External access to ERPNext on macOS server

Kyro · November 3, 2020, 8:31pm

Hello,

I’ve been using ERPNext in local mode for a while, now I have an outside partner who needs to get into the system.

The implementation on macOS Catalina in local mode works, but I can’t access it from the outside by port 443.

I have performed the steps to set ERPNext to production mode:

$ sudo bench setup production frappe

I have also tested in manual mode with:

$ bench setup supervisor

$ bench setup nginx

But I can’t access it from the outside by port 443, if by the 8000

I have also performed the same steps by severing the Apache Server that has macOS by default, since it uses port 80, but I have not been successful either.

How can I configure Nginx so that I can access ERPNext from macOS by port 443?

Any help is to be appreciated.

Best Regards!

adityahase · November 4, 2020, 8:11am

Have you setup SSL using Let’s Encrypt?

You’ll need to setup DNS based multitenancy first.

rahy · November 5, 2020, 6:55am

Hi @Kyro,
Are you installing using docker container or directly on macOS?
Sorry for not answering.

Kyro · November 8, 2020, 1:55am

Hello, sorry to reply late, I’ve been out for work.

Responding to @adityahase, the DNS based multitenancy is done, I have three sites running in local mode, I access them from another computer on the local network as well as from the internet with the domain name plus port 8000 (one.domain.com:8000, two.domain.com:8000, three.domain.com:8000). Regarding Let’s Encrypt I cannot configure it or assigning the mac server, the error is the following:

frappe@mac-server frappe-bench % sudo bench setup lets-encrypt  one.domain.com
Password:
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
Traceback (most recent call last):
  File "/Users/frappe/frappe/bench-env/bin/bench", line 11, in <module>
    load_entry_point('bench', 'console_scripts', 'bench')()
  File "/Users/frappe/frappe/.bench-repo/bench/cli.py", line 41, in cli
    bench_command()
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/frappe/frappe/bench-env/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/Users/frappe/frappe/.bench-repo/bench/commands/setup.py", line 122, in setup_letsencrypt
    setup_letsencrypt(site, custom_domain, bench_path=".", interactive=not non_interactive)
  File "/Users/frappe/frappe/.bench-repo/bench/config/lets_encrypt.py", line 42, in setup_letsencrypt
    run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive)
  File "/Users/frappe/frappe/.bench-repo/bench/config/lets_encrypt.py", line 56, in run_certbot_and_setup_ssl
    service('nginx', 'stop')
  File "/Users/frappe/frappe/.bench-repo/bench/config/production_setup.py", line 79, in service
    raise Exception('No service manager found')
Exception: No service manager found

If I try to configure ERPNext in production mode I get the following error:

frappe@mac-mini-2014 frappe-bench % sudo bench setup production frappe
$ sudo -H /usr/local/opt/python@3.8/bin/python3.8 -m pip install ansible
Collecting ansible
  Downloading ansible-2.10.3.tar.gz (28.0 MB)
     |████████████████████████████████| 28.0 MB 56.6 MB/s 
Requirement already satisfied: ansible-base<2.11,>=2.10.3 in /usr/local/lib/python3.8/site-packages (from ansible) (2.10.3)
Requirement already satisfied: packaging in /usr/local/lib/python3.8/site-packages (from ansible-base<2.11,>=2.10.3->ansible) (20.4)
Requirement already satisfied: PyYAML in /usr/local/lib/python3.8/site-packages (from ansible-base<2.11,>=2.10.3->ansible) (5.3.1)
Requirement already satisfied: jinja2 in /usr/local/lib/python3.8/site-packages (from ansible-base<2.11,>=2.10.3->ansible) (2.10.3)
Requirement already satisfied: cryptography in /usr/local/lib/python3.8/site-packages (from ansible-base<2.11,>=2.10.3->ansible) (3.2.1)
Requirement already satisfied: six in /usr/local/lib/python3.8/site-packages (from packaging->ansible-base<2.11,>=2.10.3->ansible) (1.12.0)
Requirement already satisfied: pyparsing>=2.0.2 in /usr/local/lib/python3.8/site-packages (from packaging->ansible-base<2.11,>=2.10.3->ansible) (2.4.7)
Requirement already satisfied: MarkupSafe>=0.23 in /usr/local/lib/python3.8/site-packages (from jinja2->ansible-base<2.11,>=2.10.3->ansible) (1.1.1)
Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/local/lib/python3.8/site-packages (from cryptography->ansible-base<2.11,>=2.10.3->ansible) (1.14.3)
Requirement already satisfied: pycparser in /usr/local/lib/python3.8/site-packages (from cffi!=1.11.3,>=1.8->cryptography->ansible-base<2.11,>=2.10.3->ansible) (2.20)
Building wheels for collected packages: ansible
  Building wheel for ansible (setup.py) ... done
  Created wheel for ansible: filename=ansible-2.10.3-py3-none-any.whl size=46091824 sha256=5d7dee141e0ebdc13ed160cffdcddf19986aef177980013cb9003e09489e0139
  Stored in directory: /private/var/root/Library/Caches/pip/wheels/d4/aa/67/ab673e276d0f02bb35ac71ba7491b8456d56b3c7fe4322e7cb
Successfully built ansible
Installing collected packages: ansible
Successfully installed ansible-2.10.3
$ bench setup role fail2ban
Ansible is needed to run this command, please install it using 'pip install ansible'
$ bench setup role nginx
Ansible is needed to run this command, please install it using 'pip install ansible'
$ bench setup role supervisor
Ansible is needed to run this command, please install it using 'pip install ansible'
supervisor.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
Traceback (most recent call last):
  File "/usr/local/bin/bench", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.8/site-packages/bench/cli.py", line 41, in cli
    bench_command()
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/bench/commands/setup.py", line 73, in setup_production
    setup_production(user=user, yes=yes)
  File "/usr/local/lib/python3.8/site-packages/bench/config/production_setup.py", line 25, in setup_production
    supervisor_conf = os.path.join(get_supervisor_confdir(), '{bench_name}.{extn}'.format(
  File "/usr/local/Cellar/python@3.8/3.8.6_1/Frameworks/Python.framework/Versions/3.8/lib/python3.8/posixpath.py", line 76, in join
    a = os.fspath(a)
TypeError: expected str, bytes or os.PathLike object, not NoneType

Responding to @rahy, I am using Frappe with ERPNext directly on macOS.

Thanks to both of you for your interest in helping, I am very grateful.

Kyro · November 16, 2020, 8:59pm

The solution to the ports is creating entries in a station where you can have the reverse proxy service, the entries must point to the stations of your internal network that you want.

First we must go to the Contracted Domain Service and create the type A DNS records that point to the Public IP of your house:

DNS - A - erp.my-domain.com to My Public IP

I have a Synology NAS where I can create Reverse Proxy entries, it is in Application Portal / Reverse Proxy:

Origin: https://erp.my-domain.com
Destination: https://192.168.0.100 (example internal IP)

In the client stations (192.168.0.100) you must indicate the DNS name that points to localhost or 127.0.0.1

$ nano /etc/hosts

# ERPNext
# 127.0.0.1 erp.my-domain.com

Anyway I do not stop having problems with Python packages with each update, as well as with macOS updates, with which I receive XCode compatibility errors.

Overall, I’m going to spend the time learning how to install Frappe and ERPNext on Docker to avoid these things.