Plone6/nginx on Unprivileged Port Fails

muellert · December 5, 2023, 7:33pm

Hi,
I found that running Plone on an unprivileged port, 2080 in my case, does not work because somewhere in the backend, the wrong URL is being generated. The problem with the URL is that it lacks the port, and that, in turn, leads to a CORS error. I verified by running the stack as root, which allowed it to bind to a privileged port (ie, "80"), where the site works, while it doesn't with the unprivileged port. Please see the screenshot below which highlights the missing port.

What works:

Taking the example files from nginx, Frontend, Backend, ZEO container example – Install – Containers – Examples of Plone 6 using containers — Plone Documentation v6.0
Run as root (ie, 'sudo podman-compose up -d').

What doesn't work:

Take the same example files, but modify the port and rewrite rules:
- listen 2080 default_server;
- rewrite ^/(++api++/?)+($|/.*) /VirtualHostBase/http/$server_name:2080/Plone/++api++/VirtualHostRoot/$2 break;
Run as an unprivileged user.

The latter results in two problems which I initially confused, but which are:

The wrong URL leads to the browser barfing due to a CORS error.
Even if the browser would not barf, it wouldn't work, because nothing is listening on the (implied) port.

For normal development, and actually also for normal operation, I would much appreciate if it were possible to run the stack without having to use 'root' privileges. Does anyone know where these URLs are being generated, eg. the relevant package name(s)?

tiberiuichim · December 5, 2023, 8:25pm

Without full configuration files and details about how things run it's difficult to say what goes wrong.

I find it odd that you're trying to run Plone using the "Deployment" configuration on your local machine. We usually run it "naked", with just Volto (the frontend) running on port 3000 and the Plone backend running from Docker.

Try to set a RAZZLE_API_PATH env var for the frontend service. How you do that, it depends on how you start that frontend. If you're running it "naked", outside of Docker, you can do it with:

env RAZZLE_API_PATH=http://localhost:2080/ yarn start

That assumes that you have the frontend fully ready to be developed (you have a nodejs development setup, etc).

muellert · December 5, 2023, 8:30pm

The differences posted are the only differences from the default configuration. But you also have a point in saying that I could develop without Nginx in front, then deploy later with the default configuration (not ideal, but would work). The thing is that I don't have a full local development setup, but am trying to figure out how to use the containerized configuration to develop, because I don't want to "import" all the non-standard versions of npm, yarn etc. directly into my system. Ie, I want to keep my system clean and confine the "deviations" requried by the Plone stack inside those containers. An alternative would be to set up a VM with all the nonstandard stuff and try to get things working there, but that feels a bit heavy-handed as well.

My preferred solution would still be to fix the VirtualHost handling thing, then eg. mount any local development stuff as volumes into those containers as appropriate, and then develop that way.

pigeonflight · December 5, 2023, 9:27pm

I had to do some "hacks" to do cloud-based development. Not sure if the approach still works:
For what it's worth, here it is: Tip: Running Volto on AWS Cloud9 you'll need to set a few env variables such as PORT