404 page not found for NodeRedAgent

Issues and feature requests
1

OpenFlow version: 1.5.11.95
Using app.openiap.io or self hosted openflow: self hosted
Error message: 404 page not found
Screenshot or video:

Bildschirmfoto 2025-04-03 um 13.13.33
Bildschirmfoto 2025-04-03 um 13.13.331438×146 13.9 KB

Hi Alan,

since I enabled https for our self hosted OpenCore, is not possible to connect to any nodered agent anymore. Unfortunately I couldn’t provide you any better error message since there was no error message related to this topic. Not in the api container, traefik container or nodered container.
I’ve enabled https via traefik using our own self signed certificates rather than using let’s encrypt.

services:
  traefik:
    image: traefik:v2.10.6
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--entryPoints.web.http.redirections.entryPoint.to=websecure"
      - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--log.level=DEBUG"
      - "--log.filePath=/logs/traefik.log"
      - "--accesslog.bufferingsize=100"
      # **Timeout settings for gRPC**
      # - "--entrypoints.web.transport.respondingTimeouts.readTimeout=90000s"
      # - "--entrypoints.web.transport.respondingTimeouts.writeTimeout=90000s"
      # - "--entrypoints.web.transport.lifeCycle.requestAcceptGraceTimeout=90000s"
    ports:
      - "80:80"
      - "443:443"
    restart: always
    networks:
      - traefik
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/docker/openrpa/docker/traefik/config/certs.yml:/etc/traefik/dynamic/certs.yaml"
      - "/docker/openrpa/docker/traefik/certs/:/etc/certs/"
      - "/docker/openrpa/docker/traefik/logs/:/logs/"
  mongodb:
    image: mongo
    restart: always
    command: "--bind_ip_all --replSet rs0"
    environment:
      - MONGO_REPLICA_SET_NAME=rs0
    volumes:
      - mongodb_data:/data/db
    networks:
      - traefik
  mongosetup:
    image: mongo
    depends_on:
      - mongodb
    restart: "no"
    ports:
      - "27017:27017"
    command: >
      mongosh --host mongodb:27017 --eval 
      '
      db = (new Mongo("mongodb:27017")).getDB("openflow");
      config = {
      "_id" : "rs0",
      "members" : [
        {
          "_id" : 0,
          "host" : "mongodb:27017"
        }
      ]
      };
      rs.initiate(config);
      '
    networks:
      - traefik
  rabbitmq:
    image: rabbitmq
    restart: always
    networks:
      - traefik
  api:
    labels:
      - traefik.enable=true
      - traefik.frontend.passHostHeader=true
      - traefik.http.routers.http-router.entrypoints=websecure
      - traefik.http.routers.http-router.rule=Host(`opencore.automation4all.local`)
      - traefik.http.routers.http-router.service=http-service
      - traefik.http.routers.http-router.tls=true
      - traefik.http.services.http-service.loadbalancer.server.port=3000
      - traefik.http.routers.grpc-router.rule=Host(`grpc.opencore.automation4all.local`)
      - traefik.http.routers.grpc-router.service=grpc-service
      - traefik.http.routers.grpc-router.entrypoints=websecure
      - traefik.http.routers.grpc-router.tls=true
      - traefik.http.services.grpc-service.loadbalancer.server.port=50051
      - traefik.http.services.grpc-service.loadbalancer.server.scheme=h2c
    image: openiap/openflow:1.5.11.95
    networks:
      - traefik
    ports:
      - "5858:5858"
    deploy:
      replicas: 1
    pull_policy: always
    restart: always
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    depends_on:
      - rabbitmq
      - mongodb
    environment:
      - protocol=https
      - domain=opencore.automation4all.local

      # uncomment below 2 lines, if you have set replicas above 1
      # - enable_openflow_amqp=true
      # - amqp_prefetch=25
      # uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
      # - agent_docker_use_project=true  

      - agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
      - agent_oidc_issuer=https://opencore.automation4all.local/oidc
      - agent_oidc_authorization_endpoint=https://opencore.automation4all.local/oidc/auth
      - agent_oidc_token_endpoint=http://api:3000/oidc/token
      - agent_docker_entrypoints=web,websecure

      - amqp_url=amqp://guest:guest@rabbitmq
      - mongodb_url=mongodb://mongodb:27017/?replicaSet=rs0
      - mongodb_db=openflow

      - aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25mQ
volumes:
  mongodb_data:
    driver: local
networks:
  traefik:
    name: traefik

Do you have an idea?

Please let me know if I could you provide you with more details.

Best Regards
Lars

2

404 sounds like Traefik cannot find an entry for the instance, but the domain in your screenshot matches the domain in the docker-compose file. Is the (nodered) agent running? Can you dump the labels and make sure it has all the right labels?

3

Hi Allan,

you’re right. The issue was a wrong configurated traefik. I’ve tried few things out and know it’s working.
Following the relevant step to enable https with these NodeRed Instances:

No global redirect (not sure if necessary):

api:
  labels:    
      - traefik.http.routers.https-router.entrypoints=websecure
      - traefik.http.routers.https-router.rule=Host(`opencore.automation4all.local`)
      - traefik.http.routers.https-router.service=http-service
      - traefik.http.routers.https-router.tls=true
      - traefik.http.routers.https-router.priority=1
      - traefik.http.routers.http-router.entrypoints=web
      - traefik.http.routers.http-router.rule=Host(`opencore.automation4all.local`)
      - traefik.http.routers.http-router.service=http-service
      - traefik.http.routers.http-router.priority=2
      - traefik.http.routers.http-router.middlewares=http-to-https
      - traefik.http.services.http-service.loadbalancer.server.port=3000
      - traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
      - traefik.http.middlewares.http-to-https.redirectscheme.permanent=true

Global enforced tls:

traefik:
  command:
     - "--providers.file.directory=/etc/traefik/dynamic"
     - "--entrypoints.websecure.http.tls=true"

Adding Certs via dynamic config:
In docker-compose

traefik:
  volumes:
      - "/path/to/config/certs.yml:/etc/traefik/dynamic/certs.yaml"
      - "/path/to/certs/:/etc/certs/"

Dynamic Conifg for Certs:

tls:
  certificates:
    - certFile: /etc/certs/opencore.crt # not necessary if you don't want a seperate cert for opencore
      keyFile: /etc/certs/opencore.key
    - certFile: /etc/certs/wildcard.crt
      keyFile: /etc/certs/wildcard.key

Attention: opencore.crt dns name should be your opencore domain e.g. opencore.local and wildcard.crt dns name should be a wildcard for any subdomains e.g *.opencore.local

for the sake of completeness to enable https for opencore:

traefik:
  command:
    - "--entryPoints.websecure.address=:443"
  ports:
    - "443:443"
api:
  labels:
      - traefik.http.routers.grpc-router.rule=Host(`grpc.opencore.automation4all.local`)
      - traefik.http.routers.grpc-router.service=grpc-service
      - traefik.http.routers.grpc-router.entrypoints=websecure
      - traefik.http.routers.grpc-router.tls=true
      - traefik.http.routers.grpc-router.priority=3
environment:
  - protocol=https
  - agent_oidc_issuer=https://opencore.automation4all.local/oidc
  - agent_oidc_authorization_endpoint=https://opencore.automation4all.local/oidc/auth
  - agent_docker_entrypoints=web,websecure

Allan thank you for your support.

Best Regards
Lars

1 Like
4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.