Vikunja and cloudflare tunnel register/login not possible

Support
1

Hi,

I have been using Vikunja in combination with Traefik2 for a while now.
Since I want to switch to cloudflare tunnel, I set up a test instance for myself.
Unfortunately I already fail with an http 405 error when I try to register.

This is my docker-compose.yaml:

version: '3'

services:
  api:
    image: vikunja/api:latest
    container_name: vikunja-api
    environment:
      VIKUNJA_DATABASE_HOST: db
      VIKUNJA_DATABASE_PASSWORD: XXX
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: vikunja
      VIKUNJA_DATABASE_DATABASE: vikunja
      VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
      VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
      VIKUNJA_SERVICE_FRONTENDURL: http://vikunja.myurl.de/
      VIKUNJA_SERVICE_ENABLEREGISTRATION: 1
      #VIKUNJA_MAILER_PASSWORD: XXX
    labels:
      - "com.centurylinklabs.watchtower.monitor-only=true"  
    volumes: 
      - /home/buddy/vikunja/files:/app/vikunja/files
    depends_on:
      - db
    restart: unless-stopped
  
  frontend:
    image: vikunja/frontend:latest
    container_name: vikunja
    restart: unless-stopped
    ports:
        - 8160:80
    labels:
      - "com.centurylinklabs.watchtower.monitor-only=true"

  db:
    image: mariadb:10
    container_name: vikunja-db
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: XXX
      MYSQL_USER: vikunja
      MYSQL_PASSWORD: XXX
      MYSQL_DATABASE: vikunja
    volumes:
      - /home/buddy/vikunja/db:/var/lib/mysql
    restart: unless-stopped

Can anyone tell me what I am doing wrong?
I can’t get to the /api/v1 unfortunately, because that redirects me to the /login page.

vikunja     | 172.30.0.1 - - [10/Mar/2023:19:01:49 +0000] "GET / HTTP/1.1" 200 2078 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja     | 172.30.0.1 - - [10/Mar/2023:19:01:50 +0000] "GET /api/v1/info HTTP/1.1" 200 2078 "https://vikunja.myurl.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja     | 172.30.0.1 - - [10/Mar/2023:19:02:10 +0000] "POST /api/v1/register HTTP/1.1" 405 157 "https://vikunja.myurl.de/register" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja     | 172.30.0.1 - - [10/Mar/2023:19:06:32 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja     | 172.30.0.1 - - [10/Mar/2023:19:06:32 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"

Best regards,
Buddinski88

2

It looks like you don’t expose the api container. The api must be reachable from the browser you’re using to browse the frontend. Check out the examples: Full docker example | Vikunja

What’s the deal with cloudflare tunnel?

3

Thank you for your fast response. Is this also nessary if i don’t use the nginx proxy?

I want to use a cloudflare tunnel because i have a lot of issues with vikunja + traefik2. Every few days i have to restart vikunja multiple times to get it to work.

4

To be honest i am not sure what i have to change :frowning:

5

Yes.

I doubt that’s caused by traefik or solved by Cloudflare Tunnel. Can you share the config used for that? What do you see in the logs when it restarts?

6

This is my current docker-compose.yaml für the cloudflare tunnel solution:

version: '3'

services:
  api:
    image: vikunja/api:latest
    container_name: vikunja-api
    environment:
      VIKUNJA_DATABASE_HOST: db
      VIKUNJA_DATABASE_PASSWORD: SECRET
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: vikunja
      VIKUNJA_DATABASE_DATABASE: vikunja
      VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
      VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
      VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
      VIKUNJA_SERVICE_FRONTENDURL: http://vikunja.myurl.de/
      VIKUNJA_SERVICE_ENABLEREGISTRATION: 1
    ports:
      - 3456:3456
    labels:
      - "com.centurylinklabs.watchtower.monitor-only=true"  
    volumes: 
      - /home/buddy/vikunja/files:/app/vikunja/files
    depends_on:
      - db
    restart: unless-stopped
  
  frontend:
    image: vikunja/frontend:latest
    container_name: vikunja
    restart: unless-stopped
    ports:
        - 8160:80
    environment:
      VIKUNJA_API_URL: http://vikunja.myurl.de/api/v1
    labels:
      - "com.centurylinklabs.watchtower.monitor-only=true"

  db:
    image: mariadb:10
    container_name: vikunja-db
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: SECRET
      MYSQL_USER: vikunja
      MYSQL_PASSWORD: SECRET
      MYSQL_DATABASE: vikunja
    volumes:
      - /home/buddy/vikunja/db:/var/lib/mysql
    restart: unless-stopped

An this is it for the traeffik2 version:

version: '3'

services:
  api:
    image: vikunja/api:latest
    container_name: vikunja-api
    environment:
      VIKUNJA_DATABASE_HOST: db
      VIKUNJA_DATABASE_PASSWORD: SECRET
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: vikunja
      VIKUNJA_DATABASE_DATABASE: vikunja
      #VIKUNJA_MIGRATION_MICROSOFTTODO_ENABLE: 1
      #VIKUNJA_MIGRATION_MICROSOFTTODO_CLIENTID: SECRET
      #VIKUNJA_MIGRATION_MICROSOFTTODO_CLIENTSECRET: SECRET
      #VIKUNJA_MIGRATION_MICROSOFTTODO_REDIRECTURL: https://vikunja.myurl.de/migrate/microsoft-todo
      VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
      VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
      VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
      VIKUNJA_SERVICE_FRONTENDURL: https://vikunja.my-url.de/
      VIKUNJA_SERVICE_ENABLEREGISTRATION: 0
      VIKUNJA_MAILER_FROMEMAIL: mail@myurl.de
      VIKUNJA_MAILER_ENABLED: 1
      VIKUNJA_MAILER_FORCESSL: 1
      VIKUNJA_MAILER_HOST: SECRET
      VIKUNJA_MAILER_PORT: 465
      VIKUNJA_MAILER_USERNAME:SECRET
      VIKUNJA_MAILER_PASSWORD: SECRET # has to be changed
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vikunja-api.rule=Host(`vikunja.myurl.de`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)"
      - "traefik.http.routers.vikunja-api.entrypoints=https"
      - "traefik.http.routers.vikunja-api.tls.certResolver=cloudflare"
      - "com.centurylinklabs.watchtower.monitor-only=true"  
    volumes: 
      - /home/buddy/vikunja/files:/app/vikunja/files
    depends_on:
      - db
    restart: unless-stopped
    networks:
      - internal
      - proxy
  
  frontend:
    image: vikunja/frontend:latest
    container_name: vikunja
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.myurl.de`)"
      - "traefik.http.routers.vikunja-frontend.entrypoints=https"
      - "traefik.http.routers.vikunja-frontend.tls.certResolver=cloudflare"
      - "com.centurylinklabs.watchtower.monitor-only=true"
    networks:
      - internal
      - proxy

  db:
    image: mariadb:10
    container_name: vikunja-db
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: SECRET
      MYSQL_USER: vikunja
      MYSQL_PASSWORD: SECRET
      MYSQL_DATABASE: vikunja
    volumes:
      - /home/buddy/vikunja/db:/var/lib/mysql
    restart: unless-stopped
    networks:
     - internal
     - proxy
  
networks:
  internal:
    external: false
  proxy:
    external: true

Unfortunately I do not have logs when there are problems with traeffik.
I would like to get this running with cloudflare tunnel.

7

That looks like it should work. Does it?
You need to change VIKUNJA_API_URL to the ip or domain name where you can reach the api though. Since you’re exposing port 3456 directly that’s something like http://vikunja.myurl.de:3456/api/v1

8

Unfortunately, it does not work then either:

vikunja     | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /api/v1/info HTTP/1.1" 200 1434 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja     | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja     | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /manifest.webmanifest HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "91.15.148.58"
vikunja     | 172.31.0.1 - - [11/Mar/2023:10:00:08 +0000] "GET /sw.js HTTP/1.1" 200 8469 "https://vikunja.myurl.de/sw.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja     | 172.31.0.1 - - [11/Mar/2023:10:00:30 +0000] "POST /api/v1/register HTTP/1.1" 405 552 "https://vikunja.myurl.de/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"

It cuts off the port in the log.
When I enter the URL manually it doesn’t come in the log and it just loads.

image
image2560×1252 234 KB

9

It looks like you’re trying to access the Vikunja api via https. That’s not supported by the api itself, you’ll need a proxy (like traefik) to access the api via https. Does it work via http?

Does Cloudflare tunnel work with ports other than 80 or 443?

10

No without http it also no working or to be more precise it redirects to https.

Regaring to the question about the ports. I was not able to find a concrete answer. What everybody can to is to refer internally to a port e.g. http://192.168.178.X:3456

11

Does it work with curl? Maybe the browser cached an https redirect.

12

I have cleared the cache and am currently sitting on a completely new computer (VM).
Unfortunately, this has not solved the problem.

How can I test this with curl and what specifically should I do? Sorry with the topic I have not had any contact yet.

13

Something like curl http://vikunja.myurl.de:3456/api/v1/info should give you the http info.

curl -I http://vikunja.myurl.de:3456/api/v1 should tell you whether it redirects or not.

14

Thanks for the info. Unfortunately, he doesn’t find anything with the port. Is that even possible in connection with a URL?

I once made the following queries with the tunnel variant.

curl -I http://vikunja.myurl.de/api/v1 
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Mar 2023 12:07:06 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 Mar 2023 13:07:06 GMT
Location: https://vikunja.myurl.de/api/v1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QS0mMh0gWiq%2Fj3Rh674hpijTTGifCWD%2FHFfk1gxgrNCwF%2FeW0EQViEignsKgsGokkmPkSYcFqUXgO6SwbTMtLfdQCIqTIUxBNmSNWCVxZcWS1By%2BQcRU5JiCqMBPnoTvvLjJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a84a2579d1f0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
curl -I http://vikunja.myurl.de/api/v1/info 
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Mar 2023 12:06:50 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 Mar 2023 13:06:50 GMT
Location: https://vikunja.myurl.de/api/v1/info
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5zlKvanJkEknt5VwjrG4YBeqoYz%2FXfJxeWC%2B1hpfbXQy9NGmonR1SUArofm8dzV%2BtjL0YcycaQ0FkD7R7klpBvnkFr3wxSj8qTotDtcU075jYHdahoEqebT9aMykvPGpNCU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a84a1f7b96f1c7e-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
curl -I https://vikunja.myurl.de/api/v1 
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl -I https://vikunja.myurl.de/api/v1/info 
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I just can’t find the issue :frowning:

15

You mean domain + port? Sure. A domain does not make any assumptions about ports or protocols, it only provides a resolution from “human readable name” to “ip address”.

I suggest you change this into 2 parts:

  1. Get Vikunja running locally and accessible from the host running it or your local network. You should be able to check that in a browser.
  2. Expose it over Cloudflare Tunnel. I don’t know anything about that, so I can’t really help you there. You might want to ask about it in Cloudflare’s forums.