Hi,
I have been using Vikunja in combination with Traefik2 for a while now.
Since I want to switch to cloudflare tunnel, I set up a test instance for myself.
Unfortunately I already fail with an http 405 error when I try to register.
This is my docker-compose.yaml:
version: '3'
services:
api:
image: vikunja/api:latest
container_name: vikunja-api
environment:
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: XXX
VIKUNJA_DATABASE_TYPE: mysql
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
VIKUNJA_SERVICE_FRONTENDURL: http://vikunja.myurl.de/
VIKUNJA_SERVICE_ENABLEREGISTRATION: 1
#VIKUNJA_MAILER_PASSWORD: XXX
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
volumes:
- /home/buddy/vikunja/files:/app/vikunja/files
depends_on:
- db
restart: unless-stopped
frontend:
image: vikunja/frontend:latest
container_name: vikunja
restart: unless-stopped
ports:
- 8160:80
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
db:
image: mariadb:10
container_name: vikunja-db
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: XXX
MYSQL_USER: vikunja
MYSQL_PASSWORD: XXX
MYSQL_DATABASE: vikunja
volumes:
- /home/buddy/vikunja/db:/var/lib/mysql
restart: unless-stopped
Can anyone tell me what I am doing wrong?
I can’t get to the /api/v1 unfortunately, because that redirects me to the /login page.
vikunja | 172.30.0.1 - - [10/Mar/2023:19:01:49 +0000] "GET / HTTP/1.1" 200 2078 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja | 172.30.0.1 - - [10/Mar/2023:19:01:50 +0000] "GET /api/v1/info HTTP/1.1" 200 2078 "https://vikunja.myurl.de/" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja | 172.30.0.1 - - [10/Mar/2023:19:02:10 +0000] "POST /api/v1/register HTTP/1.1" 405 157 "https://vikunja.myurl.de/register" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja | 172.30.0.1 - - [10/Mar/2023:19:06:32 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
vikunja | 172.30.0.1 - - [10/Mar/2023:19:06:32 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.2 Mobile/15E148 Safari/604.1" "XX.XX.XX.XX"
Best regards,
Buddinski88
It looks like you don’t expose the api container. The api must be reachable from the browser you’re using to browse the frontend. Check out the examples: Full docker example | Vikunja
What’s the deal with cloudflare tunnel?
Thank you for your fast response. Is this also nessary if i don’t use the nginx proxy?
I want to use a cloudflare tunnel because i have a lot of issues with vikunja + traefik2. Every few days i have to restart vikunja multiple times to get it to work.
To be honest i am not sure what i have to change 
Yes.
I doubt that’s caused by traefik or solved by Cloudflare Tunnel. Can you share the config used for that? What do you see in the logs when it restarts?
This is my current docker-compose.yaml für the cloudflare tunnel solution:
version: '3'
services:
api:
image: vikunja/api:latest
container_name: vikunja-api
environment:
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: SECRET
VIKUNJA_DATABASE_TYPE: mysql
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
VIKUNJA_SERVICE_FRONTENDURL: http://vikunja.myurl.de/
VIKUNJA_SERVICE_ENABLEREGISTRATION: 1
ports:
- 3456:3456
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
volumes:
- /home/buddy/vikunja/files:/app/vikunja/files
depends_on:
- db
restart: unless-stopped
frontend:
image: vikunja/frontend:latest
container_name: vikunja
restart: unless-stopped
ports:
- 8160:80
environment:
VIKUNJA_API_URL: http://vikunja.myurl.de/api/v1
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
db:
image: mariadb:10
container_name: vikunja-db
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: SECRET
MYSQL_USER: vikunja
MYSQL_PASSWORD: SECRET
MYSQL_DATABASE: vikunja
volumes:
- /home/buddy/vikunja/db:/var/lib/mysql
restart: unless-stopped
An this is it for the traeffik2 version:
version: '3'
services:
api:
image: vikunja/api:latest
container_name: vikunja-api
environment:
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: SECRET
VIKUNJA_DATABASE_TYPE: mysql
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
#VIKUNJA_MIGRATION_MICROSOFTTODO_ENABLE: 1
#VIKUNJA_MIGRATION_MICROSOFTTODO_CLIENTID: SECRET
#VIKUNJA_MIGRATION_MICROSOFTTODO_CLIENTSECRET: SECRET
#VIKUNJA_MIGRATION_MICROSOFTTODO_REDIRECTURL: https://vikunja.myurl.de/migrate/microsoft-todo
VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: 1
VIKUNJA_SERVICE_ENABLETASKCOMMENTS: 1
VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: 1
VIKUNJA_SERVICE_FRONTENDURL: https://vikunja.my-url.de/
VIKUNJA_SERVICE_ENABLEREGISTRATION: 0
VIKUNJA_MAILER_FROMEMAIL: mail@myurl.de
VIKUNJA_MAILER_ENABLED: 1
VIKUNJA_MAILER_FORCESSL: 1
VIKUNJA_MAILER_HOST: SECRET
VIKUNJA_MAILER_PORT: 465
VIKUNJA_MAILER_USERNAME:SECRET
VIKUNJA_MAILER_PASSWORD: SECRET # has to be changed
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja-api.rule=Host(`vikunja.myurl.de`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)"
- "traefik.http.routers.vikunja-api.entrypoints=https"
- "traefik.http.routers.vikunja-api.tls.certResolver=cloudflare"
- "com.centurylinklabs.watchtower.monitor-only=true"
volumes:
- /home/buddy/vikunja/files:/app/vikunja/files
depends_on:
- db
restart: unless-stopped
networks:
- internal
- proxy
frontend:
image: vikunja/frontend:latest
container_name: vikunja
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.myurl.de`)"
- "traefik.http.routers.vikunja-frontend.entrypoints=https"
- "traefik.http.routers.vikunja-frontend.tls.certResolver=cloudflare"
- "com.centurylinklabs.watchtower.monitor-only=true"
networks:
- internal
- proxy
db:
image: mariadb:10
container_name: vikunja-db
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: SECRET
MYSQL_USER: vikunja
MYSQL_PASSWORD: SECRET
MYSQL_DATABASE: vikunja
volumes:
- /home/buddy/vikunja/db:/var/lib/mysql
restart: unless-stopped
networks:
- internal
- proxy
networks:
internal:
external: false
proxy:
external: true
Unfortunately I do not have logs when there are problems with traeffik.
I would like to get this running with cloudflare tunnel.
That looks like it should work. Does it?
You need to change VIKUNJA_API_URL to the ip or domain name where you can reach the api though. Since you’re exposing port 3456 directly that’s something like http://vikunja.myurl.de:3456/api/v1
Unfortunately, it does not work then either:
vikunja | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /api/v1/info HTTP/1.1" 200 1434 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /api/v1/info HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja | 172.31.0.1 - - [11/Mar/2023:10:00:06 +0000] "GET /manifest.webmanifest HTTP/1.1" 304 0 "https://vikunja.myurl.de/api/v1/info" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "91.15.148.58"
vikunja | 172.31.0.1 - - [11/Mar/2023:10:00:08 +0000] "GET /sw.js HTTP/1.1" 200 8469 "https://vikunja.myurl.de/sw.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
vikunja | 172.31.0.1 - - [11/Mar/2023:10:00:30 +0000] "POST /api/v1/register HTTP/1.1" 405 552 "https://vikunja.myurl.de/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "XX.XX.XX.XX"
It cuts off the port in the log.
When I enter the URL manually it doesn’t come in the log and it just loads.
It looks like you’re trying to access the Vikunja api via https. That’s not supported by the api itself, you’ll need a proxy (like traefik) to access the api via https. Does it work via http?
Does Cloudflare tunnel work with ports other than 80 or 443?
No without http it also no working or to be more precise it redirects to https.
Regaring to the question about the ports. I was not able to find a concrete answer. What everybody can to is to refer internally to a port e.g. http://192.168.178.X:3456
Does it work with curl? Maybe the browser cached an https redirect.
I have cleared the cache and am currently sitting on a completely new computer (VM).
Unfortunately, this has not solved the problem.
How can I test this with curl and what specifically should I do? Sorry with the topic I have not had any contact yet.
Something like curl http://vikunja.myurl.de:3456/api/v1/info should give you the http info.
curl -I http://vikunja.myurl.de:3456/api/v1 should tell you whether it redirects or not.
Thanks for the info. Unfortunately, he doesn’t find anything with the port. Is that even possible in connection with a URL?
I once made the following queries with the tunnel variant.
curl -I http://vikunja.myurl.de/api/v1
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Mar 2023 12:07:06 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 Mar 2023 13:07:06 GMT
Location: https://vikunja.myurl.de/api/v1
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QS0mMh0gWiq%2Fj3Rh674hpijTTGifCWD%2FHFfk1gxgrNCwF%2FeW0EQViEignsKgsGokkmPkSYcFqUXgO6SwbTMtLfdQCIqTIUxBNmSNWCVxZcWS1By%2BQcRU5JiCqMBPnoTvvLjJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a84a2579d1f0a6b-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
curl -I http://vikunja.myurl.de/api/v1/info
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Mar 2023 12:06:50 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 Mar 2023 13:06:50 GMT
Location: https://vikunja.myurl.de/api/v1/info
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o5zlKvanJkEknt5VwjrG4YBeqoYz%2FXfJxeWC%2B1hpfbXQy9NGmonR1SUArofm8dzV%2BtjL0YcycaQ0FkD7R7klpBvnkFr3wxSj8qTotDtcU075jYHdahoEqebT9aMykvPGpNCU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7a84a1f7b96f1c7e-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
curl -I https://vikunja.myurl.de/api/v1
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
curl -I https://vikunja.myurl.de/api/v1/info
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I just can’t find the issue
You mean domain + port? Sure. A domain does not make any assumptions about ports or protocols, it only provides a resolution from “human readable name” to “ip address”.
I suggest you change this into 2 parts:
- Get Vikunja running locally and accessible from the host running it or your local network. You should be able to check that in a browser.
- Expose it over Cloudflare Tunnel. I don’t know anything about that, so I can’t really help you there. You might want to ask about it in Cloudflare’s forums.
