[SOLVED] Progress report on getting the new HPB working with Docker

Hi,

Does anyone has successfully enabled the HPB (notify_push) using docker-compose?

I tried to get into it but I cannot get my head around given my docker-compose limited skills and the limited documentation.

So this where Iā€™m at (still not working).

The Dockerfile:

FROM rust:alpine

WORKDIR /app
RUN wget https://github.com/nextcloud/notify_push/releases/download/v0.1.3/notify_push.tar.gz
RUN tar -xzf notify_push.tar.gz
RUN rm -f notify_push.tar.gz

CMD ["/app/notify_push/bin/x86_64/notify_push", "/var/www/html/config/config.php"]

Added this to my docker-compose.yml:

notify_push:
  build: ./notify_push
  container_name: notify_push
  restart: always
  volumes:
    - nextcloud:/var/www/html:ro
  networks:
    - default

Added this to my nginx.conf:

# Push daemon for Nextcloud clients
location /push/ {
    proxy_pass http://notify_push:7867/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

The Redis setup (which works):

redis:
  image: redis
  container_name: redis
  command: redis-server --requirepass <password>
  restart: always
  networks:
    - default

But getting this error:

web_1                    | 2021/02/24 17:48:40 [error] 8#8: *115 connect() failed (111: Connection refused) while connecting to upstream, client: 172.19.0.1, server: , request: "GET /push/test/cookie HTTP/1.1", upstream: "http://172.18.0.4:7867/test/cookie", host: "nc.example.com"

Apparently notify_push receives the test cookie but still getting the connection refused error:

notify_push              | [2021-02-25 09:09:01.260571 +00:00] DEBUG [notify_push] src/lib.rs:338: Received test cookie 358531364

So the 0.1.4 release solved the connection issue, then I got the trusted proxy issue. So here the final Dockerfile for the notify_push server:

FROM rust:alpine

WORKDIR /app
RUN wget https://github.com/nextcloud/notify_push/releases/download/v0.1.4/notify_push.tar.gz
RUN tar -xzf notify_push.tar.gz
RUN rm -f notify_push.tar.gz

CMD ["/app/notify_push/bin/x86_64/notify_push", "/var/www/html/config/config.php"]
EXPOSE 7867/tcp

Here the entry in my docker-compose.yml for the server:

notify_push:
  build: ./notify_push
  container_name: notify_push
  restart: always
  environment:
    - NEXTCLOUD_URL=http://nextcloud_web/
  volumes:
    - nextcloud:/var/www/html:ro
  networks:
    - default

http://nextcloud_web/ being the internal URL to the NC web server.

To solve the trusted proxy issue I added this to the config.php:

'trusted_proxies' =>
  array (
    0 => '172.18.0.0/24',
  ),

172.18.0.0/24 being the internal IP range for default Docker network. The only concern I have now is if this range might change during an update.

2 Likes

@BraindeadBZH thank you for your examples.
With docker-compose, you can configure the subnet range of your network.

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"

the trusted_proxies can also be set with the occ command:

 ./occ config:system:set trusted_proxies 0 --value=172.16.0.0/16

I created a wrapper script in the docker-compose folder for occ

#!/bin/bash
set -eu
dir="$(dirname $(readlink -f $0))"
cd $dir
docker-compose exec --user www-data nextcloud php occ $@

Install and configure the app:

./occ app:enable notify_push
./occ notify_push:setup https://files.yourdomain.com/push
1 Like

@pgassmann thank you for the additional useful information.