[Reverse Proxy] Can't upload image

riadabdel · July 8, 2021, 2:05pm

My version of HedgeDoc is: 1.8.2
Using Docker with nginx reverse proxy
What I expected to happen:

Upload images.

What actually happened:

Can’t Upload images: Uploading file…_fyk5d7ljx

2021-07-08T08:24:59.563Z info: 	deserializeUser: 3bb5fb0...
(node:35) UnhandledPromiseRejectionWarning: TypeError [ERR_INVALID_URL]: Invalid URL: /uploads/
    at onParseError (internal/url.js:258:9)
    at new URL (internal/url.js:334:5)
    at new URL (internal/url.js:331:22)
    at Object.exports.uploadImage (/hedgedoc/lib/web/imageRouter/filesystem.js:28:19)
    at /hedgedoc/lib/web/imageRouter/index.js:96:22
(node:35) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:35) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

I already tried:

Followed this https://docs.hedgedoc.org/guides/reverse-proxy/#reverse-proxy-config, but when i put this variable: CMD_DOMAIN, i got errors:
Capture d’écran de 2021-07-08 14-42-38
When i add CMD_PATH=/var/run/hedgedoc.sock, i got this error: listen EACCES: permission denied /var/run/hedgedoc.sock

davidmehren · July 9, 2021, 7:06am

Hi @riadabdel!

In addition to setting CMD_DOMAIN, if your reverse proxy terminates TLS (which it looks like it does), you also need to set CMD_PROTOCOL_USESSL to true. This tells HedgeDoc to use https in the URLs. Please ensure you set this variable.

You probably should not use CMD_PATH. It is only used in a very specific reverse proxy setup using sockets.

riadabdel · July 9, 2021, 7:44am

Hi @davidmehren
Yes i use this variable CMD_PROTOCOL_USESSL and it’s already set to True.
For now i stopped using CMD_DOMAIN and its work i can access to my docs, but i just can’t upload images, see error at the top.

davidmehren · August 12, 2021, 7:39am

I just noticed an error in this post: I wrote

You probably should not use CMD_DOMAIN

but meant to write CMD_PATH. Of course, CMD_DOMAIN should be used.
The post is edited now, and sorry for the confusion.

riadabdel · August 20, 2021, 6:49am

Hello,
After a week of research, i found where the error is!
In my case i use a Nginx reverse proxy, and when i use the variable CMD_DOMAIN, the site crash.
Beacause of this snippet, on the file hedgedoc/lib/config/index.js :

// cache serverURL
config.serverURL = (function getserverurl () {
  let url = ''
  if (config.domain) {
    const protocol = config.protocolUseSSL ? 'https://' : 'http://'
    url = protocol + config.domain
    if (config.urlAddPort) {
      if (!config.isStandardHTTPPort || !config.isStandardHTTPsPort) {
        url += ':' + config.port
      }
    }
  }
  if (config.urlPath) {
    url += '/' + config.urlPath
  }
  return url
})()

The solution for me is to get only https, like this:
const protocol = config.protocolUseSSL ? 'https://' : 'http://' => const protocol = config.protocolUseSSL ? 'https://' : 'http://'

I do this manually…Is it possible to get a fix on the next version ?

davidmehren · August 20, 2021, 10:59am

I’m sorry, I don’t understand what you want to change and why.

What do you mean by “site crash”? I have two deployments of HedgeDoc behind a nginx reverse proxy without any issues, so I would guess something in your setup is different.

Could you please post your HedgeDoc config (redact sensitive values) and your nginx config, so we can find out what is special in your setup?

riadabdel · August 23, 2021, 1:28pm

I can’t access to Hedgedoc when i use CMD_DOMAIN. I got the same page like this issue: https://community.hedgedoc.org/t/text-only-no-graphic/456
Hedgedoc conf:

CMD_DB_URL=XXXXX
CMD_LDAP_URL=ldaps://XXXX:XXX
CMD_LDAP_BINDDN=cn=XXX,ou=XXX,dc=XXX,dc=XX
CMD_LDAP_BINDCREDENTIALS=XXXX
CMD_LDAP_SEARCHBASE=ou=XXX,dc=XXX,dc=XX
CMD_LDAP_SEARCHFILTER=(&(objectClass=inetOrgperson)(mail={{username}}))
CMD_LDAP_USERIDFIELD=mail
CMD_DOMAIN=hedgedoc.XXX.XX
CMD_IMAGE_UPLOAD_TYPE=filesystem
CMD_URL_ADDPORT=False
CMD_PROTOCOL_USESSL=True
CMD_USESSL=False
CMD_ALLOW_ORIGIN=['hedgedoc.XXX.XX','codimd.XXX.XX','localhost']
CMD_ALLOW_EMAIL_REGISTER=False
CMD_SESSION_SECRET=XXXX

My Nginx conf:

server {
    listen 443 ssl http2 ;
    server_name hedgedoc.XXX.XX;

    ssl_dhparam XXX;
  	ssl_certificate XXX;
  	ssl_certificate_key XXX;
  	ssl_stapling on;
  	ssl_stapling_verify on;
  	ssl_trusted_certificate XXX;

    location / {
      proxy_pass              http://X.X.X.X:XXXX;
      proxy_redirect          http://X.X.X.X:XXXX https://hedgedoc.XXX.XX;
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header	      Upgrade $http_upgrade;
      proxy_set_header        Connection "upgrade";
      expires                 off;
      add_header              Cache-Control private;
      proxy_connect_timeout   600;
      proxy_send_timeout      600;
      proxy_read_timeout      600;
      send_timeout            600;
      client_max_body_size 16m;
      proxy_max_temp_file_size 16m;
    }
}

davidmehren · August 23, 2021, 1:51pm

Thanks for the config!

I think HedgeDoc does not like booleans with capital letters. Try using true instead of True and false instead of False.

riadabdel · August 23, 2021, 2:26pm

Thats right!!! it’s working know !
Thanks a lot