBAPI_URL=https://erp.${DOMAIN}/
labels:
- "traefik.enable=true"
- "traefik.http.routers.erp.entrypoints=websecure"
- "traefik.http.routers.erp.rule=Host(`erp.${DOMAIN}`)"
- "traefik.http.routers.erp.tls=true"
- "traefik.docker.network=web"
- "traefik.http.routers.erp.service=erp"
- "traefik.http.services.erp.loadbalancer.server.port=443"
networks:
erp-network:
web:
→ 400 Error, Talking plain http to SSL enabled server.
webui:
build: webui
links:
- webapi:webapi
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- WEBAPI_URL=https://erp.${DOMAIN}/
labels:
- "traefik.enable=true"
- "traefik.http.routers.erp.entrypoints=websecure"
- "traefik.http.routers.erp.rule=Host(`erp.${DOMAIN}`)"
- "traefik.http.routers.erp.tls=true"
- "traefik.docker.network=web"
- "traefik.http.routers.erp.service=erp"
- "traefik.http.services.erp.loadbalancer.server.port=80"
networks:
erp-network:
web:
→ Can’t connect to websocket or API.
WARN 20 — [nio-8080-exec-9] o.s.w.s.s.t.h.DefaultSockJsService : Origin header value ‘https://erp.my-domain.com’ not allowed.
Hints, tips, tricks and solutions are highly appreciated