ODK Collect fails to download forms from ODK Central installed in non-default ports

maxramirez84 · August 4, 2021, 12:28pm

1. What is the problem? Be very detailed.
I've just installed ODK Central in an EC2 instance in AWS. This instance is behind an Application Load Balancer that is doing path forwarding. As I cannot setup Central in a sub-directory and I cannot route trafic from a path to the root Central domain (ODK Central accessible through some concrete URL path), I've opted for setting up Central on different ports:

# Use fully qualified domain names. Set to DOMAIN=local if SSL_TYPE=selfsign.
DOMAIN=my.fqdn.org

# Used for Let's Encrypt expiration emails and Enketo technical support emails
SYSADMIN_EMAIL=my@mail.address.org

# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=upstream

# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=8080
HTTPS_PORT=8443

My Application Load Balancer is listening on those ports and routing traffic accordingly to the EC2 instance. I use SSL until the balancer(in fact, the balancer is configured with our certificate) but not from the balancer to the EC2 instance (internally).

I can successfully access and navigate the web interface either through https://my.fqdn.org:8443/ or http://my.fqdn.org:8080/. I can even list the forms in ODK Collect when using the legacy QR code but I cannot download them. I get the message "Failure".

2. What app or server are you using and on what device and operating system? Include version numbers.
ODK Central versions (clicking on the version link on the login web page):

e16b79530756bbd825f68275b3b6e53951409474
70ec99f02885a06e37709db6319bfdf96fac84eb client (v1.2.2)
59556ecea91f0a25678cd6da0084adb7e66ca099 server (v1.2.1)

EC2:

Ubuntu 18.04.5 LTS (bionic) x86_64

ODK Collect:

v2021.2.1

3. What you have you tried to fix the problem?
I've tried to preview the form from Central with Enketo and I've got an error as it is requesting to:

https://my.fqdn.org/v1/test/dA3qOSDyHXwvGOvrYPzVJOyIfmf4oB$zkDBlfNUVwJJSsA78cK89qPFquJu3C4dC/projects/2/forms/basic/draft/formList?formID=basic

So seems like Central is using HTTPS but without my HTTPS 8443 port. Could be that Collect is doing the same when trying to download. If I try to use the Managed QR Code, I get "Nothing available to display. Try getting and filling out a blank form" message and a notification telling "Form update failed".

4. What steps can we take to reproduce the problem?
I've just installed a fresh setup of Central with the previous .env file and upload and upload a basic example form (https://github.com/getodk/sample-forms/blob/master/Basic.xml).

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.
Not now.

maxramirez84 · August 5, 2021, 8:30am

Hi @yanokwa, I'm using version 1.2 running on non-default ports HTTP_8080 and HTTPS_8443 and this is not working to me. I've disabled ufw and I'm able to connect to the enketo container and reach my domain https://mydomain.org:8443. However, I cannot preview forms or even fill out them from the web browser. I get a popup error message that sais: "There was an error while loading this form...".

On the other hand, I cannot download forms into Collect. I can list them (when using legacy QR code) but when I try to download some of them it fails. The error messages are not very explanatory. In Collect I only get "Failure"...

Thanks!

maxramirez84 · August 6, 2021, 9:58am

More info:

Requesting to the Central API https://mydomain.org:8443/v1/key/mykey/projects/1/formList?formID=my_form_id I get the following response:

<?xml version="1.0" encoding="UTF-8" ?>
<xforms>
  <xform>
    <formID>my_form_id</formID>
    <name>My Form Name</name>
    <version>2020070102</version>
    <hash>md5:myhash</hash>
    <downloadUrl>https://mydomain.org/v1/key/mykey/projects/1/forms/my_form_id.xml</downloadUrl>
 </xform>
</xforms>

The downloadUrl is not having the HTTPS non-default port! It is missing. So when Collect tries to download it using the provided URL fails (Not Found). I guess Enketo has the same problem. Seems that Central has some problem while building the URLs, it is not considering the defined ports in .env file.

jgraham · August 21, 2021, 11:43am

Chiming in here to say I've got the same issue. Central is installed with port 78 and port 7443. I can access the server on the web just fine, can set up Collect with the QR code, and can access the form list, but I cannot actually download a form (same error message as Max, just "Failure"). ufw is disabled. I'm using customssl instead of upstream however (no load balancer for me).

@maxramirez84 - don't know if you've made any progress towards a solution that isn't listed in this thread?

Central version 1.2.2, collect version 2021.2.0. Central is running on Ubuntu 18.04.5

jgraham · August 21, 2021, 3:45pm

So digging deeper into Max's discovery about the downloadurl above, the form xml can be curl'd from the download url if the port is inserted correctly. I did some poking through central-backend on github and it looks like a relatively straightforward change to ensure the port is correctly inserted into the returned downloadurl. I'm going to do some tinkering on my own and hopefully do a pull request if I can get it working.

Notably, probably want to read the server port from local.json in the nodejs config directory, and exporting the port to there will require some changes to the broader central project outside of the central-backend repo. Will deal with that if I can get the backend stuff working first.

maxramirez84 · September 28, 2021, 10:31am

Yes @jgraham, I found a workaround. As my network is receiving all my services' requests through an Application Load Balancer. I configured a new rule to match /v1/* path and resend these requests to my Central server. Like this, all Central API calls work and I'm able to download forms in ODK Collect and preview with Enketo.

However, I'm seeing now how to deal with the URL's which are included into the email when creating a web user account:

https://mydomain.org/#/account/claim?token=some_token

and

https://mydomain.org/#/reset-password

The problem remains there, Central is not considering non-default ports when building URL's.

Another place where I noticed this problem is when editing submissions. Central redirects to Enketo with the following URL:

https://mydomain.org/-/edit/some_key?instance_id=some_id&return_url=https%3A%2F%2Fmydomain.org%2F%23%2Fprojects%2F1%2Fforms%2Fsome_form%2Fsubmissions%2Fuuid%3some_uuid

No port neither in the redirecting URL nor in the return_url parameter.

yanokwa · September 28, 2021, 1:13pm

@maxramirez84, it's a bug and pull requests are welcome. See https://github.com/getodk/central-backend/pull/397 for a discussion of our preferred approach.