redirect conundrum

Register or login to post to the forum.
03 Aug, 2016 14:22

It almost works. Dockerized Tendenci in an Alpine-based container supported by bog-standard PostgreSQL and memcached running in separate containers. But there's the redirect problem, no doubt caused by some configuration SNAFU of mine.

For example, using Boomerang Theme Bootstrap3 and logged in as superuser I browse to <myDockerIP>/dashboard on the host and click 'Clear Cache BIG TIME' everything looks good. If I then reload the page, several images vanish:

Looky here: https://drive.google.com/open?id=0B2X6HK3yIXaRSTlCREJia2ZLZ0U

Pasting the broken image url (http://<myDockerIP>/files/5/60x30/crop/90/) into my address bar, I'm redirected to http://127.0.0.1:8080/media/cached/files/5/60x30/crop/90/logo.png.jpg. Needless to say, since I have no sever running on my host, this request has my browser complaining "The site can't be reached."

This rewriting happens with nginx/gunicorn/tendenci or with the first two components hacked off and using just the test server: "manage.py runserver <myDockerIP>:80".

I would appreciate someone pointing me in the right direction.

Edited 03 Aug, 2016 14:31
04 Aug, 2016 20:20

I found something. Memcached/Django is apparently borked. Disable it in local_settings.py:

MEMCACHED_ENABED = False

and the symptoms go away. I thought perhaps it was because I was running Memcached in its own container, separate from Django/Tendenci, but I installed it in the same container, changed the LOCATION to 127.0.0.1:11211, reenabled it, and the symptoms reappeared. Two other possibilities: Tendenci uses caching in some special way (but I doubt it), or Alpine Linux is different from Ubuntu (seems unlikely, but maybe).

Does demo.tendenci.com use memcached? It does not exhibit the bad behavior.

23 Aug, 2016 22:54

@gccfla - demo.tendenci.com is indeed running in a docker container with memcached. Have you looked at docker-gen by jwilder?

https://github.com/jwilder/docker-gen

which installs with (check the site for the latest version) docker run -d -p 80:80 --name nginx -v /tmp/nginx:/etc/nginx/conf.d -t nginx

Then be sure to lock that server to your private ip block (e.g. 10.10.10.5) and use an nginx reverse proxy with psad or ossec, etc, installed. And don't forget apparmor.

One thing to look out for on dockers is "docker-engine" which counts on using the "OverlayFS" file system. I had zero luck installing the 4.x kernel on 14.04 but it works fine on 16.04 ubuntu. Then you have to reconfigure your "units" for the docker systemd but it's proven to be very stable so far. (but again, EVERYTHING coming out of our network is lying about something, either the error, some data between the proxy, the version, etc... headers are just the ticket to make things more fun.)

I hope this helps!

23 Aug, 2016 22:59

If you do have other questions - output from a few lines like these would be helpful

sudo su docker info docker info <containerid> apt-get install apparmor (on host) aa-status <output> and your config file for memcache. And don't forget logged in as a super user there is the "clear cache" on the "support" menu at the top. Or you can stop and start the container in a worst case scenario.

Lastly - "DummyCache" is great for developing.

Oh, and yes I realize that all of the submissions to docker.io hub are poorly set up, I just haven't been able to wrap my brain around docker-swarm and node connections between containers and volumes for data persistence. It's in flux imho given docker is still installing aufs on 16.04 by default instead of overlayfs. I wish they'd play nicer together - we just want to write code and not spend all day on devops and security. smile

23 Aug, 2016 23:04

One more item @gccfla - first things first - check your site settings.

https://demo.tendenci.com/settings/site/global/

These in particular

Site URL: - MUST use FQDN with protocol (e.g. http://demo.tendenci.com including the "http://") seo --> Search Engine Visibility (robots.txt): on or off - BIG DEAL Physical address - skip it and email won't get delivered Email addresses - use role accounts like "hostmaster@example.org" - we do this by making groups, then aliases for the groups, and adding ourselves to it. This allows us to take vacations every once in a while.

I'll check back. Details and logs are extremely helpful as well.