ERPNext V13 seemingly running without Nginx (possible?)

JLH · July 12, 2021, 4:19am

All,

I have managed, over the past ten days or so, to get ERPNext up and running on Ubuntu 20.04. I now have an odd (to me) situation that I can’t seem to get my head around.

I thought ERPNext required Nginx but at the moment I don’t appear to have Nginx running yet ERPNext seems to be functioning without issue.

Running sudo lsof -i -P -n | grep LISTEN

shows I have various processes running:

sshd
MariaDB
redis-server
python
node
apache
etc.

running but no Nginx. I discovered this after dropping a couple of different PHP applications in my var/www/html directory as I was preparing to set them up to run alongside ERPNext. I was assuming I would need to work on config files for Nginx but when, on a whim, I tried to access the PHP apps, they loaded into the browser, I was surprised to say the least.

I quickly checked to see how they could possibly be served and found that Apache was running…which is odd as I don’t remember installing it on my fresh instance of 20.04…maybe it was there by default…?

Then I checked to see what ports were being used by what services and low and behold…no Nginx.

Is this even possible?

Note - I am running on a local IP at the moment with no domain yet specified.

nomi-gee · July 12, 2021, 10:07am

yes you can run erpnext on apache as well. i have done it a long time ago

nomi-gee · July 12, 2021, 10:11am

<VirtualHost {ip-address-of-vps}>
ServerAlias "{domain-name-with-www}"
ServerName {domain-name}

DocumentRoot {full-path-to-domain}

ProxyPreserveHost On
ProxyRequests Off
ProxyTimeout 120
ProxyPass "/.well-known/" "!"
ProxyPass "/AutoDiscover/" "!"
ProxyPass "/mail/" "!"
ProxyPass "/cgi-bin/" "!"
ProxyPass "/assets/" "!"
ProxyPass "/files/" "!"

RewriteEngine On
RewriteCond %{REQUEST_URI}  ^/socket.io               [NC]
RewriteCond %{QUERY_STRING} transport=polling         [NC]
RewriteRule /(.*) http://localhost:9000/socket.io/$1  [P,L]
RequestHeader set Host "{domain-name}"
RequestHeader set X-Frappe-Site-Name "{domain-name}"
ProxyPass "/socket.io" "ws://localhost:9000/socket.io/"
ProxyPassReverse "/socket.io" "ws://localhost:9000/socket.io/"
<Location "/socket.io">
    RequestHeader set X-Frappe-Site-Name "{domain-name}"
</Location>

Alias "/assets" "/home/erp/frappe-bench/sites/assets"
<Directory /home/erp/frappe-bench/sites/assets>
    Options FollowSymLinks
    Require all granted
</Directory>
Alias "/files" "{full-path-to-domain-public-files}"
<Directory {full-path-to-domain-public-files}>
    Options FollowSymLinks
    Require all granted
</Directory>
ProxyPass "/"  "http://localhost:8000/"
ProxyPassReverse "/"  "http://localhost:8000/"
<Location "/">
    RequestHeader set X-Frappe-Site-Name "{domain-name}"
</Location>

SSLCertificateFile 
SSLCertificateKeyFile 
# Baseline setting to Include for SSL sites

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

brian_pond · July 12, 2021, 4:43pm

Short answer: ERPNext does not strictly require Nginx. However. You must (somehow) create a means of routing traffic to/from your ERPNext server.

Longer explanation:
By default, ERPNext runs a web service on localhost port 8000.

If you are logged into the ERPNext server, you can connect to http://localhost:8000, and it will work. Sometimes I install a text-based browser (like Lynx) , just to do this.

If you are on the same LAN, you can connect to ERPNext using the machine’s IP address.

Assume my laptop is 192.168.0.10, and my ERPNext server is 192.168.0.11.
I can open my browser to http://192.168.0.11:8000, and it will work.

So why Nginx?

Nginx is added to ERPNext for the following reasons.

Reverse Proxy. So we can login to the machine using http://domain_or_subdomain.com, instead of by IP address and port.
TLS support. So we can connect securely using HTTPS instead of HTTP (you’ll need to create your certificates first)

I’m assuming using other software for reverse proxy would work fine (i.e. Apache). But have never personally tested that.

JLH · July 13, 2021, 1:42am

Brian,

Thank you very much for the thorough explanation. You have very clearly confirmed my guesses. I noted that ERPNext was/is running on my local network and accessible via the internal IP. I am able to access it even after turning Apache and Nginx off…which initially had me very confused.

I’m comfortable with Apache as a web server and reverse proxy so I may go that route but I’m very intrigued by Nginx and keen to learn how to use it…although the config files are racking my brain at the moment. I’ll keep experimenting with the goal of successful enlightenment.

Thanks again for your support.

Cheers

Jason

brian_pond · July 13, 2021, 6:03am

Understanding Nginx configuration files can be extremely challenging (at least, it has been for me).

Helpful Tip: To support debugging, Nginx uses a completely separate binary executable. Its name is ‘nginx-debug’. You will need to run that executable (instead of the normal one) to open up the debugging logs fully.

(Debugging NGINX | NGINX Plus)

One of many fun & exciting Nginx pitfalls. I’ve spent countless hours troubleshooting it. CORS is my arch-nemesis.

snv · July 13, 2021, 6:09am

Have you tried the new site config allow_cors?

brian_pond · July 13, 2021, 6:13am

No, but I’m not familiar with most of the Bench commands related to Nginx. All my configurations have been hand-crafted.

snv · July 13, 2021, 6:16am

Right, I introduced this config here for one of my clients and it basically sets the headers in Frappe itself instead of Nginx.

brian_pond · July 13, 2021, 6:20am

Oh, very cool…I like it!