2

I have a project started with Cookiecutter Django and I'm currently adding WeasyPrint to serve some views as PDF files. This is working fine on development. Cookiecutter Django is using Caddy as the HTTP server. I'm having errors on production due I can't access to files through its absolute URL from inside the Django docker instance.

From inside the Django docker instance, this does not work:

$ curl https://myowndomain.com
curl: (7) Failed to connect to myowndomain.com port 443: Connection timed out

But this does:

$ curl https://www.google.com

From outside the Django docker instance both curl commands are working OK.

My Caddyfile:

myowndomain.com {
    proxy / django:5000 {
        header_upstream Host {host}
        header_upstream X-Real-IP {remote}
        header_upstream X-Forwarded-Proto {scheme}
        except /media
        transparent
    }

    log stdout
    errors stdout
    gzip

    header / {
        # Don't show Caddy/Gunicorn as server header.
        -Server

        # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS (do not use if only testing)
        Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

        # Only send Referer header to same origin.
        # Django CSRF protection is incompatible with referrer policy set to none.
        Referrer-Policy "same-origin"

        # Enable cross-site filter (XSS) and tell browser to block detected attacks.
        X-XSS-Protection "1; mode=block"

        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
        X-Content-Type-Options "nosniff"
    }
}

Is there something I need to set? Am I missing something?

Tadeo
  • 431
  • 7
  • 11
  • Hi @Tadeo - so the connection would time out in this fashion because the port is likely closed and not receiving a connection - are you using nginx as your proxy server? – Micheal J. Roberts Feb 07 '20 at 12:45
  • @WindUpLordVexxos Thanks for your comment. I'm using [Caddy server](https://caddyserver.com/), not Nginx – Tadeo Feb 09 '20 at 21:15
  • Hmmmm, I’m not as aux fait with caddy server...it should be a case of port opening tho... – Micheal J. Roberts Feb 10 '20 at 09:43
  • That was my first thought, but as far as I can curl external https:// URLs from the Django container and as I can curl the https://myowndomain.com from the outside, the problem seems to be related to the DNS resolution inside the docker container. Thanks for your help! – Tadeo Feb 11 '20 at 15:34
  • Could you add your caddy server config here please... – Micheal J. Roberts Feb 11 '20 at 15:35
  • @WindUpLordVexxos I've added the Caddyfile content – Tadeo Feb 13 '20 at 18:09
  • @Tadeo Hey, have you found a solution for this, please? – coredumped0x Dec 03 '21 at 20:11
  • @MurphyAdam Regarding curling from inside the docker container, currently I'm being able to curl the same domain, receiving empty response content instead of the timeout error. Caddy version upgraded from 0.10.6 to 0.11.5 after I posted this question. Regarding WeasyPrint error in production, looking at the git log I solved it a few days after I posted this question adding `WEASYPRINT_BASEURL=''` in settings/base.py. I hope this can help someone. – Tadeo Jan 20 '22 at 13:53

1 Answers1

0

probably in development it use http on port 80 and in production it use https on port 443. In the docker-compose.yml or when you invoke docker do you expose port 443?

Riccardo Degan
  • 26
  • 2
  • Yes, I have "0.0.0.0:80:80" and "0.0.0.0:443:443" declared under the 'Caddy / ports' section of the docker-compose.yml in production. In fact the site is accesible from outside the Django docker container, and other https URLs are accesible from inside it. – Tadeo Jul 02 '18 at 03:49