Use HTTPS / Socket.io in development environment

jHetzer · May 1, 2019, 3:55pm

When setting up a development bench with ssl/https socket.io does not work:

bench init frappe-dev --python python3.7
cd frappe-dev
# Fix incompatible version error
./bin/pip3 install urllib3==1.24.2
bench get-app erpnext
bench switch-to-[branch]
bench new-site develop.[domain].com
bench set-config developer_mode 1
# https://github.com/frappe/erpnext/wiki/Setting-up-TLS-SSL-certificates-Let's-Encrypt-for-ERPNext-sites
bench set-ssl-certificate develop.[domain].com /etc/letsencrypt/live/develop.[domain].com/fullchain.pem
bench set-ssl-key develop.[domain].com /etc/letsencrypt/live/develop.[domain].com/privkey.pem
bench config dns_multitenant on
bench setup nginx
bench setup procfile
sudo ln -s `pwd`/config/nginx.conf /etc/nginx/conf.d/frappe-bench.conf
sudo service nginx restart
bench start

Resulting error:

GET https://develop.[domain].com:9000/socket.io/?EIO=3&transport=polling&t=Mfq3F1I net::ERR_CONNECTION_CLOSED
libs.min.js?ver=1556712335.0:1234:

Neither the NGINX nor the Bench/Frappe/ERPNext logs gave any hint
When using supervisor it does work
Executing supervisorctl start frappe-dev-web:frappe-dev-frappe-web, removing line web: bench serve --port 8000 from Procfile and executing bench start did work

Solution:
Changing following line in Procfile did the trick:
web: bench serve --port 8000
to
web: sudo bench serve --port 8000

Info:
The user, most likely frappe needs following sudo permission:

HEY! USE SCREEN -bash-4.2$ sudo -l

...

User frappe may run the following commands on erpnext:
    (root) /sbin/service
    (root) NOPASSWD: /sbin/service nginx *
    (root) NOPASSWD: /sbin/service supervisord *
    (root) /bin/systemctl
    (root) NOPASSWD: /bin/systemctl * nginx
    (root) NOPASSWD: /bin/systemctl * supervisord
    (root) NOPASSWD: /bin/supervisorctl
    (root) NOPASSWD: /sbin/nginx
    (root) NOPASSWD: /opt/certbot-auto
    (root) NOPASSWD: /bin/bench

Is this a ficable solution? Did I make any setup errors?

ERPNext: v11.1.23 (master)
Frappe Framework: v11.1.25 (master)
Bench: 4.1.0(master)
CentOS Linux release 7.6.1810 (Core)

gsbaig · December 18, 2019, 2:59pm

How i can edit procfile

clarkej · December 18, 2019, 3:30pm

The actual file name is Procfile - does this help? URL to use for production systems - #3 by rmehta

You can use an editor like nano…

Hejun_Cheng · February 21, 2020, 10:51am

Setting “web: sudo bench serve --port 8000” failed to start.

clarkej · February 21, 2020, 3:10pm

No need for sudo here - this line in Procfile should be just “web: bench serve --port 8000”

You don’t say what you tried that failed to start. But in any case http requests need a pair of listener processes to be running:

an nginx ‘public http server’ listens on say port 80, and
the bench ‘local private http server’ listens on say port 8000

To check that both of these listeners are running, try this:

frappe@ubuntu1804lts:~/frappe-bench$ sudo netstat -tlnp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3307/nginx: master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 16025/python

Hejun_Cheng · February 21, 2020, 5:41pm

I need to use https

clarkej · February 21, 2020, 9:50pm

So nginx will need to listen on port 443 to connect via ssl

Hejun_Cheng · February 22, 2020, 3:28am

Thanks for your reply, my site can indeed be accessed using https, but https: //
domain name: 9000 / socket.io /? EIO = 3 & transport = polling & t = N1gsHaP net :: ERR_SSL_PROTOCOL_ERROR

clarkej · February 22, 2020, 6:32am

Forum and web searches point to clues and checks to find the issue ERR_SSL_PROTOCOL_ERROR with Nginx - Server - Let's Encrypt Community Support

charleslcso · January 11, 2022, 1:27pm

I have this issue too. Can’t get apache reverse proxy working to https://xxxx.xxx:9000/socket.io