ClearFlask
FeedbackRoadmapChangelog
sautner
      
Accepted
   

No image running self-host behind reverse proxy

We are evaluating using ClearFlask running self-host behind nginx reverse proxy.
Images are uploaded to localstack, but are not rendered after. There is only this error on logs:
INFO  c.s.c.web.security.Sanitizer - HTML Policy violation(s) for proapplications-aom comment id testing--yovks, element-attribute violations(s): {img=[]}
It's possible to use localstack (S3) without exposing this service? Considering S3ContentStore$Config.proxyEnabled=true

connect.config.json

Changed values
    "disableAutoFetchCertificate": true,
    "forceRedirectHttpToHttps": true,
    "parentDomain": "domain.site",

config-selfhost.cfg

Changed values
com.smotana.clearflask.web.Application$Config.domain=domain.site
com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure=true
Unchanged values
# S3 object storage or equivalent
# If using real S3, comment out serviceEndpoint, signingRegion, proxyEnabled and proxyResolveTo
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.serviceEndpoint=http://s3.localhost.localstack.cloud:4566
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.signingRegion=us-east-1
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.dnsResolverTo=localstack
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.productionRegion=us-east-1
# For real S3, use this value as hostname: <bucket_name>.s3.amazonaws.com
com.smotana.clearflask.store.impl.S3ContentStore$Config.hostname=local-upload.s3.localhost.localstack.cloud:4566
com.smotana.clearflask.store.impl.S3ContentStore$Config.bucketName=local-upload
com.smotana.clearflask.store.impl.S3ContentStore$Config.scheme=http
com.smotana.clearflask.store.impl.S3ContentStore$Config.createBucket=true
# Set to true if your S3 service is publicly accessible for pre-signed urls
# as in, if you are using real S3, set to false, if you are using localstack, set to true
com.smotana.clearflask.store.impl.S3ContentStore$Config.proxyEnabled=true
com.smotana.clearflask.store.impl.S3ContentStore$Config.proxyResolveTo=localstack

docker-compose.yml

Changed values
services:
  clearflask-connect:
    ports:
      - 127.0.0.1:9080:9080
      - 127.0.0.1:9443:9443
Localstack are with default settings:
   image: localstack/localstack:0.14.3
    expose:
      - 4566
      - 4571
    environment:
      - DEFAULT_REGION=us-east-1
      - LOCALSTACK_HOSTNAME=localstack
      - HOSTNAME_EXTERNAL=localstack
      - SERVICES=dynamodb,ses,s3
      - LS_LOG=warn
      - START_WEB=0
      - USE_SSL=0
      - FORCE_NONINTERACTIVE=true
      - DATA_DIR=/tmp/localstack/data
      - LEGACY_PERSISTENCE=1
    volumes:
      - ./data/localstack:/tmp/localstack

nginx config

    location / {
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_pass http://127.0.0.1:9080;
    }
I use ClearFlask on:
  • [x] Self-hosted (Own domain)
  • [ ] Cloud (clearflask.com)
  • [ ] Haven't tried (yet)
My financial contributions to ClearFlask:
  • [x] I use a free Plan
  • [ ] Thinking about it
  • [ ] Monthly / Yearly Plan
  • [ ] Lifetime Plan
I'd be willing to implement this feature:
  • [x] Yes
Issue #151
Powered by 
ClearFlask