Can't access indico when using HTTPS through nginx

1

I’m running Indico in development mode on Ubuntu 22.04 instance installed on the Oracle cloud. I follow the instruction in the Indico documentation to configure the Nginx as a proxy server.
I got a domain name from Freenom and pointed the domain to the public IP of the Ubuntu instance but still can’t access the Indico.

the indico.conf

# General settings
SQLALCHEMY_DATABASE_URI = 'postgresql:///indico'
SECRET_KEY = b'<removed>'
BASE_URL = 'http://127.0.0.1:8000'
CELERY_BROKER = 'redis://127.0.0.1:6379/0'
REDIS_CACHE_URL = 'redis://127.0.0.1:6379/1'
DEFAULT_TIMEZONE = 'Asia/Kuala_Lumpur'
DEFAULT_LOCALE = 'en_US'
ENABLE_ROOMBOOKING = True
CACHE_DIR = '/home/ubuntu/dev/indico/data/cache'
TEMP_DIR = '/home/ubuntu/dev/indico/data/tmp'
LOG_DIR = '/home/ubuntu/dev/indico/data/log'
STORAGE_BACKENDS = {'default': 'fs:/home/ubuntu/dev/indico/data/archive'}
ATTACHMENT_STORAGE = 'default'

# Email settings
SMTP_SERVER = ('smtp.gmail.com', 587)
SMTP_USE_TLS = True
SMTP_LOGIN = 'indico.ideria@gmail.com'
SMTP_PASSWORD = '<removed>'
SUPPORT_EMAIL = 'qudoren@gmail.com'
PUBLIC_SUPPORT_EMAIL = ''
NO_REPLY_EMAIL = 'qudoren@gmail.com'

# Development options
DB_LOG = True
DEBUG = True
SMTP_USE_CELERY = False
USE_PROXY = True

nginx.conf

user ubuntu users;
worker_processes 4;
error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;

events {
    worker_connections 1024;
    use epoll;
}

http {
    access_log off;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout   75 20;
    types_hash_max_size 2048;
    ignore_invalid_headers on;

    connection_pool_size 256;
    client_header_buffer_size 10k;
    large_client_header_buffers 4 20k;
    request_pool_size 4k;
    client_max_body_size 2048m;

    proxy_buffers 32 32k;
    proxy_buffer_size 32k;
    proxy_busy_buffers_size 128k;

    gzip on;
    gzip_min_length 1100;
    gzip_buffers 4 8k;
    gzip_types text/plain text/css application/x-javascript;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    server {
        listen [::]:80 ipv6only=off;
        server_name ideria-indico.cf;

        access_log /var/log/nginx/acme.access_log combined;
        error_log /var/log/nginx/acme.error_log info;

        root /var/empty;

        return 302 https://$server_name$request_uri;
    }

    server {
        listen [::]:443 ipv6only=off http2;
        server_name ideria-indico.cf;

        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
        ssl_prefer_server_ciphers on;
        ssl_certificate /home/ubuntu/acme.crt;
        ssl_certificate_key /home/ubuntu/acme.key;

        access_log /var/log/nginx/acme.ssl_access_log combined;
        error_log /var/log/nginx/acme.ssl_error_log info;

        root /var/empty;


        location ~ ^/(images|fonts)(.*)/(.+?)(__v[0-9a-f]+)?\.([^.]+)$ {
            alias /home/ubuntu/dev/indico/src/indico/web/static/$1$2/$3.$5;
        }

        location ~ ^/(css|dist|images|fonts)/(.*)$ {
            alias /home/uduntu/dev/indico/src/indico/web/static/$1/$2;
        }

        location / {
            proxy_pass http://127.0.0.1:8000;
            proxy_set_header Host $server_name;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

I run Indico with this command:

indico run -h 127.0.0.1 -p 8000 -q --enable-evalex --url https://indico.ideria-indico.cf --proxy

I just need to access the indico from outside the Ubuntu in any way even with just a public IP address
This is my first time dealing with the nginx.

I can access Indico using local IP “127.0.0.1:8000” but it shows “invalid URL” as show in image below:
Screenshot from 2022-11-18 20-08-18

please help me to solve this problem.
thank you in advance

2

Your --url doesn’t match the URL you use to access it. Also, you cannot access it via the IP, only via the correct URL.

3

I access using ideria-indico.cf and www.ideria-indico.cf
I got same results

4

But your --url specifies https://indico.ideria-indico.cf

In any case, if you cannot even get an error from indico when accessing it via your domain it’s a configuration issue with your setup and not not related to indico.

I cannot even resolve your domain to an IP address.

5

I’m sorry this is a try to change the domain but the actual command is

indico run -h 127.0.0.1 -p 8000 -q --enable-evalex --url https://ideria-indico.cn --proxy
6

ideria-indico.cf does not resolve to an IP address. and ideria-indico.cn does not exist.

7

That is because I remove the ip from Freenom and now I set it up again.
Before I removing it I tested that with ping on my terminal and it was pointing to the Ubuntu instance correctly.
I tried now after pointing the IP and the result is:

PING ideria-indico.cf (168.138.180.114) 56(84) bytes of data.

8

the output of “sudo systemctl status nginx” is:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-11-18 13:16:12 UTC; 8min ago
       Docs: man:nginx(8)
    Process: 29752 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 29753 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 29754 (nginx)
      Tasks: 5 (limit: 38431)
     Memory: 4.9M
        CPU: 16ms
     CGroup: /system.slice/nginx.service
             ├─29754 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             ├─29755 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─29756 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─29757 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             └─29758 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

Nov 18 13:16:12 indico systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 18 13:16:12 indico nginx[29752]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:56
Nov 18 13:16:12 indico nginx[29753]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/nginx.conf:56
Nov 18 13:16:12 indico systemd[1]: Started A high performance web server and a reverse proxy server.
9

the output of indico after run it using:

indico run -h 127.0.0.1 -p 8000 -q --enable-evalex --url https://ideria-indico.cf --proxy

is:

 * Serving Indico on https://ideria-indico.cf
 * Werkzeug debugger console on https://ideria-indico.cf/console
 * Werkzeug debugger console is available to all clients!
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:8000
Press CTRL+C to quit
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 865-794-138
10

First: Reset your gmail password you included in your first post!

Second: check the docs for how to do a production deployment (link), the builtin dev server is not suitable for that.

11

I just removed it from the post and its history, thanks for spotting that. I saw the guy’s SECRET_KEY in the config but didn’t care much since he was talking about a dev setup, but leaking the gmail login is much worse of course…