New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update docker-compose.yml to use localhost as app domain #13792
Conversation
There was an issue seen with the HTTP Origin header not matching (the error unhelpfully reported localhost:3000 did not match localhost:3000). Change the APP_DOMAIN internally to localhost:3000 (which is what the user will in fact use, not rails), and since that breaks the http requests from the db seed and sidekiq containers, allow them to only check for a tcp connection instead of expecting a 200 response (sending requests to the disallowed host `rails` triggered a 403). Related to discussion in #4955
This comment has been minimized.
This comment has been minimized.
@forem/systems note: I did not update container-compose.yml (which is not a symlink but a distinct file) as I'm unable to confirm if this is needed, or if the change performs as expected. That should limit the blast radius for hosted forems but I invite your opinion there. |
@@ -89,7 +89,7 @@ services: | |||
DATABASE_URL: postgresql://forem:forem@db:5432/PracticalDeveloper_development | |||
volumes: | |||
- .:/opt/apps/forem:delegated | |||
entrypoint: ["dockerize", "-wait", "tcp://db:5432", "-wait", "tcp://redis:6379", "-wait", "http://rails:3000", "-timeout", "2700s", "-wait-retry-interval", "20s"] | |||
entrypoint: ["dockerize", "-wait", "tcp://db:5432", "-wait", "tcp://redis:6379", "-wait", "tcp://rails:3000", "-timeout", "2700s", "-wait-retry-interval", "20s"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tcp://host:port
only checks that a service is listening, not that it's functioning. I think that's okay in this case (we really are waiting on the webserver to confirm all of the things it waits for, like bundle and db:prepare, have completed, rather than needing the webserver live in most cases to start the seed or background jobs.)
I played around a little with the -wait-http-header
argument to see if I could change "Host" but didn't get the expected response (this still gives a 403 and may be ignoring the host header or have already sent one).
Digging through how dockerize handles http schema, I think this test case disproves being able to modify the host from the url:
package main
import (
"net/http"
)
func main() {
client := &http.Client{}
req, _ := http.NewRequest("GET", "http://localhost:4000", nil)
req.Header.Add("host", "hostheader")
req.Header.Add("nonhost", "thenonhostheader")
client.Do(req)
}
Now wait for it to execute by starting a tcp service - I do not get back the requested host header, suggesting Go doesn't support overriding the url host by passing a host header (the added header is just dropped):
$ nc -l 4000
GET / HTTP/1.1
Host: localhost:4000
User-Agent: Go-http-client/1.1
Nonhost: thenonhostheader
Accept-Encoding: gzip
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm approving this with the caveat that I don't even have Docker installed anymore but the changes and rationale in this PR seem reasonable.
What type of PR is this? (check all applicable)
Description
Problem: Users are unable to login when using docker in development.
Suspected cause: HTTP Origin header doesn't match the (docker internal) name specified in the APP_DOMAIN.
There was an issue seen with the HTTP Origin header not matching (the error unhelpfully reported "localhost:3000" did not match
"localhost:3000").
Change the APP_DOMAIN internally to localhost:3000 (which is what the user will in fact use, not rails), and since that breaks the http requests from the db seed and sidekiq containers, allow them to only check for a tcp connection instead of expecting a 200
response (sending requests to the disallowed host
rails
triggered a 403).Related Tickets & Documents
Related to discussion in #4955
#13696 looks related as well
https://forem.dev/manuel/forem-blank-page-after-login-using-docker-221d seems to describe the same issue
QA Instructions, Screenshots, Recordings
You may want to test this branch in a clean tree (i.e. re-clone the forem repo into a new directory) since the docker containers will leave root-owned files in places you might not want them (possibly including locking your manifest in a way that will break local development later, slowly, and in an aggravating way).
If you're doing thi s in a fresh clone, do copy .env_sample to .env before starting any processes.
If you're also running postgres and/or redis for local development, either disable them during container testing, or change the
ports:
sections toexpose:
(this prevents trying to bind to locahost:5432 and conflicting with the running service, but also requires you to access redis or the db from the rails container since the bindings are now only valid within the docker network for this system).If you're running the app locally on port 3000, stop it before proceeding - this has to be a
ports:
section since we'll be connecting to it from our browsers.Wait for webpack, and the db seed, to complete - sidekiq will keep itself busy for a while as it processes podcast episodes.
Connect to http://localhost:3000/, and login as the admin user.
On main I don't think this works (the post will respond with an empty 200 and the logs will show the origin conflict)
On this branch things should be okay.
Failure on main
visit http://localhost:3000/enter
login as admin@forem.local using default password
The blank 200 response leaves a white screen in the browser (user is not redirected to /)
Success on this branch
visit http://localhost:3000/enter
login as admin@forem.local using default password
I'm logged in and redirected to home
/
, where I can see "Write a post", possibly after going through the new user onboarding dialogs to accept code of conduct and follow tags.UI accessibility concerns?
None, backend developer setup only
Added tests?
[Forem core team only] How will this change be communicated?
I'll comment on the forem.dev report for this and the open issue letting the impacted users know.
[optional] Are there any post deployment tasks we need to perform?
[optional] What gif best describes this PR or how it makes you feel?