OpenRPA version: -app.openiap.io or self hosted openflow: self-hosted (oracle cloud, ARM based VM, running Ubuntu 22.04 aarch64https://openflow.reppekus.com
( I have tried setting the wildcard via A Record as suggested by Cloudflare as well )
Here’s my yml:
version: "3.3"
services:
mongodb:
image: mongo
restart: always
command: "--bind_ip_all --replSet rs0"
environment:
- MONGO_REPLICA_SET_NAME=rs0
volumes:
- mongodb_data:/data/db
mongosetup:
image: mongo
depends_on:
- mongodb
restart: "no"
command: >
mongosh --host mongodb:27017 --eval
'
db = (new Mongo("mongodb:27017")).getDB("openflow");
config = {
"_id" : "rs0",
"members" : [
{
"_id" : 0,
"host" : "mongodb:27017"
}
]
};
rs.initiate(config);
'
traefik:
image: traefik
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=admin@reppekus.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- "./letsencrypt:/letsencrypt"
- "//var/run/docker.sock:/var/run/docker.sock"
rabbitmq:
image: rabbitmq:3-management
restart: always
api:
labels:
- traefik.enable=true
- traefik.frontend.passHostHeader=true
- traefik.http.routers.http-router.entrypoints=websecure
- traefik.http.routers.http-router.tls.certresolver=myresolver
- traefik.http.routers.http-router.rule=Host(`openflow.reppekus.com`)
- traefik.http.routers.http-router.service=http-service
- traefik.http.services.http-service.loadbalancer.server.port=3000
- traefik.http.routers.grpc-router.rule=Host(`grpc.openflow.reppekus.com`)
- traefik.http.routers.grpc-router.service=grpc-service
- traefik.http.routers.grpc-router.entrypoints=websecure
- traefik.http.routers.grpc-router.tls.certresolver=myresolver
- traefik.http.services.grpc-service.loadbalancer.server.port=50051
- traefik.http.services.grpc-service.loadbalancer.server.scheme=h2c
image: openiap/openflow
deploy:
replicas: 1
pull_policy: always
restart: always
volumes:
- "//var/run/docker.sock:/var/run/docker.sock"
depends_on:
- rabbitmq
- mongodb
environment:
- auto_create_users=true
- auto_create_domains=
- websocket_package_size=25000
- websocket_max_package_count=1048576
- protocol=https
- port=3000
- domain=openflow.reppekus.com
- log_with_colors=false
# uncomment below 2 lines, if you have set replicas above 1
# - enable_openflow_amqp=true
# - amqp_prefetch=25
# uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
# - agent_docker_use_project=true
- agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
- agent_oidc_issuer=https://localhost.openiap.io/oidc
- agent_oidc_authorization_endpoint=https://localhost.openiap.io/oidc/auth
- agent_oidc_token_endpoint=http://api:3000/oidc/token
- agent_docker_entrypoints=web,websecure
- agent_docker_certresolver=myresolver
- amqp_url=amqp://guest:guest@rabbitmq
- mongodb_url=mongodb://mongodb:27017/?replicaSet=rs0
- mongodb_db=openflow
- aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25mQ
volumes:
mongodb_data:
driver: local
kowts
March 1, 2023, 1:15pm
#2
Hi… It seems we have the same problem.
Hi @Allan_Zimmermann
Just reporting something that came to my attention.
I was trying to use this docker-compose file “docker-compose-traefik-letsencrypt.yml” in a clean linux machine but when I access my openflow url, I see this message: 404 page not found
But if I use the old commit with “web” instead of the new “api” it works fine.
This is happening only on my side?
In my case I had to use the commit (file docker-compose-traefik-letsencrypt.yml) with web instead of api, have no ideia ways it worked
My url
Here’s my yml (with some changes made by me):
version: "3.3"
services:
# mongodb:
# image: "mongo"
# # if you get MongoDB 5.0+ require a CPU with AVX support, then try using version 4 instead
#
# # image: "mongo:4.4.8"
# restart: always
# volumes:
# - mongodb_data:/data/db
mongodb:
hostname: mongodb
image: "mongo"
restart: always
volumes:
- mongodb_data:/data/db
environment:
- MONGO_REPLICA_SET_NAME=rs0
command: "--bind_ip_all --replSet rs0"
ports:
- "27017:27017"
mongosetup:
image: "mongo"
depends_on:
- mongodb
restart: "no"
command: >
mongosh --host mongodb:27017 --eval
'
db = (new Mongo("mongodb:27017")).getDB("openrpa");
config = {
"_id" : "rs0",
"members" : [
{
"_id" : 0,
"host" : "mongodb:27017"
}
]
};
rs.initiate(config);
'
mongoexpress:
labels:
- "traefik.enable=true"
- "traefik.http.routers.mongoexpress.rule=Host(`express.openflow.codecenter.info`)"
- "traefik.http.routers.mongoexpress.entrypoints=websecure"
- "traefik.http.routers.mongoexpress.tls.certresolver=myresolver"
- "traefik.http.services.mongoexpress.loadbalancer.server.port=8081"
image: "mongo-express"
restart: always
environment:
- ME_CONFIG_MONGODB_SERVER=mongodb
traefik:
image: "traefik"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`dashboard.openflow.codecenter.info`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# - "traefik.http.routers.traefik.middlewares=admin"
# - "traefik.http.middlewares.admin.basicauth.users=admin:$$apr1$$iB.BZjJJ$$FmaZuX35eFCMe5t3a.OqR."
command:
- "--api.insecure=true" # enable with port 8080 to access dashboard, NEVER enable this for the public
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.http.tls.certresolver=myresolver"
#certificates
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=codecenter@codecenter.info"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
ports:
- "80:80"
- "443:443"
- "8080:8080" # enable with api.insecure=true to access dashboard, NEVER enable this for the public
restart: always
volumes:
- "./letsencrypt:/letsencrypt"
- "//var/run/docker.sock:/var/run/docker.sock:ro"
rabbitmq:
labels:
- "traefik.enable=true"
- "traefik.http.routers.rabbitmq.rule=Host(`mq.openflow.codecenter.info`)"
- "traefik.http.routers.rabbitmq.entrypoints=websecure"
- "traefik.http.routers.rabbitmq.tls.certresolver=myresolver"
- "traefik.http.services.rabbitmq.loadbalancer.server.port=15672"
image: "rabbitmq:3-management"
restart: always
rediscommander:
labels:
- "traefik.enable=true"
- "traefik.http.routers.rediscommander.rule=Host(`redis.openflow.codecenter.info`)"
- "traefik.http.routers.rediscommander.entrypoints=websecure"
- "traefik.http.routers.rediscommander.tls.certresolver=myresolver"
- "traefik.http.services.rediscommander.loadbalancer.server.port=8081"
image: rediscommander/redis-commander:latest
restart: always
depends_on:
- redis
environment:
- REDIS_HOST=redis
- REDIS_PORT=6379
- REDIS_PASSWORD=pass!word2
redis:
image: redis
restart: always
command: >
--requirepass pass!word2
api:
labels:
- traefik.enable=true
- traefik.frontend.passHostHeader=true
- traefik.http.routers.http-router.entrypoints=websecure
- traefik.http.routers.http-router.tls.certresolver=myresolver
- traefik.http.routers.http-router.rule=Host(`openflow.codecenter.info`)
- traefik.http.routers.http-router.service=http-service
- traefik.http.services.http-service.loadbalancer.server.port=3000
- traefik.http.routers.grpc-router.rule=Host(`grpc.openflow.codecenter.info`)
- traefik.http.routers.grpc-router.service=grpc-service
- traefik.http.routers.grpc-router.entrypoints=websecure
- traefik.http.routers.grpc-router.tls.certresolver=myresolver
- traefik.http.services.grpc-service.loadbalancer.server.port=50051
- traefik.http.services.grpc-service.loadbalancer.server.scheme=h2c
image: "openiap/openflow"
deploy:
replicas: 1
pull_policy: always
restart: always
depends_on:
- rabbitmq
- mongodb
- redis
volumes:
- "//var/run/docker.sock:/var/run/docker.sock"
environment:
- auto_create_users=false
- auto_create_domains=
- websocket_package_size=25000
- websocket_max_package_count=1048576
- protocol=https
- port=3000
- domain=openflow.codecenter.info
- log_with_colors=false
# enable this to use the openflow amqp, only usefull when you have more than one replicas
- enable_openflow_amqp=true
- amqp_prefetch=25
# uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
# - agent_docker_use_project=true
- agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
- agent_oidc_issuer=https://openflow.codecenter.info/oidc
- agent_oidc_authorization_endpoint=https://openflow.codecenter.info/oidc/auth
- agent_oidc_token_endpoint=http://api:3000/oidc/token
- agent_docker_entrypoints=web,websecure
- agent_docker_certresolver=myresolver
- amqp_url=amqp://guest:guest@rabbitmq
- mongodb_url=mongodb://mongodb:27017
- mongodb_db=openrpa
- aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25mQ
- cache_store_type=redis
- cache_store_redis_host=redis
- cache_store_redis_password=pass!word2
volumes:
mongodb_data:
driver: local
Also, the api1 container does not keep an IP address. I can manually toggle a network connection, but the container will loose it again after a couple of seconds
Hi Kowts, thank you, I did read your post, but TBH did not quite understand what you mean with using “web” instead of “api”…
Thanks for sharing your yml, i will try it woth yours adapted to my domain!
So unfortunately your yml didn’t do the trick, either @kowts
kowts
March 1, 2023, 1:38pm
#6
Hi @Frederike_Reppekus
About my yaml file, there are some elements I activate/use only for curiosity, thinks like:@Allan_Zimmermann comments in the file) and redis but you can remove them if you don’t need them.
About“web” instead of “api”, previously there was a commit in github this section was “web” but in the new commit is “api” now.
I think @Allan_Zimmermann can help you with that.
kowts
March 1, 2023, 1:42pm
#7
You can try to see what happening in docker container with this command:sudo docker logs --follow CONTAINER_ID
you cannot use WEB instead of API … in openflow 1.5 it MUST be called api. So please keep with that.
You can let traefik handle certificates ( then you use letsencrypt-up / docker-compose-letsencrypt.yml ) or you can let cloudflare handle it, ( then you need to use normal-up / docker-compose.yml )
Are you using the docker compose command or trying to load from portainer ? if the latter, please use docker compose commands to start with, then you can always test using portainer later.
Also, i have 0 expereince with using cloadflare as an reverse proxy, but it’s vital that cloudflare forwards the correct hostheaders to docker/traefik, or traefik will return error 404 for everything.
Hi @Allan_Zimmermann
The setup has been tried in both variants, both with your docker-compose, as well as using portainer, after not being able to reach the instance.
I have tried cloudflare proxied, and unproxied, also no difference.
VERY Funny: Just thought, ah, not worth the hassle, lets just just try the software and the setup out first on http://app.openiap.io
What do I get? … right, 404 page not found.
So I kinda get the feeling this might be a deeper lying issue???
What does that mean? “The software”?
Also, I don’t use HTTP, only HTTPS, so you need to use https://app.openiap.io .
Openflow is basically just a web server listening on port 3000, a MongoDB instance, and a RabbitMQ instance (and later we can add multiple more things, but let’s leave that out for now). The openflow instance needs to be able to reach the two other instances before it will start listening. So all troubleshooting starts there. Fix any errors that show up in the console.
Next, we need a way to send traffic to openflow and to each agent we start. I chose Traefik since I can control it only using labels on the containers. So in Docker Compose, we also add Traefik and set it to listen to port 80 (and also 443 if it has a public IP address so we can use Let’s Encrypt, but while troubleshooting, leave that out and keep it simple).
Traefik again needs to be able to reach openflow and any agent it starts, so in a browser make sure you can reach Traefik. And if you don’t see anything “openflow-like”, double-check DNS, and then look for any errors in Traefik. (Traefik can be a little bit of a pain to troubleshoot, but start with adding “–log.level=DEBUG” to the command section.)
I have no experience with Cloudflare, so I cannot help you there. But if you can use it like just a DNS provider without all the other proxy stuff, that would probably help in your troubleshooting. You can always enable their fancy DDoS protection stuff later.
system
March 10, 2023, 8:26am
#11
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
