Skip to content
This repository has been archived by the owner on Jan 9, 2023. It is now read-only.

Not working on server ipaddress #1467

Closed
geordin opened this issue Jul 31, 2018 · 28 comments
Closed

Not working on server ipaddress #1467

geordin opened this issue Jul 31, 2018 · 28 comments
Labels
devops issue/pull request that includes changes to documentation to devops processes docs issue/pull request that includes changes to documentation

Comments

@geordin
Copy link

geordin commented Jul 31, 2018

hospitalrun-frontend is configured with nginx as reverse proxy. But the login is not working. While checking the backed we are getting the below given error.

========================
Content Security Policy violation:
referrer": "",
"violated-directive": "script-src",
"effective-directive": "script-src",
"original-policy": "connect-src 'self' ws://localhost:7020 ws://0.0.0.0:7020 ws://undefined:7020 http://localhost:4200; default-src 'self'; frame-src 'self'; img-src 'self' filesystem: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:7020 0.0.0.0:7020 undefined:7020; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; report-uri http://localhost:4200/csp-report;",
"disposition": "report"

Please help.

@donaldwasserman
Copy link
Contributor

@geordin So for a little background, this is due to the content security policy that is a best practice to prevent Cross Site Scripting (XSS) attacks. Here is some information about it

The content security policy defines what scripts can be loaded safely from what domains. Since you're running behind nginx with a separate domain from where you're loading the scripts, I think the browser triggering this warning.

You need to edit config/environment to reflect the domain from where you're loading the scripts: See Line 31

So if you're loading the script static.mydomain.com, you need to update your content security policy like this:

 ENV.contentSecurityPolicy = {
    'connect-src': "'self'",
    'default-src': "'self'",
    'frame-src': "'self'",
    'img-src': "'self' filesystem: data: blob:",
    'script-src': "'self' '*.mydomain.com' 'unsafe-inline' 'unsafe-eval'",
    'style-src': "'self' 'unsafe-inline'"
  };

Let me know any other questions or how you've got this setup.

@donaldwasserman donaldwasserman added docs issue/pull request that includes changes to documentation devops issue/pull request that includes changes to documentation to devops processes labels Aug 2, 2018
@geordin
Copy link
Author

geordin commented Aug 3, 2018

I have tried the same, but still not working. That error message gone now. But when we enter the logins, the page will hang for 3,4 sec and then prompting the logins again. Please help us to solve the issue.

@donaldwasserman
Copy link
Contributor

@geordin Is there any output in the console/network tab of your browser? We probably need a little more information about how you're running it and some additional error details.

If you're not super familiar with it, if you're part of the slack group here: https://hospitalrun-slackin.herokuapp.com/

@geordin
Copy link
Author

geordin commented Aug 6, 2018

I am starting the app using the command "ember serve -H 0.0.0.0" as root. The following messages showing at the console output.

===========================
root@ubuntu:~/hospitalrun-frontend# ember serve -H 0.0.0.0
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-cli-content-security-policy -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-cli-active-link-wrapper -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-cli-template-lint -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-i18n -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-i18n -> ember-getowner-polyfill -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-simple-auth -> ember-cookies -> ember-getowner-polyfill -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-simple-auth -> ember-getowner-polyfill -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-validations -> ember-cli-babel
DEPRECATION: ember-cli-babel 5.x has been deprecated. Please upgrade to at least ember-cli-babel 6.6. Version 5.2.8 located: hospitalrun -> ember-validations -> ember-getowner-polyfill -> ember-cli-babel
Could not start watchman
Visit https://ember-cli.com/user-guide/#watchman for more info.
Livereload server on http://0.0.0.0:7020
[API] Warning: The .read and .rebuild APIs will stop working in the next Broccoli version
[API] Warning: Use broccoli-plugin instead: https://github.com/broccolijs/broccoli-plugin
[API] Warning: Plugin uses .read/.rebuild API: BrocText
[API] Warning: Plugin uses .read/.rebuild API: ember-browserify
[API] Warning: Plugin uses .read/.rebuild API: TemplateLinter
[API] Warning: Plugin uses .read/.rebuild API: TemplateLinter
[API] Warning: Plugin uses .read/.rebuild API: TemplateLinter
[API] Warning: Plugin uses .read/.rebuild API: ember-browserify
[API] Warning: Plugin uses .read/.rebuild API: BroccoliServiceWorker

Build successful (39312ms) – Serving on http://0.0.0.0:4200/

Slowest Nodes (totalTime => 5% ) | Total (avg)
----------------------------------------------+---------------------
ember-browserify (2) | 11607ms (5803 ms)
broccoli-persistent-filter:StyleLinter (1) | 5272ms
Vendor JS (1) | 4982ms
broccoli-persistent-filter:EslintValid... (2) | 3675ms (1837 ms)
Babel: ember-data (2) | 2278ms (1139 ms)
Rollup (1) | 2054ms

Still after we enter the logins, the page will hang for 3,4 sec and then prompting the logins again.

Please help.

@MatthewDorner
Copy link
Contributor

MatthewDorner commented Aug 6, 2018

That's the app output, what about anything in the browser console (F12 to view in most browsers) ?

You might want to look at the nginx config files in the hospitalrun-server repository and make your config similar to that, as here we also use a nginx reverse proxy to serve the frontend:
https://github.com/HospitalRun/hospitalrun-server/blob/master/nginx/conf/defaultssl.conf.tmpl

Note that the frontend is on port 3000 in that config. For yours, if it's just the frontend, it would be 4200. Also note that this config is for https.

@geordin
Copy link
Author

geordin commented Aug 8, 2018

Hereby providing the the console out put from browser.

The source list for Content Security Policy directive 'script-src' contains an invalid source: ''192.168.10.173''. It will be ignored.
ember-cli-live-reload.js:7 [Report Only] Refused to load the script 'http://192.168.10.173:7020/livereload.js' because it violates the following Content Security Policy directive: "script-src 'self' '192.168.10.173' 'unsafe-inline' 'unsafe-eval' localhost:7020 0.0.0.0:7020 0.0.0.0:7020".

(anonymous) @ ember-cli-live-reload.js:7
(anonymous) @ ember-cli-live-reload.js:8
ember-cli-live-reload.js:7 POST http://0.0.0.0:4200/csp-report 0 ()
(anonymous) @ ember-cli-live-reload.js:7
(anonymous) @ ember-cli-live-reload.js:8
livereload.js:76 [Report Only] Refused to connect to 'ws://192.168.10.173:7020/livereload' because it violates the following Content Security Policy directive: "connect-src 'self' ws://localhost:7020 ws://0.0.0.0:7020 ws://0.0.0.0:7020 http://0.0.0.0:4200".

exports.Connector.Connector.connect @ livereload.js:76
Connector @ livereload.js:60
LiveReload @ livereload.js:330
(anonymous) @ livereload.js:1132
8../customevents @ livereload.js:1158
s @ livereload.js:1
e @ livereload.js:1
(anonymous) @ livereload.js:1
livereload.js:76 POST http://0.0.0.0:4200/csp-report 0 ()
exports.Connector.Connector.connect @ livereload.js:76
Connector @ livereload.js:60
LiveReload @ livereload.js:330
(anonymous) @ livereload.js:1132
8../customevents @ livereload.js:1158
s @ livereload.js:1
e @ livereload.js:1
(anonymous) @ livereload.js:1
(index):42 Error registering service worker:SecurityError: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).
(anonymous) @ (index):42
Promise.catch (async)
(anonymous) @ (index):41
:4200/#/login:1 This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information, see https://goo.gl/zmWq3m.

Also giving the environment configuration.

=============
'script-src': "'self' '192.168.10.173' 'unsafe-inline' 'unsafe-eval'",

Here I am not using nginx reverse proxy now. Please help.

@MatthewDorner
Copy link
Contributor

I believe you are getting an error because you're trying to access via an ip address, but you're not using https. on the server itself, you can access via "localhost:4200" without needing https, but accessing via any ip address, from either the server itself (such as http://0.0.0.0:4200) or another computer will give the error you got: "error registering service worker:SecurityError: Only secure origins are allowed" unless you access over https.

also the content security policy error is still there. It is for livereload script as I expected, but I'd focus on the above issue first. for the content security policy error, it looks like the way you entered the IP address in the config is not being accepted, maybe it wants the :7020 at the end.

@geordin
Copy link
Author

geordin commented Aug 8, 2018

Currently am using nginx reverse proxy with self signed SSL certificate. Messages displayed on browser console is given below.

=============================
The source list for Content Security Policy directive 'script-src' contains an invalid source: ''.hostpitalrun-test.com''. It will be ignored.
ember-cli-live-reload.js:7 [Report Only] Refused to load the script 'https://hospitalrun-test.com:7020/livereload.js' because it violates the following Content Security Policy directive: "script-src 'self' '
.hostpitalrun-test.com' 'unsafe-inline' 'unsafe-eval' localhost:7020 0.0.0.0:7020 undefined:7020".
ember-cli-live-reload.js:7 POST http://localhost:4200/csp-report 0 ()
ember-cli-live-reload.js:7 GET https://hospitalrun-test.com:7020/livereload.js 0 ()
(index):42 Error registering service worker:SecurityError: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.

I have two queries regarding this.

  1. Whether service worker woks with self signed certificate.
  2. Can we disable service worker in hospitalrun

Please help.

@MatthewDorner
Copy link
Contributor

  1. Self-signed worked for me when I was testing hospitalrun-server (which also uses nginx reverse proxy) on a local network and accessing server via an IP address, but it seems to be causing a problem here. I'm not sure what the solution is since I haven't seen this before.
  2. I believe it's essential for the app's operation.

You could also try using https://github.com/HospitalRun/hospitalrun-server which is intended for server deployments.

@geordin
Copy link
Author

geordin commented Aug 9, 2018

Yes, I have tried hospitalrun-server now. But the npm start command stuck on the below message.

Loading raml proxy - this may take a while...

Please help.

@MatthewDorner
Copy link
Contributor

If you're using hospitalrun-server, you don't have to run npm at all (and you don't have to run frontend separately either, frontend is part of the server package).

The instructions for hospitalrun-server are here: https://github.com/HospitalRun/hospitalrun-server/blob/master/DEPLOYMENT_GUIDE.md

Also you might want to join the Slack at https://hospitalrun-slackin.herokuapp.com/ and join the #troubleshooting channel.

@geordin
Copy link
Author

geordin commented Aug 9, 2018

Can we run hospitalrun-server without docker?

@MatthewDorner
Copy link
Contributor

https://github.com/HospitalRun/hospitalrun-server/blob/master/README.md

There's an "Alternative Installation" listed here but I have no experience with it, and it seems like it'd be pretty much the same as what you were doing before.

@geordin
Copy link
Author

geordin commented Aug 9, 2018

I have tried docker installation but one of the container not starting.


0d1821ff6354 hospitalrun "/bin/sh -c ./entr..." About an hour ago Exited (0) 13 seconds ago

While checking the logs,


errid: 'non_200',
description: 'couch returned 401' }
Error creating push database! { Error: Name or password is incorrect.
at Request._callback (/usr/src/app/node_modules/nano/lib/nano.js:252:15)
at Request.self.callback (/usr/src/app/node_modules/nano/node_modules/request/request.js:185:22)
at emitTwo (events.js:106:13)
at Request.emit (events.js:191:7)
at Request. (/usr/src/app/node_modules/nano/node_modules/request/request.js:1157:10)
at emitOne (events.js:96:13)
at Request.emit (events.js:188:7)
at IncomingMessage. (/usr/src/app/node_modules/nano/node_modules/request/request.js:1079:12)
at IncomingMessage.g (events.js:292:16)
name: 'Error',
error: 'unauthorized',
reason: 'Name or password is incorrect.',
scope: 'couch'

Note that am using an Ubuntu server.

Please help.

@MatthewDorner
Copy link
Contributor

I see that error when I start up docker, but everything still works for me, so it may not be the cause of your problem. you should be able to see a log message right when the hospitalrun container exits that says something like "container exiting" and I would try to see what happens immediately before that message.

@geordin
Copy link
Author

geordin commented Aug 13, 2018

The messages logged before exiting the container is given below.

Aug 13 17:55:25 ubuntu kernel: [24688.629499] br-b7ae83a7b89d: port 1(vethf4a3bf0) entered disabled state
Aug 13 17:55:25 ubuntu kernel: [24688.629686] vethbd59b44: renamed from eth0
Aug 13 17:55:25 ubuntu kernel: [24688.656313] br-b7ae83a7b89d: port 1(vethf4a3bf0) entered disabled state
Aug 13 17:55:25 ubuntu kernel: [24688.658329] device vethf4a3bf0 left promiscuous mode
Aug 13 17:55:25 ubuntu kernel: [24688.658337] br-b7ae83a7b89d: port 1(vethf4a3bf0) entered disabled state

Any idea regarding this.

@MatthewDorner
Copy link
Contributor

sorry but I haven't seen those errors before.

@geordin
Copy link
Author

geordin commented Aug 14, 2018

Anybody tried hospitalrun-frontend without docker??

@geordin
Copy link
Author

geordin commented Aug 14, 2018

I have installed hospitalrun-frontend without docker and is working fine in localhost. How can I make it public. Anybody please help.

@geordin geordin closed this as completed Aug 14, 2018
@geordin geordin reopened this Aug 14, 2018
@donaldwasserman
Copy link
Contributor

@geordin - Let's pause for a moment to figure out what you're trying to accomplish, because I think this conversation got a little off-track.

Are you:

  1. Trying to use Hospital Run as an application (either to run a clinic or to evaluate it)?
  2. Trying to get it set up in a local development environment?

Assuming it's number 1, there are two ways really of running the application:

  1. As a traditional client/server application.
  2. As an download-able electron app You can download it here

@geordin
Copy link
Author

geordin commented Aug 15, 2018

I am trying to use Hospital Run as an application. Please let me know the steps to follow for both.

  1. As a traditional client/server application.
  2. As an download-able electron app

@donaldwasserman
Copy link
Contributor

donaldwasserman commented Aug 17, 2018

@geordin: you can download the app from here: https://github.com/HospitalRun/hospitalrun-frontend/releases/

If you click the download link for the version of operating system you're running (IE Windows 32 or 64 bit)

The server setup steps are outlined here: https://github.com/HospitalRun/hospitalrun-server/blob/master/DEPLOYMENT_GUIDE.md

These are more complicated, but I'd be happy to help.

You can also chime in on slack: https://hospitalrun-slackin.herokuapp.com/

@geordin
Copy link
Author

geordin commented Aug 30, 2018

I have tried the same, but still one docker container not getting up.

Can you please let me know the exact environment that required for this app.

Like OS type, version. etc.

@geordin
Copy link
Author

geordin commented Sep 4, 2018

I need to run hospitalrun application in a a server and need to access the same publicly.

Please share the the code and install steps since I am facing the above issues currently.

@stukalin
Copy link
Contributor

stukalin commented Sep 4, 2018

@geordin we discovered the same problems as you (with raml etc.). We are trying to stabilize the docker environment in HospitalRun/hospitalrun-server#119. Please, hold on:)

@geordin
Copy link
Author

geordin commented Sep 4, 2018

Please notify once its sorted.

@geordin
Copy link
Author

geordin commented Sep 7, 2018

Hello,

Is this resolved?

@MatthewDorner
Copy link
Contributor

Added new fixes to hospitalrun-server today. You should be good to update your code and try again. If there are further issues, please make a new issue in the hospitalrun-server repo, as this one is closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
devops issue/pull request that includes changes to documentation to devops processes docs issue/pull request that includes changes to documentation
Projects
None yet
Development

No branches or pull requests

4 participants