Cannot access self hosted instance

OpenRPA version: -
OpenFlow version: latest
Using app.openiap.io or self hosted openflow: self-hosted (oracle cloud, ARM based VM, running Ubuntu 22.04 aarch64
Error message: 404 page not found
Screenshot or video: https://openflow.reppekus.com


( I have tried setting the wildcard via A Record as suggested by Cloudflare as well )
Here’s my yml:

version: "3.3"
services:
  mongodb:
    image: mongo
    restart: always
    command: "--bind_ip_all --replSet rs0"
    environment:
      - MONGO_REPLICA_SET_NAME=rs0
    volumes:
      - mongodb_data:/data/db
  mongosetup:
    image: mongo
    depends_on:
      - mongodb
    restart: "no"
    command: >
      mongosh --host mongodb:27017 --eval 
      '
      db = (new Mongo("mongodb:27017")).getDB("openflow");
      config = {
      "_id" : "rs0",
      "members" : [
        {
          "_id" : 0,
          "host" : "mongodb:27017"
        }
      ]
      };
      rs.initiate(config);
      '
  traefik:
    image: traefik
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"

      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=admin@reppekus.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "//var/run/docker.sock:/var/run/docker.sock"
  rabbitmq:
    image: rabbitmq:3-management
    restart: always
  api:
    labels:
      - traefik.enable=true
      - traefik.frontend.passHostHeader=true
      - traefik.http.routers.http-router.entrypoints=websecure
      - traefik.http.routers.http-router.tls.certresolver=myresolver
      - traefik.http.routers.http-router.rule=Host(`openflow.reppekus.com`)
      - traefik.http.routers.http-router.service=http-service
      - traefik.http.services.http-service.loadbalancer.server.port=3000
      - traefik.http.routers.grpc-router.rule=Host(`grpc.openflow.reppekus.com`)
      - traefik.http.routers.grpc-router.service=grpc-service
      - traefik.http.routers.grpc-router.entrypoints=websecure
      - traefik.http.routers.grpc-router.tls.certresolver=myresolver
      - traefik.http.services.grpc-service.loadbalancer.server.port=50051
      - traefik.http.services.grpc-service.loadbalancer.server.scheme=h2c
    image: openiap/openflow
    deploy:
      replicas: 1
    pull_policy: always
    restart: always
    volumes:
      - "//var/run/docker.sock:/var/run/docker.sock"
    depends_on:
      - rabbitmq
      - mongodb
    environment:
      - auto_create_users=true
      - auto_create_domains=
      - websocket_package_size=25000
      - websocket_max_package_count=1048576
      - protocol=https
      - port=3000
      - domain=openflow.reppekus.com
      - log_with_colors=false

      # uncomment below 2 lines, if you have set replicas above 1
      # - enable_openflow_amqp=true
      # - amqp_prefetch=25
      # uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
      # - agent_docker_use_project=true  

      - agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
      - agent_oidc_issuer=https://localhost.openiap.io/oidc
      - agent_oidc_authorization_endpoint=https://localhost.openiap.io/oidc/auth
      - agent_oidc_token_endpoint=http://api:3000/oidc/token
      - agent_docker_entrypoints=web,websecure
      - agent_docker_certresolver=myresolver

      - amqp_url=amqp://guest:guest@rabbitmq
      - mongodb_url=mongodb://mongodb:27017/?replicaSet=rs0
      - mongodb_db=openflow

      - aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25mQ
volumes:
  mongodb_data:
    driver: local

Hi… It seems we have the same problem.

In my case I had to use the commit (file docker-compose-traefik-letsencrypt.yml) with web instead of api, have no ideia ways it worked :sweat_smile:

My url
https://openflow.codecenter.info/

Here’s my yml (with some changes made by me):

version: "3.3"
services:
#  mongodb:
#    image: "mongo"
#    # if you get MongoDB 5.0+ require a CPU with AVX support, then try using version 4 instead
#
#    # image: "mongo:4.4.8"
#    restart: always
#    volumes:
#      - mongodb_data:/data/db
  mongodb:
    hostname: mongodb
    image: "mongo"
    restart: always
    volumes:
      - mongodb_data:/data/db
    environment:
      - MONGO_REPLICA_SET_NAME=rs0
    command: "--bind_ip_all --replSet rs0"
    ports:
      - "27017:27017"
  mongosetup:
    image: "mongo"
    depends_on:
      - mongodb
    restart: "no"
    command: >
      mongosh --host mongodb:27017 --eval 
      '
      db = (new Mongo("mongodb:27017")).getDB("openrpa");
      config = {
      "_id" : "rs0",
      "members" : [
        {
          "_id" : 0,
          "host" : "mongodb:27017"
        }
      ]
      };
      rs.initiate(config);
      '
  mongoexpress:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mongoexpress.rule=Host(`express.openflow.codecenter.info`)"
      - "traefik.http.routers.mongoexpress.entrypoints=websecure"
      - "traefik.http.routers.mongoexpress.tls.certresolver=myresolver"
      - "traefik.http.services.mongoexpress.loadbalancer.server.port=8081"
    image: "mongo-express"
    restart: always
    environment:
      - ME_CONFIG_MONGODB_SERVER=mongodb
  traefik:
    image: "traefik"
    labels:
      - "traefik.enable=true"
      
      - "traefik.http.routers.traefik.rule=Host(`dashboard.openflow.codecenter.info`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
      
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      
      # - "traefik.http.routers.traefik.middlewares=admin"
      # - "traefik.http.middlewares.admin.basicauth.users=admin:$$apr1$$iB.BZjJJ$$FmaZuX35eFCMe5t3a.OqR."
    command:
      - "--api.insecure=true" # enable with port 8080 to access dashboard, NEVER enable this for the public
      
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.http.tls.certresolver=myresolver"
      #certificates
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=codecenter@codecenter.info"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # enable with api.insecure=true to access dashboard, NEVER enable this for the public
    restart: always
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "//var/run/docker.sock:/var/run/docker.sock:ro"
  rabbitmq:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.rabbitmq.rule=Host(`mq.openflow.codecenter.info`)"
      - "traefik.http.routers.rabbitmq.entrypoints=websecure"
      - "traefik.http.routers.rabbitmq.tls.certresolver=myresolver"
      - "traefik.http.services.rabbitmq.loadbalancer.server.port=15672"
    image: "rabbitmq:3-management"
    restart: always
  rediscommander:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.rediscommander.rule=Host(`redis.openflow.codecenter.info`)"
      - "traefik.http.routers.rediscommander.entrypoints=websecure"
      - "traefik.http.routers.rediscommander.tls.certresolver=myresolver"
      - "traefik.http.services.rediscommander.loadbalancer.server.port=8081"
    image: rediscommander/redis-commander:latest
    restart: always
    depends_on:
      - redis
    environment:
    - REDIS_HOST=redis
    - REDIS_PORT=6379
    - REDIS_PASSWORD=pass!word2
  redis:
    image: redis
    restart: always
    command: >
      --requirepass pass!word2
  api:
    labels:
      - traefik.enable=true
      - traefik.frontend.passHostHeader=true
      - traefik.http.routers.http-router.entrypoints=websecure
      - traefik.http.routers.http-router.tls.certresolver=myresolver
      - traefik.http.routers.http-router.rule=Host(`openflow.codecenter.info`)
      - traefik.http.routers.http-router.service=http-service
      - traefik.http.services.http-service.loadbalancer.server.port=3000
      - traefik.http.routers.grpc-router.rule=Host(`grpc.openflow.codecenter.info`)
      - traefik.http.routers.grpc-router.service=grpc-service
      - traefik.http.routers.grpc-router.entrypoints=websecure
      - traefik.http.routers.grpc-router.tls.certresolver=myresolver
      - traefik.http.services.grpc-service.loadbalancer.server.port=50051
      - traefik.http.services.grpc-service.loadbalancer.server.scheme=h2c
    image: "openiap/openflow"
    deploy:
      replicas: 1
    pull_policy: always
    restart: always
    depends_on:
      - rabbitmq
      - mongodb
      - redis
    volumes:
      - "//var/run/docker.sock:/var/run/docker.sock"
    environment:
      - auto_create_users=false
      - auto_create_domains=
      - websocket_package_size=25000
      - websocket_max_package_count=1048576
      - protocol=https
      - port=3000
      - domain=openflow.codecenter.info
      - log_with_colors=false
      
      # enable this to use the openflow amqp, only usefull when you have more than one replicas
      - enable_openflow_amqp=true 
      - amqp_prefetch=25
      
      # uncomment to add agents to the same docker compose project ( will breake running docker compose up -d if any agents running )
      # - agent_docker_use_project=true
      
      
      - agent_oidc_userinfo_endpoint=http://api:3000/oidc/me
      - agent_oidc_issuer=https://openflow.codecenter.info/oidc
      - agent_oidc_authorization_endpoint=https://openflow.codecenter.info/oidc/auth
      - agent_oidc_token_endpoint=http://api:3000/oidc/token
      - agent_docker_entrypoints=web,websecure
      - agent_docker_certresolver=myresolver 

      - amqp_url=amqp://guest:guest@rabbitmq
      - mongodb_url=mongodb://mongodb:27017
      - mongodb_db=openrpa

      - aes_secret=O1itlrmA47WzxPj95YHD2sZs7IchYaQI25mQ
      
      - cache_store_type=redis
      - cache_store_redis_host=redis
      - cache_store_redis_password=pass!word2
volumes:
  mongodb_data:
    driver: local

Also, the api1 container does not keep an IP address. I can manually toggle a network connection, but the container will loose it again after a couple of seconds

Hi Kowts, thank you, I did read your post, but TBH did not quite understand what you mean with using “web” instead of “api”…

Thanks for sharing your yml, i will try it woth yours adapted to my domain!

So unfortunately your yml didn’t do the trick, either @kowts

Hi @Frederike_Reppekus

About my yaml file, there are some elements I activate/use only for curiosity, thinks like:
mongoexpress, traefik dashboard (read @Allan_Zimmermann comments in the file) and redis but you can remove them if you don’t need them.

About“web” instead of “api”, previously there was a commit in github this section was “web” but in the new commit is “api” now.
image

I think @Allan_Zimmermann can help you with that.

You can try to see what happening in docker container with this command:
sudo docker logs --follow CONTAINER_ID

you cannot use WEB instead of API … in openflow 1.5 it MUST be called api. So please keep with that.

You can let traefik handle certificates ( then you use letsencrypt-up / docker-compose-letsencrypt.yml ) or you can let cloudflare handle it, ( then you need to use normal-up / docker-compose.yml )

Are you using the docker compose command or trying to load from portainer ? if the latter, please use docker compose commands to start with, then you can always test using portainer later.

Also, i have 0 expereince with using cloadflare as an reverse proxy, but it’s vital that cloudflare forwards the correct hostheaders to docker/traefik, or traefik will return error 404 for everything.

Hi @Allan_Zimmermann

The setup has been tried in both variants, both with your docker-compose, as well as using portainer, after not being able to reach the instance.

I have tried cloudflare proxied, and unproxied, also no difference.

VERY Funny: Just thought, ah, not worth the hassle, lets just just try the software and the setup out first on http://app.openiap.io

What do I get? … right, 404 page not found.

So I kinda get the feeling this might be a deeper lying issue???

What does that mean? “The software”?

Also, I don’t use HTTP, only HTTPS, so you need to use https://app.openiap.io.

Openflow is basically just a web server listening on port 3000, a MongoDB instance, and a RabbitMQ instance (and later we can add multiple more things, but let’s leave that out for now). The openflow instance needs to be able to reach the two other instances before it will start listening. So all troubleshooting starts there. Fix any errors that show up in the console.

Next, we need a way to send traffic to openflow and to each agent we start. I chose Traefik since I can control it only using labels on the containers. So in Docker Compose, we also add Traefik and set it to listen to port 80 (and also 443 if it has a public IP address so we can use Let’s Encrypt, but while troubleshooting, leave that out and keep it simple).

Traefik again needs to be able to reach openflow and any agent it starts, so in a browser make sure you can reach Traefik. And if you don’t see anything “openflow-like”, double-check DNS, and then look for any errors in Traefik. (Traefik can be a little bit of a pain to troubleshoot, but start with adding “–log.level=DEBUG” to the command section.)

I have no experience with Cloudflare, so I cannot help you there. But if you can use it like just a DNS provider without all the other proxy stuff, that would probably help in your troubleshooting. You can always enable their fancy DDoS protection stuff later.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.