Use HTTPS / Socket.io in development environment

When setting up a development bench with ssl/https socket.io does not work:

bench init frappe-dev --python python3.7
cd frappe-dev
# Fix incompatible version error
./bin/pip3 install urllib3==1.24.2
bench get-app erpnext
bench switch-to-[branch]
bench new-site develop.[domain].com
bench set-config developer_mode 1
# https://github.com/frappe/erpnext/wiki/Setting-up-TLS-SSL-certificates-Let's-Encrypt-for-ERPNext-sites
bench set-ssl-certificate develop.[domain].com /etc/letsencrypt/live/develop.[domain].com/fullchain.pem
bench set-ssl-key develop.[domain].com /etc/letsencrypt/live/develop.[domain].com/privkey.pem
bench config dns_multitenant on
bench setup nginx
bench setup procfile
sudo ln -s `pwd`/config/nginx.conf /etc/nginx/conf.d/frappe-bench.conf
sudo service nginx restart
bench start

Resulting error:

GET https://develop.[domain].com:9000/socket.io/?EIO=3&transport=polling&t=Mfq3F1I net::ERR_CONNECTION_CLOSED
libs.min.js?ver=1556712335.0:1234:
  • Neither the NGINX nor the Bench/Frappe/ERPNext logs gave any hint
  • When using supervisor it does work
  • Executing supervisorctl start frappe-dev-web:frappe-dev-frappe-web, removing line web: bench serve --port 8000 from Procfile and executing bench start did work

Solution:
Changing following line in Procfile did the trick:
web: bench serve --port 8000
to
web: sudo bench serve --port 8000

Info:
The user, most likely frappe needs following sudo permission:

HEY! USE SCREEN -bash-4.2$ sudo -l

...

User frappe may run the following commands on erpnext:
    (root) /sbin/service
    (root) NOPASSWD: /sbin/service nginx *
    (root) NOPASSWD: /sbin/service supervisord *
    (root) /bin/systemctl
    (root) NOPASSWD: /bin/systemctl * nginx
    (root) NOPASSWD: /bin/systemctl * supervisord
    (root) NOPASSWD: /bin/supervisorctl
    (root) NOPASSWD: /sbin/nginx
    (root) NOPASSWD: /opt/certbot-auto
    (root) NOPASSWD: /bin/bench

Is this a ficable solution? Did I make any setup errors?

ERPNext: v11.1.23 (master)
Frappe Framework: v11.1.25 (master)
Bench: 4.1.0(master)
CentOS Linux release 7.6.1810 (Core)
1 Like

How i can edit procfile

The actual file name is Procfile - does this help? URL to use for production systems - #3 by rmehta

You can use an editor like nano…

Setting “web: sudo bench serve --port 8000” failed to start.

1 Like

No need for sudo here - this line in Procfile should be just “web: bench serve --port 8000”

You don’t say what you tried that failed to start. But in any case http requests need a pair of listener processes to be running:

  1. an nginx ‘public http server’ listens on say port 80, and
  2. the bench ‘local private http server’ listens on say port 8000

To check that both of these listeners are running, try this:

frappe@ubuntu1804lts:~/frappe-bench$ sudo netstat -tlnp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3307/nginx: master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 16025/python

I need to use https

So nginx will need to listen on port 443 to connect via ssl

Thanks for your reply, my site can indeed be accessed using https, but https: //
domain name: 9000 / socket.io /? EIO = 3 & transport = polling & t = N1gsHaP net :: ERR_SSL_PROTOCOL_ERROR

1 Like

Forum and web searches point to clues and checks to find the issue ERR_SSL_PROTOCOL_ERROR with Nginx - Server - Let's Encrypt Community Support

I have this issue too. Can’t get apache reverse proxy working to https://xxxx.xxx:9000/socket.io

1 Like