Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker: HTTPS upgrade issues #1137

Open
sNiXx opened this issue Dec 10, 2024 · 4 comments
Open

Docker: HTTPS upgrade issues #1137

sNiXx opened this issue Dec 10, 2024 · 4 comments
Assignees
@kartik-212004
Labels
bug Something isn't working version-2.4
Milestone
Version 2.4

Comments

@sNiXx
Copy link

sNiXx commented Dec 10, 2024

Describe the bug:
When running the application in a Docker environment, the container comes up, but when visiting the URL, the page stays blank. Using developer tools, I can see several errors (also see screenshots below) that are related to attempts to upgrade to https.

I was eventually able to figure out how to run a container using docker compose, but I think the documentation could be improved here. This was quite a frustrating experience to be honest 😢

Expected behaviour:
I expect the page to show the Threat Dragon dashboard.

Environment:

  • Version: 2.3.0 (also tried 2.2.0)
  • Platform: Web App
  • OS: Linux
  • Browser: Firefox, Brave

To Reproduce:
Run the container with the following compose file and .env file (secrets removed)

docker-compose.yml

services:
  threatdragon:
    image: owasp/threat-dragon:v2.3.0
    container_name: threatdragon
    ports:
      - 8060:3000
    restart: always
    env_file: threatdragon.env

.env

NODE_ENV=development
SERVER_API_PROTOCOL=http
LOG_LEVEL=debug
ENCRYPTION_KEYS='[{"isPrimary": true, "id": 0, "value": "somekey1"}]'
ENCRYPTION_JWT_SIGNING_KEY=somekey2
ENCRYPTION_JWT_REFRESH_SIGNING_KEY=somekey3

command:

docker compose -f threatdragon_docker-compose.yml --env-file threatdragon.env up

Any additional context, screenshots, etc:
TD001

TD002
@sNiXx sNiXx added the bug Something isn't working label Dec 10, 2024
@kartik-212004
Copy link

I'm interested in working on this issue and would appreciate being assigned to it.

@jgadsden jgadsden added this to the Version 2.4 milestone Dec 12, 2024
@jgadsden
Copy link
Collaborator

thanks @kartik-212004 for taking this on, and I think you reported the same problem in the slack channel?

@jgadsden
Copy link
Collaborator

@sNiXx many thanks for reporting this. I expect that the solution is in your line

SERVER_API_PROTOCOL=http

in the run through of using the docker image we use HTTP between front end and server - which makes sense as they are both in the same container

I agree the documentation needs updating and more clarification, and any contributions are very welcome in that respect (we are all unpaid volunteers doing this in our spare time)

@sNiXx
Copy link
Author

sNiXx commented Dec 12, 2024
edited
Loading

@jgadsden I am not sure I follow. You are stating a problem, but not giving a solution?

Is there anything wrong with my compose or env file? Because I was not sure what you mean, I removed

SERVER_API_PROTOCOL=http

from the env file, so it should default to https, which clearly fails, because there is no way to define a certificate to be used (see #1098)

EDIT: I am wondering if it has to do with modern browser settings? If I run the exact same command on my dev machine and access the container via localhost, the dashboard loads just fine.
EDIT2: I can confirm this is an issue with the application. When i fully disable CSP (using this browser extension), the UI loads just fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kartik-212004 kartik-212004

Labels
bug Something isn't working version-2.4
Projects
None yet
Milestone
Version 2.4
Development

No branches or pull requests
3 participants
@sNiXx @jgadsden @kartik-212004