RocketChat with Suffix in ROOT_URL working except for /api/ecdh_proxy/initEncryptedSession

ayudh37 · June 30, 2021, 5:59am

Description

Server Setup Information

Version of Rocket.Chat Server: 3.15.1
Operating System: Docker image
Deployment Method:
Number of Running Instances: 1
DB Replicaset Oplog: BYPASS_OPLOG_VALIDATION=true
NodeJS Version: 13.14.0
MongoDB Version: 4.0.25
Proxy:
Firewalls involved:

Any additional Information

I have an environment variable ROOT_URL configured as http://localhost:3000/rocketchat

It seems the RC client isn’t realizing that those api calls should be made to /rocketchat/api/…

Is there anything I can do to fix this?

john.crisp · June 30, 2021, 12:01pm

Hi,

so tell us a bit more about your setup please?

What is in your yml file?

You have server on one machine and trying to connect from a client on another machine?

Did you setup a web proxy?

You might need to change the root URL to the proper name of the server, not localhost.

ayudh37 · July 2, 2021, 5:20am

Hey there,

I’m currently testing on my local environment.

This is my current docker-compose.yml file:

version: '2'

services:
  rocketchat:
    image: rocketchat/rocket.chat:latest
    restart: unless-stopped
    volumes:
      - ./uploads:/app/uploads
    environment:
      - PORT=3000
      - ROOT_URL=http://localhost:3000/rocketchat
      - MONGO_URL=mongodb://mongo:27017/rocketchat
    #   - MONGO_OPLOG_URL=mongodb://mongo:27017/local
      - MAIL_URL=smtp://smtp.email
      - BYPASS_OPLOG_VALIDATION=true
#       - HTTP_PROXY=http://proxy.domain.com
#       - HTTPS_PROXY=http://proxy.domain.com
    depends_on:
      - mongo
    ports:
      - 3000:3000
    labels:
      - "traefik.backend=rocketchat"
      - "traefik.frontend.rule=Host: rocketchat.jollof.io"

  mongo:
    image: mongo:4.0
    restart: unless-stopped
    volumes:
     - ./data/db:/data/db
     #- ./data/dump:/dump
    # command: mongod --smallfiles --oplogSize 128 --replSet rs0
    labels:
      - "traefik.enable=false"

john.crisp · July 2, 2021, 9:39am

To test can you try it without the subdomain so JUST

http://localhost:3000

There was an issue with subdomains that should have been patched in 3.15.1 but there may still be other things there.

I suggest also get in the habit of never using ‘latest’ like this:

image: rocketchat/rocket.chat:latest

Use say:

image: rocketchat/rocket.chat:3.16.0

Saves any unpleasant surprises with upgrades!

I would also change it to 3.16.x which is released.

Also why this?? It is definitely not recommended.

 - BYPASS_OPLOG_VALIDATION=true

github.com/RocketChat/Rocket.Chat

Can't enable ReplicaSet OpLog

opened 10:40PM - 04 Apr 20 UTC

closed 04:33AM - 21 Jun 20 UTC

Gill-Bates

stat: stale

Hi there, this error drives me crazy. I am not able to enable the ReplicaSet.… I've followed the manual. Debian Buster x64, lastest RocketChat Version MongoDB v4.2.5 ``` | Site URL: http://SLD.TLD:3000/ | | ReplicaSet OpLog: Disabled | | Commit Hash: 15ac7670be | | Commit Branch: HEAD | | | | OPLOG / REPLICASET IS REQUIRED TO RUN ROCKET.CHAT, MORE INFORMATION AT: | | https://go.rocket.chat/i/oplog-required | ``` ``` nano /etc/mongod.conf replication: replSetName: rs01 ``` > curl -I localhost:3000 > curl: (7) Failed to connect to localhost port 3000: Connection refused ``` sed -i "s/^# engine:/ engine: wiredTiger/" /etc/mongod.conf sed -i "s/^#replication:/replication:\n replSetName: rs01/" /etc/mongod.conf ``` **Mongo output:** `rs01:PRIMARY> rs.initiate() { "operationTime" : Timestamp(1586039709, 1), "ok" : 0, "errmsg" : "already initialized", "code" : 23, "codeName" : "AlreadyInitialized", "$clusterTime" : { "clusterTime" : Timestamp(1586039709, 1), "signature" : { "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="), "keyId" : NumberLong(0) } } }` **My Service Config:** [Unit] Description=The Rocket.Chat server After=network.target remote-fs.target nss-lookup.target mongod.target mongod.service [Service] ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js StandardOutput=syslog StandardError=syslog SyslogIdentifier=rocketchat User=rocketchat Environment=LD_PRELOAD=/opt/Rocket.Chat/programs/server/npm/node_modules/sharp/vendor/lib/libz.so Environment=NODE_ENV=production MONGO_OPLOG_URL=mongodb://localhost:27017/local?replSet=rs01 Environment=MONGO_URL=mongodb://localhost:27017/rocketchat Environment=ROOT_URL=http://SLD.TLD Environment=PORT=3000 [Install] WantedBy=multi-user.target

Ahhh. I just had a search and found these:

github.com

RocketChat/Rocket.Chat/blob/develop/HISTORY.md

# 6.2.11

`2023-07-26  ·  1 🐛  ·  1 🔍  ·  4 👩‍💻👨‍💻`

### Engine versions
- Node: `14.21.3`
- NPM: `6.14.17`
- MongoDB: `4.4, 5.0, 6.0`
- Apps-Engine: `1.39.1`

### 🐛 Bug fixes


- Performance issue when using api to create users ([#29914](https://github.com/RocketChat/Rocket.Chat/pull/29914) by [@KevLehman](https://github.com/KevLehman))

<details>
<summary>🔍 Minor changes</summary>


- Release 6.2.11 ([#29915](https://github.com/RocketChat/Rocket.Chat/pull/29915) by [@rocketchat-github-ci](https://github.com/rocketchat-github-ci))

This file has been truncated. show original

Option BYPASS_OPLOG_VALIDATION not working (#17143)

Upgrade to 3.16.x should help.

ayudh37 · July 5, 2021, 2:24am

Unfortunately, upgrading to 3.16.0 did not work for me

john.crisp · July 5, 2021, 9:01am

Hmmm.

Just saw this:

github.com/RocketChat/Rocket.Chat

initEncryptedSession references a root path instead of a relative one

opened 02:28AM - 02 May 21 UTC

closed 03:01PM - 07 May 21 UTC

dotdotdotpaul

### Description: When the chat window loads, the call to `initEncryptedSessio…n` is being made with the path `/api/...` instead of a relative path, `api/...` like most everything else seems to do. This won't affect anyone using a dedicated hostname like "chat.foo.com" but if you're trying to serve it as a path under your existing server (ex. "www.foo.com/chat") it creates a problem. Line in question: https://github.com/RocketChat/Rocket.Chat/blob/a3656b3304e36ccdcb1e7cd6a0f703d1faf92ec8/ee/client/ecdh.ts#L34 The further problem is that the client appears to immediately retry `getSetupWizardParameters` and immediately goes into 'too many requests' lockdown. The browser client has no back-off to avoid that, or any messaging to indicate what happened; but that may be moot if the underlying problem is corrected. ### Steps to reproduce: 1. Setup an install where your ROOT_URL has a path on the end of it. 2. Hit that URL 3. Watch failure cascade ### Expected behavior: Browser app should request `api/ecdh_proxy/initEncryptedSession` (resolving to `/chat/api/ecdh_proxy/initEncryptedSession` in the example above where the `/chat` path is being rewritten and routed) ### Actual behavior: Browser loads setup screen then immediately flashes the loading screen then back again, in very rapid succession. WARNING: epilepsy danger (seriously) ### Server Setup Information: Using latest rocketchat Docker container, in a K8s pod where the ingress is capture requests to /chat and sending them into the pod (with /chat stripped off). ### Client Setup Information Chrome on OSX, though I don't think that's the problem. ### Relevant logs: Server logs: ``` Exception while invoking method getSetupWizardParameters Error: Error, too many requests. Please slow down. You must wait 25 seconds before trying again. [too-many-requests] at Object.post (app/api/server/v1/misc.js:256:11) at app/api/server/api.js:394:82 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39) at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32) at packages/nimble_restivus/lib/route.coffee:59:33 at packages/simple_json-routes.js:98:9 Exception while invoking method getSetupWizardParameters Error: Error, too many requests. Please slow down. You must wait 25 seconds before trying again. [too-many-requests] at Object.post (app/api/server/v1/misc.js:256:11) at app/api/server/api.js:394:82 at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39) at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32) at packages/nimble_restivus/lib/route.coffee:59:33 at packages/simple_json-routes.js:98:9 ``` (ad nauseum) Screen grab of the Chrome network showing the initEncryptedSession failure and the repeated requests: ![Image 2021-05-01 at 7 27 08 PM](https://user-images.githubusercontent.com/55685/116800168-624ccb80-aab3-11eb-94e5-f924239d4bfe.jpg)

Now, the interesting point is that we were going to drop subdir support, and we have decided to continue it.

3.15.1 fixed some subdir issues. This may be one that has been missed.

Can you check that issue please?

ayudh37 · July 7, 2021, 5:49am

Hey John,

I’ve checked that issue you linked and can see no resolution for it

john.crisp · July 7, 2021, 9:13am

Ahhh - I just twigged this was yours:

I think you might want to set your root URL to your domain and make sure it resolves correctly. It could be a local private domain, or a public one, but it must resolve correctly.

https://docs.rocket.chat/installing-and-updating/manual-installation/configuring-ssl-reverse-proxy

Note: You must use the outside https address for the value at ROOT_URL in [[Section 3|Deploy-Rocket.Chat-without-docker#3-download-rocketchat]] above. This includes the https:// and leave off the port number. So instead of ROOT_URL=http://localhost:3000 use something like https://your_hostname.com

And how to modify that:

stefan.badenhorst · July 26, 2021, 7:10pm

It seems I’m having the same issue and I’m not sure how to resolve it.
I’m using rocketchat 3.16.3 on a URL suffix:
https://mydomain.com/chat I have set my ROOT_URL to https://mydomain.com/chat
Everything works fine except for /api/ecdh_proxy/initEncryptedSession
Here is a short excerpt from the console:

Navigated to https://mydomain.com/chat/_oauth/keycloak?state=eyJsb2dpblN0eWxlIjoicmVkaXJlY3QiLCJjcmVkZW50aWFsVG9rZW4iOiJXN3dkN3l1OFF6M01QS0I4a2dhOVhubmlFYmFlWWFuZGVRTDFFMXRuQU1RIiwiaXNDb3Jkb3ZhIjpmYWxzZSwicmVkaXJlY3RVcmwiOiJodHRwOi8vdGVzdHNlcnZlci9jaGF0L2hvbWUifQ%3D%3D&session_state=7e946e53-9804-44c8-8c49-6e382e7eb167&code=9871a27d-2fc1-4fed-b000-bb5a4a8dbd45.7e946e53-9804-44c8-8c49-6e382e7eb167.58d8e5fc-9929-11eb-9c54-eff7529901fc
Navigated to https://mydomain.com/chat/home
VM322:1 POST https://mydomain.com/api/ecdh_proxy/initEncryptedSession 404 (Not Found)
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/login".
VM322:1 XHR finished loading: GET "https://mydomain.com/chat/sockjs/info?cb=x7n57s6sfe".
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/license%3AisEnterprise".
VM322:1 Fetch failed loading: POST "https://mydomain.com/api/ecdh_proxy/initEncryptedSession".
VM322:1 XHR finished loading: POST "https://mydomain.com/chat/api/v1/method.callAnon/public-settings%3Aget".
VM322:1 XHR finished loading: GET "https://mydomain.com/chat/_timesync".

As you can see it loads all requests from the correct URL except for api/ecdh_proxy/initEncryptedSession. It looks for that one in the root.
This issue only started once I added a custom keycloak OAuth provider.

ayudh37 · July 27, 2021, 1:57am

@stefan.badenhorst I ended up using RC without the suffix on localhost where the problem was occuring.

However for my dev environment, we’re using k8s and actually got RC to work with the suffix… let me share the redacted k8s values.yml files with you for your perusal. Hopefully they’ll help.

# Default values for temp.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicas: 1
projectName: rocketchat
namespace: dev

image:
  repository: docker.io/library/rocket.chat
  tag: 3.16.2
  pullPolicy: IfNotPresent

secret:
  name: rocketchat-secrets
  data:
    MONGO_SERVER_CONNECT_STR: mongodb://mongo-svc/chat

configmap:
  name: rocketchat-config
  data:
    ROOT_URL: <our-api-domain>/rc
    MONGO_URL: mongodb://mongo-svc/chat
    MONGO_OPLOG_URL: mongodb://mongo-svc/local?replSet=rs0
    MONGO_OPTIONS: '{ "serverSelectionTimeoutMS": 30000 }'
    PORT: 3000

service:
  name: rocketchat-svc
  targetPort: 3000
  port: 3000
  imapPort: 993
  imapTargetPort: 993

ingress:  
  name: rocketchat-ing
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx-dev
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
  path: /rc/?(.*)
  hosts:
    - <our-api-domain-without-https://-prefix>

john.crisp · July 27, 2021, 10:49am

As per this please note that we had fixed some issues but noted there were more which are being worked on during the current sprint.

We will try and get these released as soon as we can so you don’t have to do so many ugly workarounds!

This post refers:

Topic		Replies	Views
How to change ROOT_URL in docker-compose with everything up Community Support	4	2476	July 6, 2021
Update RC Docker - error a route URL prefix must begin with a slash Community Support	1	566	March 8, 2024
RocketChat with Suffix in ROOT_URL working only in API Calls and it's failing in WEB UI Community Support rocketchat-apps	5	575	October 4, 2023
New to docker, missing information in instructions Community Support docker	0	272	June 22, 2023
Issues.Communicating between Two Instance under Docker Community Support	0	816	February 21, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

RocketChat with Suffix in ROOT_URL working except for /api/ecdh_proxy/initEncryptedSession

Description

Server Setup Information

Any additional Information

Related Topics