Can't save any settings since today's version

[ovizii]

Here is what worked for me so far:

docker run -d --name=portal \ -v /home/ovi/docker/heimdall/config:/config \ --expose 80 \ --expose 443 \ --restart unless-stopped \ -e TZ=Europe/Berlin \ --label traefik.port=80 \ --label traefik.frontend.rule=Host:portal.mydomain.tld \ --label traefik.backend=portal \ --label traefik.enable=true \ linuxserver/heimdall

today I wanted to add authentication (via the front-end proxy traefik) and updated heimdall to the latest image which seems to have switched to alpine today. Here is my new run script:

docker run -d --name=portal \ -v /home/ovi/docker/heimdall/config:/config \ --expose 80 \ --expose 443 \ --restart unless-stopped \ -e TZ=Europe/Berlin \ --label traefik.port=80 \ --label traefik.frontend.rule=Host:portal.mydomain.tld \ --label traefik.backend=portal \ --label traefik.enable=true \ --label 'traefik.frontend.auth.basic=ovi:$apr1$MYPASSWORD/G5iDso0' \ linuxserver/heimdall

The problem now is that I can't add any bookmarks or change any settings it looks like everything is read only :-(

I checked the heimdall documentation and added:

-e PGID=911 \ -e PUID=911 \

since the folder which contains the data which has worked until my fiddling today looks like this:

ls -al config/ total 28 drwxr-xr-x 7 911 911 4096 Jul 18 12:35 . drwxr-xr-x 3 root root 4096 Sep 6 11:30 .. drwxr-xr-x 2 911 911 4096 Jul 18 12:35 keys drwxr-xr-x 4 911 911 4096 Jul 18 12:35 log drwxrwxr-x 3 911 911 4096 Jul 18 12:35 nginx drwxr-xr-x 2 911 911 4096 Jul 18 12:35 php drwxrwxr-x 4 911 911 4096 Jul 18 13:21 www

docker inspect -f '{{ index .Config.Labels "build_version" }}' portal
Linuxserver.io version:- 70 Build-date:- September-05-2018-18:11:48-UTC

docker inspect -f '{{ index .Config.Labels "build_version" }}' linuxserver/heimdall
Linuxserver.io version:- 70 Build-date:- September-05-2018-18:11:48-UTC

[ovizii]

I now did a
chown -R ovi:ovi config/

id ovi results in 1000

so now I use:

docker run -d --name=portal \ -v /home/ovi/docker/heimdall/config:/config \ -e PGID=1000 \ -e PUID=1000 \ --expose 80 \ --expose 443 \ --restart unless-stopped \ -e TZ=Europe/Berlin \ --label traefik.port=80 \ --label traefik.frontend.rule=Host:portal.mydomain.tld \ --label traefik.backend=portal \ --label traefik.enable=true \ --label 'traefik.frontend.auth.basic=ovi:$apr1$MYPASSWORDG5iDso0' \ linuxserver/heimdall
and still my heimdall instance is read-only.

[KodeStar]

Completely scrapping the container / image and local folder and starting from scratch should work, it's not the image as such that is having issues (as that hasn't changed in a while), it's that you set (or didn't set) the correct permissions and it's messed something up somewhere, you could probably run down the reason why with a lot of debugging, and if you do, let me know and I'll add it to the readme, but just redoing it is a lot quicker and easier.

[ovizii]

OK, thanks for the feedback. I can do that, its just a handful of bookmarks so far. Apart from me messing up, you don't see anything wrong with me grasping how this works based on this thread? (quite new to docker) - aka scrapping the folder should work with my above examples?

[robflate]

I'm having the same problem. I tried scrapping the container, image and config folder and starting fresh but I still can't save changes. For example, if I set the Homepage Search toggle to On and click Save, the page refreshes and the toggle is switched off.

My Docker Compose is;

heimdall:
    image: linuxserver/heimdall:latest
    container_name: heimdall
    hostname: heimdall
    volumes:
      - ./config/heimdall:/config
    environment:
      - 501
      - 20
      - Europe/London
    labels:
      traefik.enable: "true"
      traefik.port: "80"
      traefik.frontend.rule: "Host:mydomain.com"
      traefik.frontend.auth.basic: "mypassword"
    restart: unless-stopped

I had everything working fine before. Not sure what's different. Thanks.

[ovizii]

I didn't yet get around to scrapping and trying but I see what we both have in common is that we're using traefik with authentication. Could it be some headers are being filtered and this prevents saving?

[robflate]

Anyone else successfully using heimdall and traefik?

[simon]

i've the same issue with heimdall and traefik.
after inspect element in firefox, i've found an issue in the <form> element :

<form method="POST" action="http://<website>/items" accept-charset="UTF-8" id="itemform" enctype="multipart/form-data">

i reach the website in https and the form try to POST to http.
also, i've a permanent redirect from http to https.

[ovizii]

@simon same here, traefik redirects http to https.

[yoyos]

Same. POST payload is lost if my server do a redirect to https before executing the ajax query. http/https should be chosen depending on how the website is displayed.

It worked when disabling my redirection. But I need it :)

  [entryPoints.http]
   address = ":80"
 #    [entryPoints.http.redirect]
 #      entryPoint = "https"
 
   [entryPoints.https]
   address = ":443"
     [entryPoints.https.tls]

[KodeStar]

Then you need to run the underlying heimdall on https as well, if it's on https then the links should work as expected.

[yoyos]

that's not the problem, problem is http is hardcoded in some POST

@KodeStar

[KodeStar]

@yoyos where?

[KodeStar]

I've just had a quick look and not found a single instance of it being hardcoded, so like I said, I'm pretty sure you have something configured incorrectly... if I run heimdall directly on https the form links are https and if I run it on http they are http. I don't use traefik so I can't help with that I'm afraid, but i'm 99% sure it's not a problem with the app itself. Happy to be shown where I'm wrong and I'll update it if I can.

[KodeStar]

here, you go, it's because it's behind a reverse proxy - https://biegal.ski/code/ssl-with-laravel-and-cloudflare-reverse-proxy

[KodeStar]

Just put out a new release 1.4.16, if you are running this release simply add FORCE_HTTPS=true to your .env

[yoyos]

@KodeStar thanks you were right, http seems to come back because symfony thinks its using http even if the user has https displayed because of the reverse proxy. So we have a few solutions:

• let heimdall chose if we use https or http by JavaScipt and not on server side
• have a config file to force https on server side
• force the developer to use https between it's reverse proxy and it's heimdall container.

I don't think the last one is the more flexible as all other apps I use never force developer like Heimdall. Using http between reverse proxy and container is a gain in performance and not a loss of security when you own different virtual private network

Edit: thanks for the config solution :)

[yoyos]

@KodeStar I added it as you said in my env but doesn't seem to work

version: '3'
services:
  web:
    image: linuxserver/heimdall:latest
    restart: always
    volumes:
      - /data/docker/heimdall/config:/config
    environment:
      TERM: xterm
      PGID: 33
      PUID: 33
      TZ: Europe/Brussels
      FORCE_HTTPS: "true"
    labels:
      - traefik.backend=heimdall
      - traefik.frontend.rule=Host:home.xxxx.com
      - traefik.protocol=http
      - traefik.port=80
      - traefik.frontend.entryPoints=http,https
    container_name: heimdall
    networks:
      - web
networks:
  web:
    external: true

Yes I pulled the last image build 76 :)

[KodeStar]

@yoyos it goes in the .env file in the config dir, not in the docker ENV

[gkoerk]

@KodeStar What is the full filename for the .env file in the config dir?

[yoyos]

I had to create a Docker file to append the config in your image. Kind of ugly but it works:

Building web
Step 1/2 : FROM linuxserver/heimdall:latest
 ---> 1940b89fbfd3
Step 2/2 : RUN echo -e "\nFORCE_HTTPS=true" >> /var/www/localhost/heimdall/.env
 ---> Running in d9bb47a78ae6
Removing intermediate container d9bb47a78ae6
 ---> cb42a7401545
Successfully built cb42a7401545

@KodeStar Usually, image is checking if linux environment variables exist to override its own config. This is simpler to setup for the end user :) Don't really know how they do this but it's awesome !

[KodeStar]

It seems the current docker doesn't expose the .env outside the container, asking about changing that now. It should be in /config/www/ I think

[brandon-dacrib]

I was just working this problem myself and can confirm that the above posted solution works. Thank you all for being great. I agree this should be exposed as an env variable I can pass into docker or in /config and clearly documented. I wish I could buy you all a beer.

[ovizii]

Solving this is truly not trivial. I pulled the latest heimdall image then tried a couple of different ways to pass this variable:

first like this (I use some variabkles defines elsewhere, don't worry about those... also this is just an excerpt...

docker run -d --name=$containername \
-v $datadir/config:/config \
-e PGID=1000 \
-e PUID=1000 \
--expose 80 \
--expose 443 \
--restart unless-stopped \
-e TZ=Europe/Berlin \
-e FORCE_HTTPS=true \
...
$imagename

which didn't yield any results. I then tried putting a .env file into
datadir/config/ and alternatively into datadir/config/www with either
this content:
FORCE_HTTPS=true
or this:
FORCE_HTTPS: "true"

and of course restarted the container after every change with no positive results.

Could someone please post EXACTLY where this file goes and EXACTLY what content it needs?

[stevewm]

Ideally we should be able to set this on the container as an environment variable, it would be much easier.

@ovizii to solve this in the meantime, you can create a Dockerfile that bakes the var in. I made one, which is available as duhio/heimdall-https. The contents of the Dockerfile is:

FROM linuxserver/heimdall:latest

RUN echo -e "\nFORCE_HTTPS=true" >> /var/www/localhost/heimdall/.env

Hope that helps.

[ovizii]

@duhio thanks for the feedback but I need more help. I don't want a new image when I have already mounted the config folder to a local folder which I can edit and add files. Or is the /var/www/localhost/heimdall/ not inside config?

docker run -d --name=$containername \
-v $datadir/config:/config \

also, according to https://hub.docker.com/r/linuxserver/heimdall/ you can pass on environmental variables and they seem to work just fine, like the timezone...

[stevewm]

You can still use your volume-mounted config (I do) with this image. It's not the ideal solution, but it works until we're able to control the setting with an environment variable set on the container.

Would also recommend taking a look at Docker Compose instead of relying on bash scripts.

[KodeStar]

When the docker is updated there will be a .env file exposed, you just then add to that, just waiting for that to happen, @aptalca is looking into it for me last I heard. Currently the .env exists only inside the container, so you could docker exec -it heimdall bash and add it there, but when the container is updated the change will be lost, which is why it should be exposed outside the container in persistant storage.

[Daedren]

I mean, for the moment I simply added the .env file as a mounted volume:

e.g.

volumes: 
  - /localwhatever/heimdall/config:/config
  - /localwhatever/heimdall/.env:/var/www/localhost/heimdall/.env

And it works fine for the meantime

[KodeStar]

.env should be exposed in current docker versions

[chopfitzroy]

@KodeStar does that mean we should be able to pass it as an environment variable in a docker-compose.yml?

[gkoerk]

Bump?

[KodeStar]

I don't think you need to use the ENV at all with newer versions