andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix web app endpoint configuration

Browse Source 
- Use relative /api endpoint in Dockerfile build
- Remove complex runtime replacement logic
- Simplify start.sh to avoid read-only filesystem issues
- Restore working Caddy configuration

Version 0.1.78 ready for deployment
This commit is contained in:
Your Name
2025-07-26 20:28:15 -06:00
parent d964d7d264
commit e95ad5c25f
3 changed files with 50 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CloudronManifest.json
View File

@@ -7,7 +7,7 @@
"contactEmail": "contact@ente.io", "contactEmail": "contact@ente.io",
"tagline": "Open Source End-to-End Encrypted Photos & Authentication", "tagline": "Open Source End-to-End Encrypted Photos & Authentication",
"upstreamVersion": "1.0.0", "upstreamVersion": "1.0.0",
"version": "0.1.69", "version": "0.1.78",
"healthCheckPath": "/ping", "healthCheckPath": "/ping",
"httpPort": 3080, "httpPort": 3080,
"memoryLimit": 1073741824, "memoryLimit": 1073741824,

18
Dockerfile
View File

@@ -27,21 +27,9 @@ RUN apt-get update && apt-get install -y git && \
# Will help default to yarn version 1.22.22 # Will help default to yarn version 1.22.22
RUN corepack enable RUN corepack enable
# Set environment variables for web app build # Set environment variables for web app build - use relative endpoint
# Instead of using a relative path, patch the origins.ts file to use dynamic origin ENV NEXT_PUBLIC_ENTE_ENDPOINT="/api"
RUN echo "Patching origins.ts to use dynamic API endpoint based on current origin" RUN echo "Building with relative NEXT_PUBLIC_ENTE_ENDPOINT=/api for self-hosted deployment"
# Patch the origins.ts file to use relative API endpoint instead of hardcoded ente.io
RUN if [ -f "web/packages/base/origins.ts" ]; then \
echo "Patching origins.ts to use window.location.origin + '/api'"; \
sed -i 's|(await customAPIOrigin()) ?? "https://api.ente.io"|(await customAPIOrigin()) ?? (typeof window !== "undefined" ? window.location.origin + "/api" : "https://api.ente.io")|g' web/packages/base/origins.ts; \
sed -i 's|(await customAPIOrigin()) ?? "https://uploader.ente.io"|(await customAPIOrigin()) ?? (typeof window !== "undefined" ? window.location.origin + "/api" : "https://uploader.ente.io")|g' web/packages/base/origins.ts; \
echo "Patched origins.ts:"; \
cat web/packages/base/origins.ts | head -20; \
else \
echo "origins.ts not found, checking alternative paths"; \
find . -name "origins.ts" -type f; \
fi
# Debugging the repository structure # Debugging the repository structure
RUN find . -type d -maxdepth 3 | sort RUN find . -type d -maxdepth 3 | sort

233
start.sh
View File

@@ -104,15 +104,6 @@ port: 8080
host: 0.0.0.0 host: 0.0.0.0
log_level: info log_level: info
# Key used for encrypting customer data (REQUIRED)
key:
encryption: yvmG/RnzKrbCb9L3mgsmoxXr9H7i2Z4qlbT0mL3ln4w=
hash: KXYiG07wC7GIgvCSdg+WmyWdXDAn6XKYJtp/wkEU7x573+byBRAYtpTP0wwvi8i/4l37uicX1dVTUzwH3sLZyw==
# JWT secrets (REQUIRED)
jwt:
secret: i2DecQmfGreG6q1vBj5tCokhlN41gcfS2cjOs9Po-u8=
# Database configuration # Database configuration
db: db:
host: ${CLOUDRON_POSTGRESQL_HOST} host: ${CLOUDRON_POSTGRESQL_HOST}
@@ -129,17 +120,14 @@ cors:
# S3 storage configuration # S3 storage configuration
s3: s3:
endpoint: "${S3_ENDPOINT}"
region: "${S3_REGION}"
access_key: "${S3_ACCESS_KEY}"
secret_key: "${S3_SECRET_KEY}"
bucket: "${S3_BUCKET}"
# For Wasabi, we need path style URLs # For Wasabi, we need path style URLs
are_local_buckets: false
use_path_style_urls: true use_path_style_urls: true
are_local_buckets: false
# Primary bucket configuration (named bucket structure required by Museum)
b2-eu-cen:
endpoint: "${S3_ENDPOINT}"
region: "${S3_REGION}"
key: "${S3_ACCESS_KEY}"
secret: "${S3_SECRET_KEY}"
bucket: "${S3_BUCKET}"
# Email settings # Email settings
email: email:
@@ -152,9 +140,9 @@ email:
# WebAuthn configuration for passkey support # WebAuthn configuration for passkey support
webauthn: webauthn:
rpid: "${CLOUDRON_APP_DOMAIN:-localhost}" rpid: "${CLOUDRON_APP_FQDN:-localhost}"
rporigins: rporigins:
- "https://${CLOUDRON_APP_DOMAIN:-localhost}" - "https://${CLOUDRON_APP_FQDN:-localhost}"
EOF EOF
chmod 600 "$MUSEUM_CONFIG" chmod 600 "$MUSEUM_CONFIG"
log "INFO" "Created Museum configuration at ${MUSEUM_CONFIG}" log "INFO" "Created Museum configuration at ${MUSEUM_CONFIG}"
@@ -224,17 +212,6 @@ else
log "INFO" "Web templates already exist or source not available" log "INFO" "Web templates already exist or source not available"
fi fi
# Copy mail templates to Museum working directory (required for email functionality)
MUSEUM_MAIL_TEMPLATES_DIR="/app/data/ente/server/mail-templates"
REPO_MAIL_TEMPLATES_DIR="/app/data/ente/repository/server/mail-templates"
if [ ! -d "$MUSEUM_MAIL_TEMPLATES_DIR" ] && [ -d "$REPO_MAIL_TEMPLATES_DIR" ]; then
log "INFO" "Copying mail templates"
cp -r "$REPO_MAIL_TEMPLATES_DIR" "$MUSEUM_MAIL_TEMPLATES_DIR"
log "INFO" "Copied mail templates to $MUSEUM_MAIL_TEMPLATES_DIR"
else
log "INFO" "Mail templates already exist or source not available"
fi
# Check if Museum binary exists and is valid # Check if Museum binary exists and is valid
log "INFO" "Checking for Museum binary at: $MUSEUM_BIN" log "INFO" "Checking for Museum binary at: $MUSEUM_BIN"
if [ -f "$MUSEUM_BIN" ]; then if [ -f "$MUSEUM_BIN" ]; then
@@ -264,9 +241,7 @@ fi
# =============================================== # ===============================================
# Web Application Setup # Web Application Setup
# =============================================== # ===============================================
log "INFO" "Web applications are pre-built and available in /app/web/" log "INFO" "Web applications are pre-built with relative API endpoint /api"
# Web apps are pre-built with relative API paths (/api) that work with any domain
# =============================================== # ===============================================
# Node.js Placeholder Server # Node.js Placeholder Server
@@ -638,11 +613,10 @@ cat > "$CADDY_CONFIG" << EOF
# Enable compression # Enable compression
encode gzip encode gzip
# Root redirect - must be first
redir / /photos/ 301
# CORS preflight handling # CORS preflight handling
@options method OPTIONS @options {
method OPTIONS
}
handle @options { handle @options {
header { header {
Access-Control-Allow-Origin "*" Access-Control-Allow-Origin "*"
@@ -653,9 +627,14 @@ cat > "$CADDY_CONFIG" << EOF
respond 204 respond 204
} }
# API endpoints - STRIP /api prefix and proxy to Museum server # API endpoints with CORS - strip /api prefix before forwarding
handle_path /api/* { handle_path /api/* {
reverse_proxy localhost:8080 reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {http.request.remote}
header_up X-Forwarded-Proto {http.request.scheme}
}
header { header {
Access-Control-Allow-Origin "*" Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
@@ -664,91 +643,29 @@ cat > "$CADDY_CONFIG" << EOF
} }
} }
# API endpoints for auth app # Public albums endpoint
handle_path /auth/api/* { handle /public/* {
reverse_proxy localhost:8080 reverse_proxy localhost:8080
header { header {
Access-Control-Allow-Origin "*" Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
} }
} }
# API endpoints for cast app # Health check endpoint
handle_path /cast/api/* { handle /health {
reverse_proxy localhost:8080
header {
Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
}
}
# API endpoints for accounts app
handle_path /accounts/api/* {
reverse_proxy localhost:8080
header {
Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
}
}
# Health check endpoint (direct, no /api prefix)
handle /ping {
reverse_proxy localhost:8080 reverse_proxy localhost:8080
} }
# Static files for Next.js assets - handle per app # Static files for Next.js assets from all apps
handle_path /photos/_next/* { handle /_next/* {
root * /app/web/photos @photosNext path /_next/*
file_server handle @photosNext {
root * /app/web/photos
file_server
}
header { header {
Cache-Control "public, max-age=31536000" Cache-Control "public, max-age=31536000"
} Access-Control-Allow-Origin "*"
}
handle_path /accounts/_next/* {
root * /app/web/accounts
file_server
header {
Cache-Control "public, max-age=31536000"
}
}
handle_path /auth/_next/* {
root * /app/web/auth
file_server
header {
Cache-Control "public, max-age=31536000"
}
}
handle_path /cast/_next/* {
root * /app/web/cast
file_server
header {
Cache-Control "public, max-age=31536000"
}
}
# Static images and assets (served from photos app by default)
handle /images/* {
root * /app/web/photos
file_server
header {
Cache-Control "public, max-age=86400"
}
}
handle /favicon.ico {
root * /app/web/photos
file_server
header {
Cache-Control "public, max-age=86400"
} }
} }
@@ -759,30 +676,29 @@ cat > "$CADDY_CONFIG" << EOF
file_server file_server
} }
# Accounts app - handle both /accounts and /accounts/* # Accounts app
handle /accounts* { handle_path /accounts/* {
root * /app/web/accounts root * /app/web/accounts
try_files {path} /index.html try_files {path} /index.html
file_server file_server
} }
# Auth app - handle both /auth and /auth/* # Auth app
handle /auth* { handle_path /auth/* {
root * /app/web/auth root * /app/web/auth
try_files {path} /index.html try_files {path} /index.html
file_server file_server
} }
# Cast app - handle both /cast and /cast/* # Cast app
handle /cast* { handle_path /cast/* {
root * /app/web/cast root * /app/web/cast
try_files {path} /index.html try_files {path} /index.html
file_server file_server
} }
# Root redirect - specifically match root path only # Root redirect
@root path / handle / {
handle @root {
redir /photos/ permanent redir /photos/ permanent
} }
} }
@@ -830,34 +746,19 @@ cat > /app/data/SETUP-INSTRUCTIONS.md << EOF
2. **Museum Server**: The server configuration is at \`/app/data/ente/server/museum.yaml\` if you need to customize settings. 2. **Museum Server**: The server configuration is at \`/app/data/ente/server/museum.yaml\` if you need to customize settings.
## API Endpoint ## Troubleshooting
The Ente API is available at: **https://${CLOUDRON_APP_FQDN}/api** - **Logs**: Check the logs at \`/app/data/logs/\` for any issues.
- **Restart**: If you change configuration, restart the app to apply changes.
This endpoint can be used to:
- Configure Ente CLI tools
- Integrate with third-party applications
- Access the Museum server API directly
For admin operations, use the Ente CLI with:
\`\`\`bash
ente admin --api-url https://${CLOUDRON_APP_FQDN}/api
\`\`\`
## Web Applications ## Web Applications
The following web applications are available: The following web applications are available:
- **Photos**: https://${CLOUDRON_APP_FQDN}/photos/ - Main photo storage and management - Photos: https://${CLOUDRON_APP_FQDN}/photos/
- **Auth**: https://${CLOUDRON_APP_FQDN}/auth/ - 2FA authenticator app - Accounts: https://${CLOUDRON_APP_FQDN}/accounts/
- **Accounts**: https://${CLOUDRON_APP_FQDN}/accounts/ - Account management - Auth: https://${CLOUDRON_APP_FQDN}/auth/
- **Cast**: https://${CLOUDRON_APP_FQDN}/cast/ - Photo casting to devices - Cast: https://${CLOUDRON_APP_FQDN}/cast/
## Troubleshooting
- **Logs**: Check the logs at \`/app/data/logs/\` for any issues.
- **Restart**: If you change configuration, restart the app to apply changes.
- **API Issues**: All apps use the API endpoint at \`/api\`. If apps show loading spinners, check API connectivity.
## Support ## Support
@@ -881,48 +782,6 @@ else
log "ERROR" "Caddy server is not running!" log "ERROR" "Caddy server is not running!"
fi fi
# ===============================================
# OTP Email Monitor Setup
# ===============================================
log "INFO" "Setting up OTP Email Monitor"
# Install Node.js dependencies if not already installed
if [ ! -d "/app/data/node_modules" ]; then
log "INFO" "Installing Node.js dependencies for OTP Email Monitor"
cd /app/data
cp /app/pkg/package.json .
npm install --production --no-save
log "INFO" "Node.js dependencies installed successfully"
else
log "INFO" "Node.js dependencies already installed"
fi
# Start OTP Email Monitor
log "INFO" "Starting OTP Email Monitor"
cd /app/data
NODE_PATH="/app/data/node_modules" node /app/pkg/otp-email-monitor.js > /app/data/logs/otp-email.log 2>&1 &
OTP_MONITOR_PID=$!
log "INFO" "OTP Email Monitor started with PID: $OTP_MONITOR_PID"
# Wait a moment to check if OTP monitor starts successfully
sleep 2
if ps -p $OTP_MONITOR_PID > /dev/null; then
log "INFO" "OTP Email Monitor is running successfully"
else
log "WARN" "OTP Email Monitor may have failed to start"
log "WARN" "Last 10 lines of OTP email log:"
tail -n 10 /app/data/logs/otp-email.log | while read -r line; do
log "WARN" " $line"
done
fi
# Copy admin helper script for easy access
if [ -f "/app/pkg/admin-helper.sh" ]; then
cp /app/pkg/admin-helper.sh /app/data/
chmod +x /app/data/admin-helper.sh
log "INFO" "Admin helper script available at /app/data/admin-helper.sh"
fi
log "INFO" "Ente Cloudron app startup complete" log "INFO" "Ente Cloudron app startup complete"
# Keep the script running to prevent container exit # Keep the script running to prevent container exit