We have just restarted our openRPA machine and the new opencore UI is now showing. When we click signin it allows the sign in and then shows no options in the left side panel and leaves the sign in button available. clicking the sign in after this brings up no login screen but generates a console error:
BNqk3971.js:1 Mixed Content: The page at ‘https://openflow.xyz.com/ui/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://openflow.xyz.com/oidc/token’. This request has been blocked; the content must be served over HTTPS.
as per my previous post this was all working fine before the UI update.
Also if i use http, everything works. We need it to be secured however, so this is not an option for us unfortunately.
This is a docker setup running on ubuntu on an ec2 machine in aws. the machine is behind an AWS load balancer that handles the SSL, we have the protocol setting set to http as per previous advice as well as specific https/http on the following:
I have tried changing the token endpoint to be https in the compose.yml, but the error stayed the same, so it appears it did not pick up the change or the setting has no bearing on this issue.
Any suggestions about where to look next on this one?
Not sure how “big” an upgrade this was (how old the install was) but about a year ago, I was doing a slow migration of settings from environment variables to the base config object in the database configured in the “configuration page” inside OpenCore. (Yeah, we call it OpenCore now, since OpenFlow is trademarked by someone else.)
So make sure protocol is also https in the config page.
Now, I know you cannot do that right now, so if this was working before the UI update, you could change the “image” tag under the “api” service to use an older version like openiap/openflow:1.5.10.62
But i don’t think it’s the new UI , so if you still have problems maybe go back one more version to openiap/openflow:1.5.9.56
The protocol was set to https, so nothing to change there. Setting the version to 1.5.10.62 allowed everything to work again.
We are still pre-production, but not for long, so i have a limited time to change things and experiment and i would be keen to get it working in the new UI if you have any other things to potentially consider in the setup?
If it works with 1.5.10.62, I cannot for the life of me see why it should not work with 1.5.11.119 as well. The only change between those versions is the web interface.
Hear me out… For a long time, the web interface was an “integrated” part of OpenFlow/OpenCore, but starting with 1.5.10, it was separated out. So, it works as a separate thing (under /ui/) and can run on its domain name or with the same domain as the APIs. Moving from the old AngularJS to the SvelteKit version should be the same.
I would say, try again, upgrading to 1.5.11.119 (use a fixed version, so you don’t get an accidental upgrade again in the future) but before you do, MAKE SURE, both the docker-compose file AND config page in OpenCore, shows protocol as https… compare your settings with docker/docker-compose-letsencrypt.yml at main · open-rpa/docker · GitHub and avoid having more settings than that, and keep the rest in the database (config page inside OpenCore)
also note the “hack” to RabbitMQ by adding frameMax=0x2000 … if you don’t have that, RabbitMQ will break, if you do a docker-pull
No go there unfortunately. Same error when the new UI is in place. Protocols are all set to https. I wonder if the problem stems from using the AWS load balancer to do the SSL certs. - this means all comms from load balancer to client are 443 with cert, and all internal is port 80. we don’t have the option for lets encrypt, however i do have the required certificate/key in pem format, so could use that if there is a way to make it work and then just use 443 all the way through the loadbalancer and the ineternal server setup.
Have you had anyone else setup this way with a loadbalancer in front of the product?
Traefik is a load balancer, so having one more is redundant. Using a different load balancer, except for OpenShift, is currently not supported. But I know it’s important for you to use the AWS load balancer, so I will not “argue” that. But if the only reason you need to use the AWS load balancer is to use a custom certificate, you can also do that with Traefik (Traefik TLS Documentation - Traefik).
But (that is a lot of “buts”), I cannot see any reason why this should not continue to work the way it always has, just by using a version with the Svelte Kit UI unless there is an issue with the protocol variable… I know I asked twice, but I’m going to ask again, can you please confirm that it is set to https in BOTH the Docker Compose file AND the config page inside OpenCore? (and that you are using entrypoints=web for all services in Docker Compose and have agent_docker_entrypoints=web for the API (also also validate this the same on the config page inside OpenCore). And that both agent_oidc_issuer and agent_oidc_authorization_endpoint are using https too (check in both docker compose and config page in OpenCore).
If that is the case, then I don’t know how to troubleshoot this further without “getting access” and playing around with it myself.