Comments (35)
All fixed now.
HTTP/HTTPS both working fine now.
Thanks @Frooodle .
from stirling-pdf.
Is this OK?Give us more information, a log entry would be desirable
from stirling-pdf.
Until these calls are resolved, you can add this line to your domain-ssl.conf :
# Add Content-Security-Policy to force use of HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests;"
Then reload your apache2 configuration.
from stirling-pdf.
@Frooodle that one also works fine for me
from stirling-pdf.
After cache clear? :P
hah yep cleared cache this time!
from stirling-pdf.
alright just made a 0.24.5 lets see if it works
from stirling-pdf.
Yes, this is exactly what happened to me.
from stirling-pdf.
Give us more information, a log entry would be desirable
from stirling-pdf.
I have the same issue, though only when I go through a reverse proxy with SSL.
Something about resources being requested in HTTP and not HTTPS
from stirling-pdf.
Another saw this issue and mentioned it was resolved by changing their reverse proxy from direct docker connection to IP:port
We are looking into this issue but also not sure of the cause at the moment
from stirling-pdf.
我也遇到了这样的问题,通过nginx反代后,就出现了
from stirling-pdf.
I have the same issue, though only when I go through a reverse proxy with SSL.
Something about resources being requested in HTTP and not HTTPS
I also noticed this problem when I tried to use OIDC. the redirect_url
is http
from stirling-pdf.
I've tested both with HTTP/HTTPS.
Still the same problem.
Please check both URL:
https://pdf.shinetechpro.com
http://154.12.224.81:8001
from stirling-pdf.
I've tested both with HTTP/HTTPS.
Still the same problem.
Please check both URL:
Http loads fine for me here and I think any direct IP would too as well
It seems to be issue with reverse proxy when combined with it not connecting via IP from what I have seen people reporting
from stirling-pdf.
what reverse proxy are you all using, can any share their configs?
from stirling-pdf.
what reverse proxy are you all using, can any share their configs?
what reverse proxy are you all using, can any share their configs?
I use apache2
<VirtualHost *:443>
ServerName example.com
SSLEngine on
# configure for ssl, this is global configuration.
SSLCertificateFile example.com.pem
SSLCertificateKeyFile example.com.pem.key
ProxyPreserveHost On
ProxyRequests Off
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule ^/?(.*) ws://stirling-pdf:8080/$1 [P,L]
<Location />
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
RequestHeader set X-Forwarded-Port "443"
ProxyPass http://stirling-pdf:8080/
ProxyPassReverse http://stirling-pdf:8080/
</Location>
ErrorLog ${APACHE_LOG_DIR}/pdf_error.log
# CustomLog ${APACHE_LOG_DIR}/pdf_access.log combined
</VirtualHost>
from stirling-pdf.
what reverse proxy are you all using, can any share their configs?
Note: I also have HAProxy running on Opnsense in front of this handling the TLS termination, but I've never run into issues with it
traefik:
# The official v2 Traefik docker image
image: traefik:latest
ports:
- 80:80
- 8282:8080
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
# Enables the web UI and tells Traefik to listen to docker
command:
- --api.insecure=true
- --providers.docker=true
- --entryPoints.http.address=:80
- --providers.docker.exposedByDefault=false
- --entryPoints.http.forwardedHeaders.insecure
- --entryPoints.http.proxyProtocol.insecure
restart: 'always'
stirling-pdf:
container_name: Stirling-PDF-Security
image: frooodle/s-pdf:latest
deploy:
resources:
limits:
memory: 4G
healthcheck:
test:
[
"CMD-SHELL",
"curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP' && curl -fL http://localhost:8080/ | grep -q 'Please sign in'"
]
interval: 5s
timeout: 10s
retries: 16
ports:
- 8080:8080
volumes:
- ./data:/usr/share/tessdata:rw
- ./config:/configs:rw
- ./logs:/logs:rw
labels:
traefik.enable: true
traefik.http.routers.stirling-pdf.rule: Host(`pdf.[REDACTED].com`)
environment:
DOCKER_ENABLE_SECURITY: true
SECURITY_ENABLELOGIN: true
SECURITY_OAUTH2_ENABLED: true
SECURITY_OAUTH2_AUTOCREATEUSER: true # This is set to true to allow auto-creation of non-existing users in Striling-PDF
SECURITY_OAUTH2_ISSUER: "https://auth.[REDACTED].com/application/o/stirling-pdf/" # Change with any other provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point
SECURITY_OAUTH2_CLIENTID: "[REDACTED]" # Client ID from your provider
SECURITY_OAUTH2_CLIENTSECRET: "[REDACTED]" # Client Secret from your provider
PUID: 1002
PGID: 1002
UMASK: "022"
SYSTEM_DEFAULTLOCALE: en-US
UI_APPNAME: Stirling-PDF
UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security
UI_APPNAMENAVBAR: Stirling-PDF Latest
SYSTEM_MAXFILESIZE: "100"
METRICS_ENABLED: "true"
SYSTEM_GOOGLEVISIBILITY: "false"
restart: on-failure:5
from stirling-pdf.
This seems to be caused by Mixed Content.
from stirling-pdf.
what reverse proxy are you all using, can any share their configs?
aaPanel reverse proxy.
from stirling-pdf.
Until these calls are resolved, you can add this line to your domain-ssl.conf :
# Add Content-Security-Policy to force use of HTTPS Header always set Content-Security-Policy "upgrade-insecure-requests;"
Then reload your apache2 configuration.
and for Nginx?
from stirling-pdf.
Using HAProxy on my OPNsense firewall and had the same issue when using it as a direct reverse proxy.
I solved it by using a nginx container as a reverse proxy directly before HAProxy.
So this is my file architecture for Docker :
./stirling-pdf/
|-- docker-compose.yaml
`-- nginx
|-- default.conf
|-- dockerfile
`-- ssl
|-- gen-ssl.sh
|-- server.crt
`-- server.key
docker-compose.yaml file :
version: '3.3'
services:
stirling-pdf:
image: frooodle/s-pdf:latest
networks:
- stirling-net
volumes:
- ./configs/trainingData:/usr/share/tessdata #Required for extra OCR languages
- ./configs/extraConfigs:/configs
# - /location/of/customFiles:/customFiles/
- ./logs:/logs/
environment:
- DOCKER_ENABLE_SECURITY=true
- INSTALL_BOOK_AND_ADVANCED_HTML_OPS=true
- LANGS=fr-FR
restart: unless-stopped
nginx:
networks:
- stirling-net
build:
context: ./nginx
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./nginx/ssl:/etc/nginx/ssl
ports:
- '1198:443'
restart: unless-stopped
networks:
stirling-net:
default.conf for nginx :
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://stirling-pdf:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
dockerfile for nginx :
FROM nginx
COPY default.conf /etc/nginx/conf.d/default.conf
And for lazy people like me, an SSL generator script (gen-ssl.sh) :
#!/bin/bash
IP="stirling"
SUBJECT_NGINX="/C=FR/ST=France/L=Paris/O=btw/OU=CA/CN=${IP}"
function generate_nginx () {
echo "$SUBJECT_NGINX"
openssl req -x509 -nodes -days 3685 -newkey rsa:2048 -subj "$SUBJECT_NGINX" -keyout server.key -out server.crt
}
generate_nginx
Okay that solution is ugly because it uses 2 reverse proxy which is not the best, but it works and is really secure because nobody will be able to access your Stirling service with HTTP but only with HTTPS.
from stirling-pdf.
I am using NginX Proxy Manager and have no idea how to fix it with that.
What is strange is that it was working until I redployed the container.
from stirling-pdf.
I rolled back to frooodle/s-pdf:0.23.1 and all is well again.
from stirling-pdf.
I have the same problem in google chrome. In safari it works fine. Not so a restrictive Content-Security-Policy ckeck in Browser :-) Please replace the HTTP requests in your code.
from stirling-pdf.
Any update?
HTTP is working fine from http://154.12.224.81:8001
HTTPS is still not working https://pdf.shinetechpro.com
new container start with new image.
from stirling-pdf.
Can someone try the image
latest-test
and see if that produces any different result after clearing cache etc too
from stirling-pdf.
Pulled the latest image and restarted it under my reverse proxy (Apache) and it looks exactly as expected now (and I forgot to clear the cache) -so one of those changes seems to have done the trick!
from stirling-pdf.
did like 4 changes now to figure out which did it! haha
from stirling-pdf.
latest-test2
Can you test this, should let me know which change was cause
from stirling-pdf.
After cache clear? :P
from stirling-pdf.
Let me wait for one more user to test both these images latest-test2
first ideally
and then ill merge
from stirling-pdf.
I'm using 0.24.5, the login page now looks okay, but I'm still getting errors:
Plus, single sign on with Azure Entra is not working either, there still seems to be a problem with the https URL:
AADSTS50011: The redirect URI 'http://pdf.haarhoff.eu:443/login/oauth2/code/oidc' specified in the request does not match the redirect URIs configured for the application
from stirling-pdf.
I'm using 0.24.5, the login page now looks okay, but I'm still getting errors:
Plus, single sign on with Azure Entra is not working either, there still seems to be a problem with the https URL:
AADSTS50011: The redirect URI 'http://pdf.haarhoff.eu:443/login/oauth2/code/oidc' specified in the request does not match the redirect URIs configured for the application
That's another mistake.
from stirling-pdf.
Great it works now fine. The Bug is solved
App Version: 0.24.5
Enviroment: Container, Nginx Proxy Manager and https
I do not use the login page in pdf; i take the logon with nginx proxy manager
Thanks
from stirling-pdf.
Thanks for that, working like a dream :)
from stirling-pdf.
Related Issues (20)
- [Bug]: PDF to image conversion incorrect with different page sizes (One Big Image) HOT 2
- [enhancement ]: Stamp feature to support custom fonts HOT 3
- [Bug]: PDFs that are indigestible to OCRmyPDF cause error messages HOT 4
- Request survey translation HOT 3
- [Bug]: Convert does not work (show finished job) with Vivaldi Browser HOT 1
- [Feature Request]: Autorename to edit file name HOT 1
- [Bug]: `Extract Pages` produce output pdf of same size
- [Bug]: When synchronizing the browser settings to the database SQL Error: 22001, SQLState: 22001
- [Bug]: Problem converting pdf to doc. HOT 2
- [Bug]: Missing description for Split function in top bar HOT 2
- [Bug]: Problem using Cleanup Scans/OCR HOT 1
- [Feature Request]: New Enviroment Variable for `Unix Socket` HOT 1
- [Feature Request]: Migrate Conversion tools into single tool for clearer UI
- [Feature Request]: sortable home page
- [Feature Request]: HTTP2 support and guides
- [Bug]: Compressing PDF HOT 2
- [Feature Request]: google-symbol.woff2 font is too large
- [Feature Request]: Set paper size
- [Bug]: Change Metadata does not display every field
- [Bug]: Poor Pen control when drawing using HP Spectre x360 - seems to want to draw lines connecting separate inputs, with a scrolling error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stirling-pdf.