I’m trying to use baserow with nginx as a reverse proxy but with many tries i still can’t figure it out (i can’t use caddy because i have a few other apps configured in nginx with certbot for ssl)
I’m using docker-compose.
Port 4443 is free for use.
This is my docker-compose.yml right now:
(i changed domain and pass data for example)
other lines with services where i only delete caddy lines.
I see all containers running from baserow healty but strange is that they dont have established ports so i think problem is with baserow ports and proxy pass ports.
Sorry for the lack of helpful docs/examples. This month we are working on adding more examples and simplifying the self-hosting process so it will hopefully be much smoother soon. To fix your problems I’ve gone into detail below:
The default docker-compose.yml currently only exposes the Caddy service ports and then uses that service to route requests to the internal services on the internal docker-compose default network. This is why you don’t see any of the other services exposing ports. If you instead want to use your own reverse proxy after removing Caddy I’ve provided a simplified docker-compose.yml below:
You need to pick a folder on your server to place files uploaded into Baserow, in the compose file below i’ve hardcoded this to /home/your_user/baserow_media in two places. Please change both places in the docker-compose.yml and also the in the example nginx.conf provided below.
version: "3.4"
# MAKE SURE YOU HAVE SET THE REQUIRED VARIABLES IN the .env FILE.configs:
services:
backend:
image: baserow/backend:1.10.0
ports:
- "${HOST_PUBLISH_IP:-127.0.0.1}:8000:8000"
env_file:
- .env
depends_on:
- db
- redis
volumes:
- /home/your_user/baserow_media:/baserow/media
web-frontend:
image: baserow/web-frontend:1.10.0
ports:
- "${HOST_PUBLISH_IP:-127.0.0.1}:3000:3000"
env_file:
- .env
depends_on:
- backend
celery:
image: baserow/backend:1.10.0
env_file:
.env
command: celery-worker
# The backend image's baked in healthcheck defaults to the django healthcheck
# override it to the celery one here.
healthcheck:
test: [ "CMD-SHELL", "/baserow/backend/docker/docker-entrypoint.sh celery-worker-healthcheck" ]
depends_on:
- backend
volumes:
- /home/your_user/baserow_media:/baserow/media
celery-export-worker:
image: baserow/backend:1.10.0
command: celery-exportworker
# The backend image's baked in healthcheck defaults to the django healthcheck
# override it to the celery one here.
healthcheck:
test: [ "CMD-SHELL", "/baserow/backend/docker/docker-entrypoint.sh celery-exportworker-healthcheck" ]
depends_on:
- backend
env_file:
.env
celery-beat-worker:
image: baserow/backend:1.10.0
command: celery-beat
# See https://github.com/sibson/redbeat/issues/129#issuecomment-1057478237
stop_signal: SIGQUIT
env_file:
- .env
depends_on:
- backend
db:
image: postgres:11.3
restart: unless-stopped
env_file:
- .env
environment:
- POSTGRES_USER=${DATABASE_USER:-baserow}
- POSTGRES_PASSWORD=${DATABASE_PASSWORD:?}
- POSTGRES_DB=${DATABASE_NAME:-baserow}
healthcheck:
test: [ "CMD-SHELL", "su postgres -c \"pg_isready -U ${DATABASE_USER:-baserow}\"" ]
interval: 10s
timeout: 5s
retries: 5
volumes:
- pgdata:/var/lib/postgresql/data
redis:
image: redis:6.0
command: redis-server --requirepass ${REDIS_PASSWORD:?}
env_file:
- .env
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
volumes:
pgdata:
Next, because you are using nginx I believe the following config will work, however I haven’t tested it and so it might contain typos etc, but hopefully gives an idea of what you need to change. The changes I’ve made are:
We need to route /api/ requests to the :8000 backend api container, now exposed on port 8000
We need to route /ws/ requests to the :8000 backend api port which handles ws connections also. We also need to upgrade this to support ws.
We need to route /media/ requests to the folder you have configured for Baserow file uploads to be placed.
We need to route all other requests to the web-frontend container now exposed at port :3000
server {
server_name subdomain.domain.pl;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_pass http://localhost:3000;
}
location ~ ^/(api|ws)/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:8000;
}
location /media/ {
if ($arg_dl) {
add_header Content-disposition "attachment; filename=$arg_dl";
}
# TODO CHANGE TO THE MEDIA FOLDER USED IN THE docker-compose.yml
root /home/your_user/baserow_media;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/subdomain.domain.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = subdomain.domain.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name subdomain.domain.pl;
listen 80;
return 404; # managed by Certbot
}
