Run squidex locally

alexvolchetsky · October 31, 2020, 2:25pm

I have…

[ ] Read the following guideline: https://docs.squidex.io/01-getting-started/installation/troubleshooting-and-support. I understand that my support request might get deleted if I do not follow the guideline.

I’m submitting a…

[ ] Regression (a behavior that stopped working in a new release)
[x ] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

I’m unable to run squidex in docker on my local.

Tried https://github.com/Squidex/squidex-docker/blob/master/standalone/docker-compose-noproxy.yml In this file changed https://${SQUIDEX_DOMAIN}/ to http://${SQUIDEX_DOMAIN}/ as it gave me error in popup because of incorrect url.
Squidex run fine but i can’ login as administrator. Login popup hangs or redirects to login again after providing correct credentials. Tried to setup squidex on IIS. And have the same issue over http. When I added https binding login worked fine. So it is not possible to use squidex over https?

github.com

Squidex/squidex-docker/blob/master/standalone/docker-compose-nginx.yml

version: '2.3'
services:
  squidex_mongo:
    image: mongo:4.4.1
    volumes:
      - /etc/squidex/mongo/db:/data/db
    networks:
      - internal
    restart: unless-stopped

  squidex_squidex:
    image: "squidex/squidex:5"
    environment:
      - URLS__BASEURL=https://${SQUIDEX_DOMAIN}/
      - EVENTSTORE__TYPE=MongoDB
      - EVENTSTORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - STORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - IDENTITY__ADMINEMAIL=${SQUIDEX_ADMINEMAIL}
      - IDENTITY__ADMINPASSWORD=${SQUIDEX_ADMINPASSWORD}
      - IDENTITY__GOOGLECLIENT=${SQUIDEX_GOOGLECLIENT}

This file has been truncated. show original

as i understood this will not work for local environment as letsencrypt can’t generate certificates for local environments.

github.com

Squidex/squidex-docker/blob/master/standalone/docker-compose.yml

version: '2.3'
services:
  squidex_mongo:
    image: mongo:4.4.1
    volumes:
      - /etc/squidex/mongo/db:/data/db
    networks:
      - internal
    restart: unless-stopped

  squidex_squidex:
    image: "squidex/squidex:5"
    environment:
      - URLS__BASEURL=https://${SQUIDEX_DOMAIN}/
      - EVENTSTORE__TYPE=MongoDB
      - EVENTSTORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - STORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - IDENTITY__ADMINEMAIL=${SQUIDEX_ADMINEMAIL}
      - IDENTITY__ADMINPASSWORD=${SQUIDEX_ADMINPASSWORD}
      - IDENTITY__GOOGLECLIENT=${SQUIDEX_GOOGLECLIENT}

This file has been truncated. show original

this file worked fine for me for a while. but now i started experiencing the following issue with certificate:

What is the best way to run squidex locally in docker?

Expected behavior

Have possibility to login in squidex.

Minimal reproduction of the problem

Run docker-compose files on local environment.

Environment

[x ] Self hosted with docker
[ ] Self hosted with IIS
[ ] Self hosted with other version
[ ] Cloud version

Version: [5]

Browser:

[ x] Chrome (desktop)
[ ] Chrome (Android)
[ ] Chrome (iOS)
[ ] Firefox
[ ] Safari (desktop)
[ ] Safari (iOS)
[ ] IE
[ ] Edge

Others:

Sebastian · October 31, 2020, 2:29pm

It is not that easy to run Squidex locally, especially with this setup, because Squidex needs a valid https certificate and the docker-compose setup tries to create a certificate for a valid public domain using lets encrypt, which is just not possible with localhost.

The reason for https is Chrome. In February 2020 Google introduced a change that makes it impossible to set a cookie when redirecting to other domains.

What happens during login is the following:

User clicks the Login with Google button.
Squidex sets a correlation cookie AND redirects to Google login.
User comes back from Google.
Squidex checks the correlation cookie.

When you are running Squidex with http, the correlation cookie is just not there and login fails. It could work with username and password authentication I guess, but I have not tried it and I think it is not a good idea to use http anymore. Especially at these days, when certificates are free anyway.