MFE - ALLOWED_HOSTS error

I tried to enable the mfe pages (account / gradebook / profile) after installing tutor lilac by:

tutor images build mfe account
tutor images build mfe gradebook
tutor images build mfe profile

After this, I stopped and restarted tutor.

I use an apache proxy (relevant settings: NGINX_HTTP_PORT: 444 / RUN_CADDY: false), but after trying to access e.g. the account page with:

https://apps.domain-redacted.com/account

I get an error in the log:

cms_1               | 2021-06-11 12:57:40,728 ERROR 128 [django.security.DisallowedHost] [user None] [ip 89.115.168.47] exception.py:75 - Invalid HTTP_HOST header: 'apps.domain-redacted.com'. You may need to add 'apps.domain-redacted.com' to ALLOWED_HOSTS.

Please can you give me an idea where I have to configure this?

For completeness, here my apache configuration (with domain redacted) - first a bunch of redirects from http »» https, some configuration for other software (iredadmin / roundcube / moodle) that runs under the same domain, finally the reverse proxy tutor config and the certificates. This works perfectly with all the subdomains, except ‘apps’ …

<VirtualHost *:80>
    ServerName domain-redacted.com
    Redirect / https://domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName preview.domain-redacted.com
    Redirect / https://preview.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName studio.domain-redacted.com
    Redirect / https://studio.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName mail.domain-redacted.com
    Redirect / https://mail.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName discovery.domain-redacted.com
    Redirect / https://discovery.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName ecommerce.domain-redacted.com
    Redirect / https://ecommerce.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName notes.domain-redacted.com
    Redirect / https://notes.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName minio.domain-redacted.com
    Redirect / https://minio.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName xqueue.domain-redacted.com
    Redirect / https://xqueue.domain-redacted.com/
</VirtualHost>
<VirtualHost *:80>
    ServerName apps.domain-redacted.com
    Redirect / https://apps.domain-redacted.com/
</VirtualHost>
<VirtualHost *:443>
    ServerName domain-redacted.com
    ServerAlias *.domain-redacted.com
    SSLEngine on

    WSGIDaemonProcess iredadmin user=iredadmin threads=15
    WSGIProcessGroup iredadmin
    WSGIScriptAlias /iredadmin /opt/www/iredadmin/iredadmin.py/
    Alias /iredadmin/static /opt/www/iredadmin/static/
    <Directory /opt/www/iredadmin/>
        Order deny,allow
        Allow from all
        Require all granted
    </Directory>

    Alias /webmail /srv/roundcube/
    <Directory /srv/roundcube/>
        Options FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    Alias /moodle /srv/moodle/www/
    <Directory /srv/moodle/www/>
        Options FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    RequestHeader set X-Forwarded-Proto https

    ProxyPreserveHost On
    ProxyRequests On
    ProxyPass /iredadmin !
    ProxyPass /iredadmin/static !
    ProxyPass /webmail !
    ProxyPass /moodle !
    ProxyPass / http://localhost:444/
    ProxyPassReverse / http://localhost:444/

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain-redacted.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain-redacted.com/privkey.pem
</VirtualHost>

Well as far as I could investigate, there’s no nginx mapping to the mfe apps… no idea how to access those mfe apps…

Any hope to get some help here? I’m not understanding, how to get MFE working… How to access MFE pages using a proxy server at the front. I see a port 2008, talks about k8s, but I’m not using k8s.

Try:

1. pip install tutor-mfe
2. tutor plugins activate mfe
3. tutor local quickstart

Yes I tried that multiple times… Problem is, I’m not running the site with Caddy, but under Apache. Reverse proxying to the nginx server in docker, which is not treating the MFE_HOST (apps.{lms domain}) URL. Please see my first post for details.

I see also in the logs (after tutor local quickstart) that the MFE stuff is being built and copied on deployment (webpack runs, zillions of npm packages are installed, etc. etc), also there’s a running docker container “tutor_local_mfe_1”.

And I even could login to it (docker exec -it tutor_local_mfe_1 ash), and see there a Caddyfile that makes appearantly caddy listening to port 8002.

What I don’t see anywhere in the nginx docker container (tutor_local_nginx_1), is some kind of proxying to this MFE caddy instance.

As I wrote above, I’m reverse proxying to the nginx instance, but maybe must I proxy all “apps.domain-redacted.com” queries to localhost:8002 ?? I don’t see that port exposed either in the docker status:

CONTAINER ID        IMAGE                                               
56d37e4b480bc....   docker.io/overhangio/openedx-mfe:12.0.0
COMMAND
"caddy run --config /etc/caddy/Caddyfile --adapter caddyfile"
CREATED      STATUS        PORTS
2 days ago   Up 27 hours   80/tcp, 443/tcp, 2019/tcp
NAMES
tutor_local_mfe_1

My actual config.yml looks like (all keys etc removed):

CMS_HOST: studio.domain-redacted.com
ENABLE_HTTPS: true
ID: enkHCttn1YGeR1sLphOLXfwk
LANGUAGE_CODE: es-419
LMS_HOST: domain-redacted.com
MFE_HOST: apps.domain-redacted.com
PLUGINS:
- android
- disallow_account_creation
- discovery
- ecommerce
- license
- mfe
- minio
- notes
- xqueue
RUN_CADDY: false
RUN_SMPT: true

Obs.: The parameter “MFE_HOST” I had to add manually on upgrade from koa, as not even “tutor plugin activate mfe” adds this parameter to config.yml.

What I suppose is lacking (with RUN_CADDY: false) is, a link between the MFE instance and the nginx instance inside nginx config, so URL’s starting with “http://apps.domain-redacted.com” are forwarded correctly to this MFE instance.

Trying to be more clear still:

In the running nginx docker container (“tutor_local_nginx_1”), I see in the file

/etc/nginx/conf.d/extra.conf

configurations like:

# MinIO public service
upstream minio-backend {
    server minio:9000 fail_timeout=0;
}
server {
  listen 80;
  server_name minio.domain-redacted.com;

  # Disables server version feedback on pages and in headers
  server_tokens off;

  client_max_body_size 0;

  location / {
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://minio-backend;
  }
}

that make perfectly sense: minio in the docker container listens on port 9000, and my external URL “https://minio.domain-redacted.com” connects without problems with the minio console.

But there is nothing in /etc/nginx/conf.d/*.conf to connect “https://apps.domain-redacted.com” to the MFE frontends running in Caddy!

So it’s absolutely logical that I get a “Bad Request (400)” error on URL’s like “https://apps.domain-redacted.com/profile/u/edx-admin”

I haven’t used the MFE’s yet, but would the host name be “mfe” and not apps? I was looking at: tutor-mfe/caddyfile at master · overhangio/tutor-mfe · GitHub

No I don’t think so… even if you leave out the MFE_HOST parameter from config.yml, you’ll see after logging in on the LMS dashboard, that the URL for the profile in the dropdown (upper right) is like https://apps.domain.com/profile/u/username … same like is written in the documentation of tutor-mfe

Ah ok. I wasn’t sure if that was the publicly accessible name, but mfe being the internal name for the containers.

See Local deployment - webproxy - #2 by insad for a plugin that solves this problem.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.