1. What is the issue? Please be detailed.
This issue is about running ODK Central behind a different NGINX upstream server on which the certificate and DNS record terminates.
I am aware this problem has been raised a number of times and have gone over a number of posts. Spent last week trying these.
The challenge is that while I can upload forms and publish them and receive data collection and view collected data.
I have problems with preview and opening forms as I get the error "Could not connect with Form Server"
The problem is prominent when the machine running the NGINX reverse upstream proxy is on a separate server from the ODK Central server.
I have gone over how others have solved this and tried without success but I do notice that the solutions are not consistent.
I desire to build/document a solution which is consistent for deploying the environment below
INTERNET <-> UPSTREAM SSL PROXY <-> ODK CENTRAL [Separate servers]
2. What steps can we take to reproduce this issue?
Below is my configuration
== 2.a version
versions:
279c4cb68c14854efb3ca41164451cae33f4fa7d (v2024.3.1-2-g279c4cb)
454ade29b5ee001da94c59ef07aa873359193384 client (v2024.3.1)
7574030f7ea8750f3837950001a5efcdeba45b92 server (v2024.3.1)
== 2.b ODK .env
DOMAIN=odk.xxxxxx.com
SYSADMIN_EMAIL=sa@xxxxxx.com
SSL_TYPE=upstream
HTTP_PORT=9083
HTTPS_PORT=9443
UPSTREAM_HTTPS_PORT=443
== 2.c ODK docker-compose.yml
nginx:
ports:
- "${HTTP_PORT:-80}:80"
- "${HTTPS_PORT:-443}:443"
enketo:
environment:
- DOMAIN=${DOMAIN}
- SUPPORT_EMAIL=${SYSADMIN_EMAIL}
- HTTPS_PORT=${UPSTREAM_HTTPS_PORT:-443}
== 2.d Upstream Reverse proxy [with SSL certificate]
location / {
proxy_set_header Host odk.xxxxxx.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://odk.xxxxxx.com:9083;
}
3. What have you tried to fix the issue?
I have gone over a number of posts relating to the error and tried a number of options offered:
- extra_host [docker-compose.yaml]
- ports in [docker-compose.yaml]
- ports in [.env]
Checks done:
==3.a Check ODK central:
Can access and do all operations except Form (preview or open) related tasks
==3.b Check docker containers
c821383085a4 central-enketo Up 29 minutes 8005/tcp
4378177cb7c4 central-nginx Up 29 minutes (healthy) 0.0.0.0:9083->80/tcp, 0.0.0.0:9443->443/tcp
0dd9ca9bdcca central-service Up 29 minutes 8383/tcp
22a1493d43e5 ixdotai/smtp:v0.5.4 Up 29 minutes 25/tcp
575a8753023a redis:7.2 Up 29 minutes 6379/tcp
5d08c2980dc8 central-postgres Exited (0) 29 minutes ago
6f7963031735 ghcr.io/getodk/pyxform-http:v3.0.0 Up 29 minutes
7d131e024e34 central-postgres14 Up 29 minutes 5432/tcp
45931d5d9ecb central-secrets Exited (0) 29 minutes ago
28beda0f3db7 redis:7.2 Up 29 minutes 6379/tcp
7e4f55a04a2d kestra/kestra:latest Exited (143) 3 days ago
==3.c Check Enkento via brower opening: https://odk.xxxxxx.com/-/
Enketo is running! Please access Enketo forms from your ODK Central installation.
version: 7.5.0
