grist-core: [bug] Grist self-hosted is not compatible with SSL

Hi all and happy New Year!! Sorry to begin 2022 with a bug report ;o))

  1. I have taken advantage of the holidays to switch all our self-hosted applications to SSL, using Nginx Proxy Manager and the free Cloudflare infrastructure.
  2. Everything worked just fine for most of our apps except for Grist.
  3. I am using the very last version of Grist Core (continuously updated with Watchtower)
  4. When accessing Grist from the newly created https address I arrive an error page:

image

  1. If I click Go to man page, nothing happens
  2. If I select Sign in from the upper right menu, I get this error:

image

And the browser Console log says: Failed to load resource: the server responded with a status of 502 ()

Please help as I would like to allow other employees to access our main worksheets that have all been transferred to Grist.

PS. I can send you logs on your private email address if needed.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 22 (11 by maintainers)

Most upvoted comments

@paulfitz Removing the quotes to APP_HOME_URL=https://mydomain helps resolve the issue. The app works as expected. Many thanks.

+2
duythongle on Sep 3, 2023

@ovizii good point. We have an internal list for our hosted service, here’s a quick stab at pulling out the relevant parts.

Grist environment variables

Grist is sensitive to several environment variables. Here is a list:

Variable Purpose
APP_UNTRUSTED_URL URL to serve plugin content from, or where to expect to find it
GRIST_APP_ROOT directory containing Grist code, including subdirectories such as sandbox, static, and bower_components.
GRIST_DATA_DIR directory to search for document list.
GRIST_DOC_BUCKET s3 bucket where Grist documents are stored, for hosted Grist.
GRIST_DOMAIN in hosted Grist, Grist is served from subdomains of this domain. Defaults to “getgrist.com”.
GRIST_HOST hostname to use when listening on a port (not respected for electron).
GRIST_INST_DIR path to Grist instance configuration files, for Grist server.
GRIST_LOGIN_REDIRECT_HOST host of cognito-based login helper, if applicable (usually login.getgrist.com).
GRIST_MAX_UPLOAD_ATTACHMENT_MB Max allowed size for attachments (0 or empty for unlimited).
GRIST_MAX_UPLOAD_IMPORT_MB Max allowed size for imports (except .grist files) (0 or empty for unlimited).
GRIST_SESSION_COOKIE if set, overrides the name of grist’s cookie
GRIST_SESSION_DOMAIN if set, associates the cookie with the given domain - otherwise defaults to GRIST_DOMAIN
GRIST_SESSION_SECRET the key used to encode the session
GRIST_TAG internal grist urls are /v/<GRIST_TAG>/…
GRIST_TESTING_SOCKET a socket used for out-of-channel communication during tests only.
GRIST_TEST_HTTPS_OFFSET if set, adds https ports at the specified offset. This is useful in testing.
GRIST_TEST_SSL_CERT if set, contains filename of SSL certificate.
GRIST_TEST_SSL_KEY if set, contains filename of SSL private key.
GRIST_TEST_LOGIN allow fake unauthenticated test logins (suitable for dev environment only).
GRIST_USER_ROOT an extra path to look for plugins in.
HOME_PORT port number to listen on for REST API server; if set to “share”, add API endpoints to regular grist port.
PORT port number to listen on for Grist server
REDIS_URL optional redis server for browser sessions and db query caching
GOOGLE_CLIENT_ID set to the Google Client Id to be used with Google API client
GOOGLE_CLIENT_SECRET set to the Google Client Secret to be used with Google API client
GOOGLE_API_KEY set to the Google API Key to be used with Google API client (accessing public files)
GOOGLE_DRIVE_SCOPE set to the scope requested for Google Drive integration (defaults to drive.file)

Database variables:

Variable Purpose
TYPEORM_DATABASE database filename for sqlite or database name for other db types
TYPEORM_HOST host for db
TYPEORM_LOGGING set to ‘true’ to see all sql queries
TYPEORM_PASSWORD password to use
TYPEORM_PORT port number for db if not the default for that db type
TYPEORM_TYPE set to ‘sqlite’ or ‘postgres’
TYPEORM_USERNAME username to connect as

Grist hosting:

Variable Purpose
APP_DOC_URL doc worker url, set when starting an individual doc worker (other servers will find doc worker urls via redis)
APP_STATIC_URL url prefix for static resources (all servers need this)
APP_HOME_URL url prefix for home api (home and doc servers need this)
APP_DOC_PORT port to be used by an individual doc worker
APP_STATIC_PORT port to be used by an individual static server
APP_HOME_PORT port to be used by an individual home server
APP_DOC_START set to “1” if container should run a doc worker
APP_STATIC_START set to “1” if container should run a static server
APP_HOME_START set to “1” if container should run a home server
GRIST_ADAPT_DOMAIN set to “true” to support multiple base domains (careful, host header should be trustworthy)
GRIST_BACKUP_DELAY_SECS wait this long after a doc change before making a backup
GRIST_DEFAULT_EMAIL if set, login as this user if no other credentials presented
GRIST_ID_PREFIX for subdomains of form o-, expect/produce o-${GRIST_ID_PREFIX}.
GRIST_SINGLE_ORG set to an org “domain” to pin client to that org
GRIST_ORG_IN_PATH if true, encode org in path rather than domain
GRIST_HOME_INCLUDE_STATIC if set, home server also serves static resources
GRIST_ROUTER_URL optional url for an api that allows servers to be (un)registered with a load balancer
GRIST_MANAGED_WORKERS if set, Grist can assume that if a url targeted at a doc worker returns a 404, that worker is gone
GRIST_SERVE_SAME_ORIGIN set to “true” to access home server and doc workers on the same protocol-host-port as the top-level page, same as for custom domains (careful, host header should be trustworthy)
GRIST_SUPPORT_ANON if set to ‘true’, show UI for anonymous access (not shown by default)
GRIST_TEST_ROUTER if set, then the home server will serve a mock version of router api at /test/router
GRIST_THROTTLE_CPU if set, CPU throttling is enabled
GRIST_EXPERIMENTAL_PLUGINS enables experimental plugins

Sandbox related variables:

Variable Purpose
GRIST_SANDBOX_FLAVOR Can be pynbox, unsandboxed, docker, gvisor, macSandboxExec (note: not all options in grist-core). If set, forces Grist to use the specified kind of sandbox.
GRIST_SANDBOX A program or image name to run as the sandbox. See NSandbox.ts for nerdy details.
PYTHON_VERSION Can be 2 or 3. If set, documents without an engine setting are assumed to use the specified version of python. Not all sandboxes support all versions.
PYTHON_VERSION_ON_CREATION Can be 2 or 3. If set, newly created documents have an engine setting set to python2 or python3. Not all sandboxes support all versions.
+2
paulfitz on Jan 24, 2022

OK, will try and let you know

+1
asitemade4u on Jan 10, 2022
Read more comments on GitHub
← libtgvoip: audioClient->Initialize failed: HRESULT=0x80070057
grist-core: Issue: URL for published form throws an error →