Solved

Trouble with Docker image

  • 12 September 2023
  • 11 replies
  • 217 views

Badge

The Docker containers are deployed on this page: https://docs.thinkwisesoftware.com/docs/deployment/container_deployment_docker_compose

The Indicum container is connected to the database (it is managed in the logs) and the Universal container is also connected in the logs and warnings are given for errors.

I've tried many things in YAML including ENABLE_REVERSE_PROXY and FALSE which says "404 page not found".

Please help!

This is my YAML (but apparently also with the standard and with just about all possible current ones).

 

Original in Dutch - Above translated:

Ik heb de Docker containers gedeployed zoals op deze pagina:   
https://docs.thinkwisesoftware.com/docs/deployment/container_deployment_docker_compose

De Indicum container heeft connectie met de database (heb ik gecontroleerd in de logs) en ook de Universal container geeft in de logs geen warnings of errors aan.

Ik heb in de YAML veel dingen geprobeerd zoals de ENABLE_REVERSE_PROXY op FALSE te zetten, maar wat ik ook doe, ik krijg in de browser altijd "404 page not found".

Graag hulp!

Dit is mijn huidige YAML (maar heb dus ook geprobeerd met de default en met zo ongeveer alle mogelijk aanpassingen).


---
version: "3.8"
services:
  proxy:
    image: traefik
    ports:
      - 80:80
      - 443:443
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"

  universal:
    image: registry.thinkwisesoftware.com/public/universal:${TAG}
    environment:
      - SERVICE_URL=https://localhost/indicium/iam/iam
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`localhost`)"
      - "traefik.http.routers.frontend.tls=true"

  indicium:
    image: registry.thinkwisesoftware.com/public/indicium:${TAG}
    environment:
      - SQL_SERVER=${SQL_SERVER}
      - SQL_DATABASE=${SQL_DATABASE}
      - SQL_USERNAME=${SQL_USERNAME}
      - SQL_PASSWORD=${SQL_PASSWORD}
      - ENABLE_REVERSE_PROXY=true
      - ALLOWED_HEADERS=All
      - DEFAULT_APPLICATION=TWSONLINE_NET
      - TRUSTED_NETWORKS=0.0.0.0/0
      - EXTERNAL_PATH_BASE=/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.backend.rule=(Host(`localhost`) && PathPrefix(`/indicium`))"
      - "traefik.http.middlewares.backend.stripprefix.prefixes=/indicium"
      - "traefik.http.routers.backend.middlewares=backend"
      - "traefik.http.routers.backend.tls=true"

 

icon

Best answer by Leon Kroon 13 September 2023, 17:44

View original

This topic has been closed for comments

11 replies

Hi @techniekwebshop , a few things to try:

  • Are you able to reach Indicium when you add port mapping to the Indicium service in the compose file? This can be achieved by the following example, this will map port 8080 externally to port 80 of the container:
    ports:

        - 8080:80

     
  • On what device are you trying to reach the deployed containers, the described setup will only work when accessing it on your own machine.
Badge

Hi Leon,

  • I can reach Inidicum on 8080
  • I am trying to reach the machine with the Docker images from an external machine, but I have all the ports accessible, like you can see with the below Indicium screenshot.

 

 

Hi @techniekwebshop, the reverse proxy used in the example (and in the configuration you used) only routes traffic coming from the domain localhost to the backend containers, traffic coming from any other source will not get routed. How to route incoming traffic is configured with labels for the Indicium and Universal service called traefik.http.routers.<routername>.rule= .

The documentation was updated very recently to add the ability to specify a hostname or IP address through the .env file, this might solve the issue.

It is also possible to manually edit the docker-compose.yaml file by replacing the entries at all labels containing localhost with the hostname or IP address to your liking.

 

I also noticed you are running an older version of Indicium against the current metasource version. I would recommend using a newer version of Indicium by changing the used tag.

Badge

Great! I have it working now, but I get a lot of errors in the Universal GUI not loading data.

The first think I would like to get right is to add a working SSL certificate so that the background workers of Universal won't give an error message.

But I can't get SSL to work. I tried the following (between the stars is the folder/filename of the host machine where the certificates are located):

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.backend.rule=(Host(`${EXTERNAL_HOST}`) && PathPrefix(`/indicium`))"
      - "traefik.http.middlewares.backend.stripprefix.prefixes=/indicium"
      - "traefik.http.routers.backend.middlewares=backend"
      - "traefik.http.routers.backend.tls=true"
      - "traefik.http.routers.backend.certFile=*pathtocertfile*.cert"
      - "traefik.http.routers.backend.keyFile=*pathtokeyfile*.key"

Hi @techniekwebshop, I have not tested this, but I suspect the path you specify in certFile and keyFile need to exist inside the running Traefik container and not on the host machine. This can be solved with a volume/path mapping for the Traefik service.

It also is possible to add the following to the Traefik service for extra logging output:
command:

      - "--log.level=DEBUG"

Badge

It worked, thanks! I set it up succesfully with Let's Encrypt. But the problem I had stayed unfortunately. It loads the Universal GUI including the menu's, but loading any comonent always fails.

The application works perfectly in our default Windows environment by the way.

I get errors like below. Is there any way to debug what's causing the errors?

 

 

Great to hear you got it working!

As for the http code occurring with Indicium, I assume the certificates are applied for both the Universal and Indicium service. Are the used versions for the Metasource, Universal and Indicium the same? According to your previous screenshot, they should all be on version 2023.2.

Badge

You assume correctly. I added the certresolver to both Universal and Indicium. 

I used TAG=latest so these are the latest versions, but I can't find out the actual version with ‘docker inspect’

Currently, version 2023.2.12 for both Universal and Indicium are tagged with latest. Our most recent releases are always tagged with `latest`.

For as far as I know, there is no simple way to see which version is used with the tag `latest` other than comparing the SHA256 hashes of each image and see which tags match the hash. I would not recommend spending too much time on this, since there is a simpler way.

The simplest way to see the version of the tag `latest` is by navigating to the running instances. For example, check the Indicium page which version number it displays.
Keep in mind that Docker (and Docker Compose) first require a pull (e.g. docker compose pull and then docker compose up -d) to ensure the tag `latest` still matches the actual latest version available on the remote registry.

As for the error(s) in Indicium, these end up in the logfiles, which are located in the directory `/opt/indicium/Logs`. The easiest way to access these logfiles is with a path mapping, for example ./logs:/opt/indicium/Logs.

Badge

I get the following error stating it can not make a connection to the database. Which is weird because I can login to the application and see the full menu. Just can't load the components.

I my .ENV I use a remote IP-adres and the IAM database.

I also tried disabling the entire firewall in front of the database server, didn't make a difference.

 

2023-09-27T14:51:54.4593861+00:00 0HMTVD4RTLBUJ:00000006 [ERR] An unhandled exception occurred while processing the request. (ffba027a)
Microsoft.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server: Could not open a connection to SQL Server)

Full stacktrace:

2023-09-27T14:51:54.4593861+00:00 0HMTVD4RTLBUJ:00000006 [ERR] An unhandled exception occurred while processing the request. (ffba027a)
Microsoft.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 40 - Could not open a connection to SQL Server: Could not open a connection to SQL Server)
   at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
   at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnectionString connectionOptions, Boolean withFailover)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
   at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool)
   at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions)
   at Microsoft.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
   at Microsoft.Data.ProviderBase.DbConnectionPool.WaitForPendingOpen()
--- End of stack trace from previous location ---
   at Indicium.Data.SQLServer.Helpers.TSFSqlConnectionHelper.createOpenedSqlConnection(DbConnectionInfo connectionInfo, IConnectionCredentials credentials, TSFApplication application, TSFUserContext userContext, TSFMessageHandler messageHandler) in C:\azp\agent\_work\1\s\src\Data\Indicium.Data.SQLServer\Helpers\TSFSqlConnectionHelper.cs:line 123
   at Indicium.Data.SQLServer.Helpers.TSFSqlConnectionHelper.CreateOpenedSqlConnection(TSFApplication application, IConnectionCredentials credentials, TSFUserContext userContext, TSFMessageHandler messageHandler, Func`3 tsfSendProgressHandler) in C:\azp\agent\_work\1\s\src\Data\Indicium.Data.SQLServer\Helpers\TSFSqlConnectionHelper.cs:line 97
   at Indicium.Shared.Telemetry.ServerTimings.ServerTimingsBuilder.Capture[T](String key, Func`1 action) in C:\azp\agent\_work\1\s\src\Indicium.Shared\Telemetry\ServerTimings\ServerTimingsBuilder.cs:line 62
   at Indicium.Data.Shared.TSFDbDataProvider.GetDataReader(SelectQuery query) in C:\azp\agent\_work\1\s\src\Data\Indicium.Data.Shared\TSFDbDataProvider.cs:line 214
   at Indicium.Shared.Telemetry.ServerTimings.ServerTimingsBuilder.Capture[T](String key, Func`1 action) in C:\azp\agent\_work\1\s\src\Indicium.Shared\Telemetry\ServerTimings\ServerTimingsBuilder.cs:line 62
   at Indicium.Controllers.TableController.GetResourceSet(SelectQuery query, IEdmNavigationSource navigationTarget, HashSet`1 eagerFileColumns, List`1 resourceSelectColumns, String serverTimingName) in C:\azp\agent\_work\1\s\src\Indicium\Controllers\TableController.cs:line 247
   at Indicium.Controllers.TableController.Get(Boolean requestedAsync) in C:\azp\agent\_work\1\s\src\Indicium\Controllers\TableController.cs:line 172
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Indicium.Extensions.ApplicationBuilderExtensions.<>c.<<SameSiteOpenIDConnectInterceptor>b__0_0>d.MoveNext() in C:\azp\agent\_work\1\s\src\Indicium\Extensions\ApplicationBuilderExtensions.cs:line 57
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Indicium.Middleware.Security.AuthenticationHeadersMiddleware.InvokeAsync(HttpContext context) in C:\azp\agent\_work\1\s\src\Indicium\Middleware\Authentication\AuthenticationHeadersMiddleware.cs:line 48
   at Indicium.Middleware.Security.SecurityHeadersMiddleware.InvokeAsync(HttpContext context, ContentSecurityPolicyBuilder cspBuilder) in C:\azp\agent\_work\1\s\src\Indicium\Middleware\Security\SecurityHeadersMiddleware.cs:line 55
   at Indicium.Middleware.Messages.TSFMessagesMiddleware.Invoke(HttpContext context, IRootApplicationLoader rootApplicationLoader, TSFRequestContext requestContext) in C:\azp\agent\_work\1\s\src\Indicium\Middleware\Messages\TSFMessageMiddleware.cs:line 45
   at Indicium.Middleware.Telemetry.ServerTimings.ServerTimingsMiddleware.InvokeAsync(HttpContext context, ServerTimingsBuilder serverTimingsBuilder) in C:\azp\agent\_work\1\s\src\Indicium\Middleware\Telemetry\ServerTimings\ServerTimingsMiddleware.cs:line 43
   at Indicium.Middleware.ExceptionHandlingMiddleware.Invoke(HttpContext context, TSFRequestContext requestContext) in C:\azp\agent\_work\1\s\src\Indicium\Middleware\ExceptionHandlingMiddleware.cs:line 87
ClientConnectionId:00000000-0000-0000-0000-000000000000


 

Userlevel 7
Badge +5

If you can login to the application but you cannot open any screens, it is safe to assume that the IAM database is reachable but the product database is not, using the provided credentials.

Please verify the server and database name defined for your application in IAM itself.

You should be able to access the IAM application, given that it always runs on the same server and database as Indicium is initialized on.