ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Secure Docker ERPNext Installation on Existing Server Behind Apache2 Reverse Proxy? Ubuntu 18.04.2 LTS

Hi everyone, and thank you in advance because I have been pulling my hair out for 2 weeks now trying everything I can to get this to work.

  • I guess my first question is- Is an installation via Docker, behind an apache2 reverse proxy, utilizing ssl/https, actually possible? Has anyone managed this so far?
    I very well understand that it isn’t the ideal method of installation by any means, and if it were up to me I’d be manually installing on a bare metal server, but as is my only option is installing it on a server that is being used to serve an SVN repo through port 443.
    The conclusion I had drawn was to use the containerized install as to not have NGINX fight with Apache2, and use a named vhost to remote proxy incoming requests with the correct address (say, erp.site.com and svn.site.com). Further complicating things, I’d like to use a .dev domain for erp, meaning having it secured through ssl is the only option. This, however, can be changed to a .com or otherwise if that is the cause of my issues, but I doubt that.

  • So far, through various tweaks I’ve been able to scrape off the forums and other discussions, I have been able to get as far as the domain getting to NGINX after being passed by Apache2, but receiving an error 111 connection refused due to NGINX expecting https but recieving http. With my limited knowledge on Apache2, I can’t seem to find the right parameters to add to the vhost in order to correctly pass through the ssl/https in a way that works; most that I try result in either other errors, infinite looping through the ports, or the request not reaching NGINX at all. I have yet to try terminating the ssl at the reverse proxy and having NGINX only handle http, as I wasn’t quite awake enough in Networking 102 to know if I’d be creating a security risk/MITM opportunity by doing so.

  • One common thing I’m seeing is it being said that Port based Multi-tenancy is required. However, setting this up as the documentation guides results in an even less functioning install, as the documentation instructs to docker-compose replacing the NGINX default config with a different one, that does not contain any of the container routing configurations that the default config has. I’m unsure if the documentation is incomplete or I’m missing something with that.

  • Traefik is commented out as it shouldn’t be needed with a reverse proxy in front of the container, this much seems to go without any hiccups. The site runs as can be determined from logs, so the install itself isn’t seeming to be a problem. Of course, setting it up with my desired .dev domain means I need to get SSL working before I can as much as navigate to the site to check it.

  • I have a development build running via bench on my dev machine, with nginx serving as the reverse proxy itself in order to serve other webapps on that machine, but this is on port 80 and unsecured, in opposition to the server I need to install a production build on.

I apologize for not having logs or configs to submit for checking, the amount of different things I’ve tried and changed over the past few weeks would make a “what specifically am i doing wrong?” post not very conducive to a solution, especially as I’ve uninstalled/reinstalled a handful of times, and it is currently likely nowhere near working.

TL;DR: Can the Docker build of ERPNext be installed behind an apache2 reverse proxy, and be served via HTTPS exclusively? What would be the method of doing such? Preferably step-by-step but I have, I’d believe at least, enough knowledge to pick up information I’m missing with less. If this is not feasible, or I’m making this much harder than it needs to be, what would be a preferable alternative aside from bare metal or using frappes cut down free cloud hosting option?

Thanks in advance again for any help, I understand this is probably a headache of a post due to both my terrible communication skills and what I’m asking for, but I’ve tried just about everything I can find already posted about to no avail and have reached enough desperation to ask here.

related post: Production Installation using Frappe Docker

I was able to install ERPNext under apache here.

I just named the site “localhost” so the apache config calls it with Host header as localhost.