[0.11.0] Lose port number on exporting board

[ghost]

I installed from source.
When i want to export a board there is no port number on the url eg :
The board is located at http://192.168.56.101:3000/b/ndbCwWLHtQJ4Jabdz/welcome-board
But the click on export is http://192.168.56.101/api/boards/ndbCwWLHtQJ4Jabdz?authToken=7N3fCuTaZ_bio7stA147_xVmZyUAsMekCH758wfPlnz

[xet7]

On Install from source page "Run Wefork" script, port is set on environment variable:

export PORT=3000

So you could change this to:

export PORT=80

You may need to add that capability to bind to low port to node, where it is:

# Show where node is
which node
# Give permission to bind to low port number, change to correct node path
sudo setcap cap_net_bind_service=+ep /usr/local/bin/node

Another way would be to setup caddy as proxy, and setcap caddy also:

http://192.168.56.101 {
        tls off
        proxy / 127.0.0.1:3000 {
                websocket
        }
}

You could also have unsingned certificate as, docs at https://caddyserver.com/docs/tls

Tell me if any of this works, I have not tested yet.

[ghost]

Yes, running wekan on the default http port 80 works but i would like to run wekan behind a nginx reverse proxy (which is in charge of the SSL transport), the port 80 is already bound to another application.
Precision : the click on the card works with 0.10.0 (i use it every day on a different port) but the export didn't work with 0.10.0.

[xet7]

@soohwa

For running Wekan in https://example.com/wekan, try this nginx config. ( If you run it at /, replace all /wekan with / ).

server_tokens off; # for security-by-obscurity: stop displaying nginx version

# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTPS server
server {
    listen 443 ssl spdy; # we enable SPDY here
    server_name example.com; # this domain must match Common Name (CN) in the SSL certificate

    root html; # irrelevant
    index index.html; # irrelevant

    ssl_certificate /etc/nginx/ssl/example.com.pem; # full path to SSL certificate and CA certificate concatenated together
    ssl_certificate_key /etc/nginx/ssl/example.com.key; # full path to SSL key

    # performance enhancement for SSL
    ssl_stapling on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # safety enhancement to SSL: make sure we actually use a safe cipher
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';

    # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
    # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
    add_header Strict-Transport-Security "max-age=31536000;";

    # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
    # This works because IE 11 does not present itself as MSIE anymore
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }

    # pass all requests to Meteor
    location /wekan {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
        # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
        # the root path (/) MUST NOT be cached
        if ($uri != '/wekan') {
            expires 30d;
        }
    }
}

wefork-run.sh, change to your domain:

#!/bin/bash
cd ~/repos/wekan/.build/bundle
export MONGO_URL='mongodb://127.0.0.1:27017/admin'
export ROOT_URL='https://example.com/wekan'
export MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
# This is local port where Wekan Node.js runs.
export PORT=3000
node main.js

I don't currently have local SSL in Nginx, so I tested without SSL with this config:

server_tokens off; # for security-by-obscurity: stop displaying nginx version

# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP
server {
    listen 80 default_server; # if this is not a default server, remove "default_server"
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html; # root is irrelevant
    index index.html index.htm; # this is also irrelevant

    server_name example.com; # the domain on which we want to host the application. Since we set "default_server" previously, nginx will answer all hosts anyway.

  location /wekan {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
        # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
        # the root path (/) MUST NOT be cached
        if ($uri != '/wekan') {
            expires 30d;
        }
    }
}

With config above exporting board works for me.

Nginx configs are originally from here

[xet7]

@soohwa

I updated https://github.com/wefork/wekan/wiki/Install-from-source for more complete instructions.

[ghost]

@xet7,
First, I would like to apologize because I made a mistake :-(
Secondly, thank you very much for spending a lot of time answering my ticket !

This is my mistake : I followed https://github.com/wefork/wekan/wiki/Install-from-source and I tried

export ROOT_URL='http://192.168.56.101'
export PORT=3000

but it should be

export ROOT_URL='http://192.168.56.101:3000'
export PORT=3000

and every works fine (the click and the export) !

However if I try

export ROOT_URL='http://192.168.56.101:3000/wekan'
export PORT=3000

The click does not work because there is an extra slash in the url ( http://192.168.56.101:3000/wekan//b/..... )

[xet7]

@soohwa

Ok. I still am working on running Wekan as service, because instructions on wiki do not work yet correctly.

[ghost]

Ok thank you, this information are very useful !

[xet7]

I have updated wiki install instructions. Closing issue.