https://cal.com logo
#general
Title
# general
t

Torsten Kröger

05/10/2022, 1:22 PM
Hi, do you have any idea what is wrong with my configuration? I am trying to get a self hosted cal.com running with SSL behind a nginx reverse proxy. The DNS A record points to the IP of my server of course. This is my nginx config:
Copy code
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name <http://mysubdomain.mydomain.com|mysubdomain.mydomain.com>;

    ssl_certificate           <path_to_cert>;
    ssl_certificate_key       <path_to_key>;

#    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass <http://localhost:3000>;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;

    }

}
And this are the parameters from my
.env
:
Copy code
NEXT_PUBLIC_WEBAPP_URL='<https://mysubdomain.mydomain.com>'
NEXT_PUBLIC_WEBSITE_URL='<https://mysubdomain.mydomain.com>'
NEXT_PUBLIC_EMBED_LIB_URL='<https://mysubdomain.mydomain.com>'
NEXTAUTH_URL='<https://mysubdomain.mydomain.com>'
yarn dev
shows:
Copy code
yarn dev shows:
@calcom/web:dev: cache miss, executing a9157bc125d0929e
@calcom/web:dev: $ next dev
@calcom/web:dev: ready - started server on 0.0.0.0:3000, url: <http://localhost:3000>
@calcom/web:dev: info  - automatically enabled Fast Refresh for 1 custom loader
@calcom/web:dev: event - compiled client and server successfully in 1394 ms (416 modules)
@calcom/web:dev: wait  - compiling / (client and server)...
@calcom/web:dev: event - compiled client and server successfully in 334 ms (421 modules)
@calcom/web:dev: [next-auth][error][CLIENT_FETCH_ERROR]
@calcom/web:dev: <https://next-auth.js.org/errors#client_fetch_error> request to <https://mysubdomain.mydomain.com/api/auth/session> failed, reason: connect ETIMEDOUT 35.246.230.105:443 {
@calcom/web:dev:   error: {
@calcom/web:dev:     message: 'request to <https://mysubdomain.mydomain.com/api/auth/session> failed, reason: connect ETIMEDOUT 35.246.230.105:443',
@calcom/web:dev:     stack: 'FetchError: request to <https://mysubdomain.mydomain.com/api/auth/session> failed, reason: connect ETIMEDOUT 35.246.230.105:443\n' +
@calcom/web:dev:       '    at ClientRequest.<anonymous> (/opt/cal.com/node_modules/next/dist/compiled/node-fetch/index.js:1:64142)\n' +
@calcom/web:dev:       '    at ClientRequest.emit (events.js:400:28)\n' +
@calcom/web:dev:       '    at ClientRequest.emit (domain.js:475:12)\n' +
@calcom/web:dev:       '    at TLSSocket.socketErrorListener (_http_client.js:475:9)\n' +
@calcom/web:dev:       '    at TLSSocket.emit (events.js:400:28)\n' +
@calcom/web:dev:       '    at TLSSocket.emit (domain.js:475:12)\n' +
@calcom/web:dev:       '    at emitErrorNT (internal/streams/destroy.js:106:8)\n' +
@calcom/web:dev:       '    at emitErrorCloseNT (internal/streams/destroy.js:74:3)\n' +
@calcom/web:dev:       '    at processTicksAndRejections (internal/process/task_queues.js:82:21)',
@calcom/web:dev:     name: 'FetchError'
@calcom/web:dev:   },
@calcom/web:dev:   path: 'session',
@calcom/web:dev:   header: {
@calcom/web:dev:     connection: 'upgrade',
@calcom/web:dev:     host: '<http://mysubdomain.mydomain.com|mysubdomain.mydomain.com>',
@calcom/web:dev:     'x-real-ip': '89.244.102.106',
@calcom/web:dev:     'x-forwarded-for': '89.244.102.106',
@calcom/web:dev:     'x-forwarded-proto': 'https',
@calcom/web:dev:     'x-forwarded-host': '<http://mysubdomain.mydomain.com|mysubdomain.mydomain.com>',
@calcom/web:dev:     'x-forwarded-port': '443',
@calcom/web:dev:     'upgrade-insecure-requests': '1',
@calcom/web:dev:     'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36',
@calcom/web:dev:     accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
@calcom/web:dev:     'sec-fetch-site': 'none',
@calcom/web:dev:     'sec-fetch-mode': 'navigate',
@calcom/web:dev:     'sec-fetch-user': '?1',
@calcom/web:dev:     'sec-fetch-dest': 'document',
@calcom/web:dev:     'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"',
@calcom/web:dev:     'sec-ch-ua-mobile': '?0',
@calcom/web:dev:     'sec-ch-ua-platform': '"macOS"',
@calcom/web:dev:     'accept-encoding': 'gzip, deflate, br',
@calcom/web:dev:     'accept-language': 'de-DE,de;q=0.9'
@calcom/web:dev:   },
@calcom/web:dev:   message: 'request to <https://mysubdomain.mydomain.com/api/auth/session> failed, reason: connect ETIMEDOUT 35.246.230.105:443'
@calcom/web:dev: }
After changing .env to
Copy code
NEXT_PUBLIC_WEBAPP_URL='<http://localhost:3000>'
NEXT_PUBLIC_WEBSITE_URL='<https://mysubdomain.mydomain.com>'
NEXT_PUBLIC_EMBED_LIB_URL='<https://mysubdomain.mydomain.com>'
NEXTAUTH_URL='<http://localhost:3000>'
the login screen loads, but if I try to login I am redirected to
<http://localhost:3000/>
Which of course does not work. If I then go back one page in the browser and then reload, I end up at https://mysubdomain.mydomain.com/event-types
Of course, this is not practical and you can't work reliably with it either. Any ideas?
s

Sydney O

05/10/2022, 2:01 PM
@zomars, @Peer or @Bailey can help you out!
z

zomars

05/10/2022, 2:04 PM
if your running a production build you should first
yarn build
and then
yarn start
t

Torsten Kröger

05/10/2022, 2:11 PM
Thany you @zomars. I tried both
.env
variants I have written above, but the results in my browser are the same as with
yarn dev
z

zomars

05/10/2022, 2:13 PM
Try with
Copy code
NEXT_PUBLIC_WEBAPP_URL='<https://mysubdomain.mydomain.com>'
NEXT_PUBLIC_WEBSITE_URL='<https://mysubdomain.mydomain.com>'
NEXT_PUBLIC_EMBED_LIB_URL='<https://mysubdomain.mydomain.com>'
NEXTAUTH_URL='<https://mysubdomain.mydomain.com/api/auth>'
t

Torsten Kröger

05/10/2022, 2:22 PM
Nope. Same as before. Do I need those NEXTAUTH values at all? My server is a GCP instance.
z

zomars

05/10/2022, 2:23 PM
yes, next-auth is the auth library that we currently use
Can see for any error in the browser console? This sounds more like a nginx side of things that is timing out
t

Torsten Kröger

05/10/2022, 2:32 PM
Copy code
<https://mysubdomain.mydomain.com>
redirects with
307 Temporary Redirect
to
Copy code
<https://mysubdomain.mydomain.com/de>
where I get a
504 Gateway Time-out
after a while
But
/favicon.ico
loads fine 😂
z

zomars

05/10/2022, 2:42 PM
I haven't touched nginx in a while sorry. I've converted to Caddy a while ago
🔍 1
t

Torsten Kröger

05/10/2022, 2:52 PM
Thanks for today. I'll try caddy tomorrow. My nginx config contained everything except
proxy_cache_bypass $http_upgrade;
actually. I am a bit at a loss.
Hi again @zomars. Thanks again for the help. It wasn't the nginx (caddy works great, but didn't help either) but my
/etc/hosts
. Just so others don't fall into the same trap: I had to add my domain to the localhost entry.
Copy code
127.0.0.1 localhost <http://mysubdomain.mydomain.com|mysubdomain.mydomain.com>
Now it works fine. We will now evaluate whether our self-hosted system meets our requirements.
🙃 1
🙏 1
z

zomars

05/13/2022, 2:32 PM
Yes! Thanks for the heads up. It makes total sense!
v

Vojtěch Ryšánek

06/02/2022, 10:38 AM
did you make it work? for me it still does not work - docker and nginx proxy (lets encrypt certificate) - still redirecting to localhost:3000 regardless env. variables.. also NEXT_PUBLIC_LICENSE_CONSENT settings does not work, using calendso/calendso:latest image from docker hub
t

Torsten Kröger

06/02/2022, 12:17 PM
Sorry, @Vojtěch Ryšánek, I have no experience with Docker based installation. I installed the composer variant.
13 Views