Redirect URI of connected App is HTTP instead of HTTPS

ERPNext
1

Hey there,

I have created a custom image for my erpnext according to the following instructions: frappe_docker/docs/custom-apps.md at main · frappe/frappe_docker · GitHub

To create the docker-compose environment I used the easy-install.py script. I use traefik as a proxy and the automatic creation of the SSL certificates works without any problems. My site is accessible via HTTPS and everything works so far. However, when I want to create a new connected app, the automatically generated URI is created with HTTP and not HTTPS. Since providers such as Microsoft Entra only allow HTTP for localhost, I cannot connect any apps.

image
image1049×316 16.2 KB

Does anyone have an idea where the problem lies? These are my configurations of the frontend and proxy service:

  frontend:
    command:
      - nginx-entrypoint.sh
    depends_on:
      backend:
        condition: service_started
        required: true
      websocket:
        condition: service_started
        required: true
    environment:
      BACKEND: backend:8000
      CLIENT_MAX_BODY_SIZE: 50m
      FRAPPE_SITE_NAME_HEADER: $$host
      PROXY_READ_TIMEOUT: "120"
      SOCKETIO: websocket:9000
      UPSTREAM_REAL_IP_ADDRESS: 127.0.0.1
      UPSTREAM_REAL_IP_HEADER: X-Forwarded-For
      UPSTREAM_REAL_IP_RECURSIVE: "off"
    image: ghcr.io/user/repo/custom:1.0.0
    labels:
      traefik.enable: "true"
      traefik.http.routers.frontend-http.entrypoints: websecure
      traefik.http.routers.frontend-http.rule: Host(`erp.myhost.com`)
      traefik.http.routers.frontend-http.tls.certresolver: main-resolver
      traefik.http.services.frontend.loadbalancer.server.port: "8080"
    networks:
      default: null
    volumes:
      - type: volume
        source: sites
        target: /home/frappe/frappe-bench/sites
        volume: {}
  proxy:
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:443
      - --certificatesResolvers.main-resolver.acme.httpChallenge=true
      - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
      - --certificatesResolvers.main-resolver.acme.email=admin@myhost.com
      - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
    image: traefik:2.5
    networks:
      default: null
    ports:
      - mode: ingress
        target: 80
        published: "80"
        protocol: tcp
      - mode: ingress
        target: 443
        published: "443"
        protocol: tcp
    volumes:
      - type: volume
        source: cert-data
        target: /letsencrypt
        volume: {}
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
        read_only: true
        bind:
          create_host_path: true

Thanks

2

Hi @samy4sam:

Check your site_config.json file.
host_name includes https?

Hope this helps.

1 Like
3

Hi @avc

There was no host_name entry in the site_config.json. So I added one:

"host_name": "https://erp.myhost.com"

and it solved my problem :slight_smile:
The redirect URI starts now with https.

Thank you!

1 Like