[GeoNode-users] cloudflare tunnel geonode
Jan Willem van der Lichte
jwgvanderlichte at gmail.com
Thu Jan 11 03:59:33 PST 2024
Hi Henning, list
First of all, thank for your response.
I try to describe what i have done.
I created an Ubuntu server in my home network with ip 192.168.178.69
Installed docker and geonode following these instructions
https://docs.geonode.org/en/4.1.x/install/advanced/core/index.html#install-the-docker-and-docker-compose-packages-on-a-ubuntu-host
In the .env file i replaced all localhost with 192.168.178.69
I can enter the geonode site on http://192.168.178.69
so far so good
Now I want to expose this site to the internet.
Therefor I use cloudflare-docker
First of all I created a docker network:
docker network create -d bridge tunnel
Next I created the cloudflare docker with this docker-compose.yml file.
docker-compose.yml for cloudflare
####################
version: '3.9'
networks:
tunnel:
external: true
services:
cloudflaretunnel:
container_name: cloudflaretunnel
image: cloudflare/cloudflared:latest
restart: unless-stopped
environment:
- TUNNEL_TOKEN=$TUNNEL_TOKEN
command: tunnel --no-autoupdate run
networks:
- tunnel
########################
The tunneltoken is an environment variable.
To test if my cloudflare tunnel works, i created an rstudio docker to
expose to the interval
The compose file I used was:
docker-compose.yml for rstudio
##########################
version: '3'
networks:
tunnel:
external: true
services:
geocompx:
image: ghcr.io/geocompx/docker:qgis
container_name: rstudio
restart: always
environment:
- USER=rstudio
- PASSWORD=blablabla
- ROOT=TRUE
ports:
- 8786:8787
volumes:
- geocompxdata:/home/rstudio/data
networks:
- tunnel
volumes:
share:
external: true
geocompxdata:
driver: local
driver_opts:
o: bind
type: none
device: /home/geonode/docker/rstudio/data
#########################
I can connect my homeserver to a publichostname now. The tunnel declaration
in the yml file is needed.
After this I tried to modify the geonode docker-compose.yml as downloaded
from their github
I added the networks at the top and in every service
#########################
version: '3.9'
networks:
tunnel:
external: true
# Common Django template for GeoNode and Celery services below
x-common-django:
&default-common-django
image: geonode/geonode:4.0
restart: on-failure
env_file:
- .env
volumes:
# - '.:/usr/src/geonode'
- statics:/mnt/volumes/statics
- geoserver-data-dir:/geoserver_data/data
- backup-restore:/backup_restore
- data:/data
- tmp:/tmp
depends_on:
db:
condition: service_healthy
geoserver:
condition: service_healthy
networks:
- tunnel
services:
# Our custom django application. It includes Geonode.
django:
<< : *default-common-django
build:
context: ./
dockerfile: Dockerfile
container_name: django4${COMPOSE_PROJECT_NAME}
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n'
--output /dev/null http://127.0.0.1:8001/"
start_period: 60s
interval: 60s
timeout: 10s
retries: 10
environment:
- IS_CELERY=False
entrypoint: ["/usr/src/geonode/entrypoint.sh"]
command: "uwsgi --ini /usr/src/geonode/uwsgi.ini"
networks:
- tunnel
# Celery worker that executes celery tasks created by Django.
celery:
<< : *default-common-django
image: geonode/geonode:4.0
container_name: celery4${COMPOSE_PROJECT_NAME}
depends_on:
- django
environment:
- IS_CELERY=True
entrypoint: ["/usr/src/geonode/entrypoint.sh"]
command: "celery-cmd"
networks:
- tunnel
# Nginx is serving django static and media files and proxies to django
and geonode
geonode:
image: geonode/nginx:4.0
build: ./scripts/docker/nginx/
container_name: nginx4${COMPOSE_PROJECT_NAME}
environment:
- HTTPS_HOST=${HTTPS_HOST}
- HTTP_HOST=${HTTP_HOST}
- HTTPS_PORT=${HTTPS_PORT}
- HTTP_PORT=${HTTP_PORT}
- LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
- RESOLVER=127.0.0.11
ports:
- "${HTTP_PORT}:80"
- "${HTTPS_PORT}:443"
volumes:
- nginx-confd:/etc/nginx
- nginx-certificates:/geonode-certificates
- statics:/mnt/volumes/statics
restart: on-failure
networks:
- tunnel
# Gets and installs letsencrypt certificates
letsencrypt:
image: geonode/letsencrypt:4.0
build: ./scripts/docker/letsencrypt/
container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
environment:
- HTTPS_HOST=${HTTPS_HOST}
- HTTP_HOST=${HTTP_HOST}
- ADMIN_EMAIL=${ADMIN_EMAIL}
- LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
volumes:
- nginx-certificates:/geonode-certificates
restart: on-failure
networks:
- tunnel
# Geoserver backend
geoserver:
image: geonode/geoserver:2.23.0
container_name: geoserver4${COMPOSE_PROJECT_NAME}
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n'
--output /dev/null http://127.0.0.1:8080/geoserver/ows"
start_period: 60s
interval: 60s
timeout: 10s
retries: 10
env_file:
- .env
volumes:
- statics:/mnt/volumes/statics
- geoserver-data-dir:/geoserver_data/data
- backup-restore:/backup_restore
- data:/data
- tmp:/tmp
restart: on-failure
depends_on:
db:
condition: service_healthy
data-dir-conf:
condition: service_healthy
networks:
- tunnel
data-dir-conf:
image: geonode/geoserver_data:2.23.0
container_name: gsconf4${COMPOSE_PROJECT_NAME}
entrypoint: sleep infinity
volumes:
- geoserver-data-dir:/geoserver_data/data
restart: on-failure
healthcheck:
test: "ls -A '/geoserver_data/data' | wc -l"
networks:
- tunnel
# PostGIS database.
db:
# use geonode official postgis 13 image
image: geonode/postgis:13
command: postgres -c "max_connections=${POSTGRESQL_MAX_CONNECTIONS}"
container_name: db4${COMPOSE_PROJECT_NAME}
env_file:
- .env
volumes:
- dbdata:/var/lib/postgresql/data
- dbbackups:/pg_backups
restart: on-failure
healthcheck:
test: "pg_isready -d postgres -U postgres"
networks:
- tunnel
# uncomment to enable remote connections to postgres
#ports:
# - "5432:5432"
# Vanilla RabbitMQ service. This is needed by celery
rabbitmq:
image: rabbitmq:3.7-alpine
container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
volumes:
- rabbitmq:/var/lib/rabbitmq
restart: on-failure
networks:
- tunnel
volumes:
statics:
name: ${COMPOSE_PROJECT_NAME}-statics
nginx-confd:
name: ${COMPOSE_PROJECT_NAME}-nginxconfd
nginx-certificates:
name: ${COMPOSE_PROJECT_NAME}-nginxcerts
geoserver-data-dir:
name: ${COMPOSE_PROJECT_NAME}-gsdatadir
dbdata:
name: ${COMPOSE_PROJECT_NAME}-dbdata
dbbackups:
name: ${COMPOSE_PROJECT_NAME}-dbbackups
backup-restore:
name: ${COMPOSE_PROJECT_NAME}-backup-restore
data:
name: ${COMPOSE_PROJECT_NAME}-data
tmp:
name: ${COMPOSE_PROJECT_NAME}-tmp
rabbitmq:
name: ${COMPOSE_PROJECT_NAME}-rabbitmq
#################
After this all conainers are connected with the tunnel network, but i get a
502 bad request
When i connect all containers also to the geonode_default network, there
are no changes: 502 bad request.
I hope this clarifies the problem a bit.
Thanks
Jan Willem
Op di 9 jan 2024 om 09:45 schreef Henning Bredel via geonode-users <
geonode-users at lists.osgeo.org>:
> Hey,
>
> I cannot give any advice on cloudflare, but it would be good to see the
> actual error you get and the whole docker-compose file you came up with
> after changing the network.
>
> Best
>
> Henning
>
> On 08.01.24 16:13, Jan Willem van der Lichte via geonode-users wrote:
> > Dear list,
> >
> > I've got a geonode 4 in docker running on my local network, and it is
> > working fine.
> > I would like to use a cloudflare tunnel to get it online.
> > But somehow i can't get it to work. Has anyone tried this with succes?
> >
> > If I (for example) use rstudioserver to get it tunneled to the internet
> > it works fine.
> > In this rstudio docker-compose.yml I add the networks option referring
> > to a created bridge network called tunnel.
> > In the services I refer to this, see below
> >
> > version: '3'
> > networks:
> > tunnel:
> > external: true
> >
> > services:
> > geocompx:
> > image: ghcr.io/geocompx/docker:qgis
> > <http://ghcr.io/geocompx/docker:qgis>
> > container_name: rstudio
> > restart: always
> > environment:
> > - USER=rstudio
> > - PASSWORD=blablabla
> > - ROOT=TRUE
> > ports:
> > - 8786:8787
> > volumes:
> > - geocompxdata:/home/rstudio/data
> > networks:
> > - tunnel
> >
> > If I do the same in the geonode docker-compose.yml, it gives errors.
> > and geonode fails to start.
> >
> > I'm a novice at this so probably I miss something, but I haven't got a
> > clue at the moment
> > Any advice is welcome :-)
> >
> > Thanks,
> >
> > Met groet,
> > Jan Willem
> >
> >
> > _______________________________________________
> > geonode-users mailing list
> > geonode-users at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/geonode-users
>
> --
> Henning Bredel
> 52°North Spatial Information Research GmbH
> Martin-Luther-King-Weg 24
> 48155 Münster, Germany
> E-Mail: h.bredel at 52north.org
> http://52north.org/
> Twitter: @FiveTwoN
> Managing Directors:
> Dr. Benedikt Gräler, Dr. Simon Jirka, Matthes Rieke
> Local Court Muenster HRB 10849
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
--
Met groet,
Jan Willem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20240111/be8db602/attachment.htm>
More information about the geonode-users
mailing list