Trying to install with docker, docker compose, SWAG, get nginx 502 Bad Gateway error

Technical Help
1

I’m trying to install baserow using the “all in one” image for docker, using docker compose, and SWAG as my reverse proxy. I got confused with the docs - excellent though they are - and 'm not sure if I need to set any environment variables, and if so, which. So I’ve just copied the docker compose file from the baserow docs into my own, and cobbled up a configuration file for SWAG (nginx). But I can’t access my baserow site.

I hope I’ve provided enough information below!

Many thanks,
Alasdair

Technical Help Questionnaire

Have you read and followed the instructions at: *READ ME FIRST* Technical Help FAQs - #2 by nigel ?

Answer: Yes I have

Self-Hosted Installation and Setup Questions

How have you self-hosted Baserow.

Docker (version 25.0.1, build 29cf629) and docker compose (version v2.24.2). I’m currently hosting several services: a blog (woefully neglected), immich (photo magement), mealie (recipe management), portainer, adminer, kanboard, all protected with SWAG reverse proxy providing LTS certificates from letsencrypt.

What are the specs of the service or server you are using to host Baserow.

Host OS is Ubuntu 20.04LTS server edition (so without any graphics), simply managed with ssh.
The output of the free command is

              total        used        free      shared  buff/cache   available
Mem:        3838324     2178084      161788      173136     1498452     1199124
Swap:        488276       63232      425044

All this is running as a VPS with 105Gb of space, of which 63Gb is currently used.

Which version of Baserow are you using.

My docker compose file is pulling version 1.23.0

How have you configured your self-hosted installation?

Here is my docker compose file (site URL has been partially changed to include mysite.net):

version: "3"

networks:
  adminer-network:
#  proxy:
#    external: true

services:
  swag:
    image: lscr.io/linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Australia/Melbourne
      - URL=mysite.net
      - SUBDOMAINS=mealie,portainer,adminer,kanboard,immich,baserow
      - VALIDATION=http
     # - CERTPROVIDER= #optional
      - DNSPLUGIN=cloudflare #optional
     # - DUCKDNSTOKEN=<token> #optional
      - EMAIL=redacted
      - ONLY_SUBDOMAINS=false #optional
     # - EXTRA_DOMAINS=<extradomains> #optional
     # - STAGING=false #optional
    volumes:
      - /home/me/Docker/swag:/config
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped

  adminer:
    image: adminer:latest
    container_name: adminer
    restart: unless-stopped # needed to restart service if it crash
    environment:
      - ADMINER_DEFAULT_SERVER=mariadb
    ports:
      - 8081:8080
#    networks:
#      - internal
#      - proxy
    depends_on:
      - mariadb
    networks:
      - adminer-network

  mariadb:
    image: mariadb:10.5 # for sql server, prefer to fix version. upgrade can destroy your databases.
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
#    networks:
#      - internal
    labels:
      - traefik.enable=false
    volumes:
      - mariadb_data:/var/lib/mysql
    networks:
      - adminer-network

  mealie:
    image: ghcr.io/mealie-recipes/mealie:v1.1.0 # 
    container_name: mealie
    ports:
        - "9091:9000" # 
    deploy:
      resources:
        limits:
          memory: 1000M # 
    volumes:
      - mealie-data:/app/data/
    environment:
    # Set Backend ENV Variables Here
      - ALLOW_SIGNUP=true
      - PUID=1000
      - PGID=1000
      - TZ=Australia/Melbourne
      - MAX_WORKERS=1
      - WEB_CONCURRENCY=1
      - BASE_URL=https://mealie.mysite.net
    restart: always    

  portainer:
    image: portainer/portainer-ce:latest
    restart: always # needed to restart service if it crash
    ports:
      - 9443:9443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - portainer_data:/data

  blog:
    image: nginx     #blog:latest
    container_name: blog
    restart: unless-stopped # needed to restart service if it crash
    volumes:
      - /home/me/Docker/blog:/usr/share/nginx/html

  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "immich" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.yml
    #   service: hwaccel
    command: [ "start.sh", "microservices" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    depends_on:
      - redis
      - database
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - model-cache:/cache
    env_file:
      - .env
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:c5a607fb6e1bb15d32bbcf14db22787d19e428d59e31a5da67511b49bb0f1ccc
    restart: always

  database:
    container_name: immich_postgres
    image: tensorchord/pgvecto-rs:pg14-v0.1.11@sha256:0335a1a22f8c5dd1b697f14f079934f5152eaaa216c09b61e293be285491f8ee
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    volumes:
      - pgdata:/var/lib/postgresql/data
    restart: always

  kanboard:
    container_name: kanboard
    image: kanboard/kanboard:latest
    ports:
      - "8080:80"
    volumes:
      - kanboard_data:/var/www/app/data
      - kanboard_plugins:/var/www/app/plugins
#      - kanboard_ssl:/etc/nginx/ssl
    environment:
      DATABASE_URL: mysql://kanboard:kanboard-secret@db/kanboard
      PLUGIN_INSTALLER: true
  db:
    image: mariadb:latest
    command: --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_ROOT_PASSWORD: secret
      MYSQL_DATABASE: kanboard
      MYSQL_USER: kanboard
      MYSQL_PASSWORD: kanboard-secret
    volumes:
    - db:/var/lib/mysql

  baserow:
    container_name: baserow
    image: baserow/baserow:1.23.0
    environment:
      BASEROW_PUBLIC_URL: 'https://baserow.mysite.net'
    ports:
      - "82:80"
    #  - "443:443"
    volumes:
      - /home/me/Docker/baserow_data:/baserow/data

volumes:
  portainer_data:
  kanboard_data:
    driver: local
  kanboard_plugins:
    driver: local
  db:
  mariadb_data:
  mealie-data:
    driver: local
  pgdata:
  model-cache:

The configuration file for SWAG: baserow.subdomain.conf is:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name baserow.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app baserow;
        set $upstream_port 82;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
}

This is similar to most of my other configuration files.

What commands if any did you use to start your Baserow server?

docker compose -f docker-compose.yml up -d
docker restart swag

Describe the problem

Simply, my site https.baserow.mysite.net is unreachable; attempts to access it result in an nginx 502 error.

Note that I have set up an ‘A’ site baserow.mysite.net with my domain name provider, so you can ping the site.

Provide screenshots or include share links showing:

How many rows in total do you have in your Baserow tables?

Note relevant at the moment, but the CSV files which contain the information have a toal of 5077 rows.

Please attach full logs from all of Baserow’s services

docker logs baserow produces 1468 lines … I have saved these to a file which I can send if you like.

2

Hi @amca01, I’m sorry to hear that you’re having some problems. At first sight, everything seems to be configured the right way. Would you mind sharing the output of docker logs baserow with me?

3

wThank you very much, Bram, for your offer of help. The log file is quite large, and would be best shared as an attachment. Either I can’t find out how to do this, or possibly as a newbie on this site I might be forbidden. So I’ll try to include it in this post below. Thank you again!

Also, here is the output of the tree command applied to my “baserow-data” directory, which I’ve set up as a bind mount instead of a docker volume. There are some owners I’ve never seen before!

tree
tree804×1056 114 KB

Note: I tried to include the entire log file in this post, to be told that “An error occurred: Body is limited to 32000 characters; you entered 261245.” Anyway, it starts like this:

e[32m [STARTUP][2024-03-10 22:52:14] e[32mNo DATABASE_HOST or DATABASE_URL provided, using embedded postgres.e[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mUsing embedded baserow redis as no REDIS_HOST or REDIS_URL provided. e[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mCreating REDIS_PASSWORD secret in /baserow/data/.redispasse[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mImporting REDIS_PASSWORD secret from /baserow/data/.redispasse[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mCreating SECRET_KEY secret in /baserow/data/.secrete[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mImporting SECRET_KEY secret from /baserow/data/.secrete[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mCreating BASEROW_JWT_SIGNING_KEY secret in /baserow/data/.jwt_signing_keye[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mImporting BASEROW_JWT_SIGNING_KEY secret from /baserow/data/.jwt_signing_keye[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mCreating DATABASE_PASSWORD secret in /baserow/data/.pgpasse[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:14] e[32mImporting DATABASE_PASSWORD secret from /baserow/data/.pgpasse[0m e(Be[m 
=========================================================================================

██████╗  █████╗ ███████╗███████╗██████╗  ██████╗ ██╗    ██╗
██╔══██╗██╔══██╗██╔════╝██╔════╝██╔══██╗██╔═══██╗██║    ██║
██████╔╝███████║███████╗█████╗  ██████╔╝██║   ██║██║ █╗ ██║
██╔══██╗██╔══██║╚════██║██╔══╝  ██╔══██╗██║   ██║██║███╗██║
██████╔╝██║  ██║███████║███████╗██║  ██║╚██████╔╝╚███╔███╔╝
╚═════╝ ╚═╝  ╚═╝╚══════╝╚══════╝╚═╝  ╚═╝ ╚═════╝  ╚══╝╚══╝

Version 1.23.0

=========================================================================================
Welcome to Baserow. See https://baserow.io/installation/install-with-docker/ for detailed instructions on 
how to use this Docker image.
e[32m [STARTUP][2024-03-10 22:52:14] e[32mRunning setup of embedded baserow database.e[0m e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:17] Becoming postgres superuser to run setup SQL commands: e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:17] CREATE DATABASE e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:17] CREATE ROLE e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:18] GRANT e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:18]  e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:18] PostgreSQL init process complete; ready for start up. e(Be[m 
e[32m [POSTGRES_INIT][2024-03-10 22:52:18]  e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:18] e[32mStarting Baserow using addresses https://baserow.numbersandshapes.net, if any are https automatically Caddy will attempt to setup HTTPS automatically.e[0m e(Be[m 
e[32m [STARTUP][2024-03-10 22:52:18] e[32mStarting all Baserow processes:e[0m e(Be[m 
2024-03-10 22:52:18,411 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2024-03-10 22:52:18,411 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
4

I’ve made the whole baserow log available as a Github Gist at

I hope it’s accessible!

Thanks again,
Alasdair

5

In fact I got it working, thanks to a tip off from a previous reported issue at
Remote ssl access with swag, let's encrypt and duckdns? - #3 by lemexicainendormi - Technical Help - Baserow
by changing “baserow” in my nginx config file to my IP address:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name baserow.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app <IP address here>;
        set $upstream_port 82;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

}

I don’t know why baserow only requires the IP address here, but it does!

Thanks for your encouragement,
Alasdair

6

Hi @amca01, glad to hear that you’ve been able to make it work! I also checked your logs, and everything started as expected, so I think you’re good to go.