Parse Dashboard can only be remotely accessed via HTTPS #46
Comments
|
If you are running the dashboard on your own laptop (localhost), this shouldn't be an issue. If you want to run the dashboard on a remote server, https is mandatory to prevent you from leaking your Master Key and completely compromising the security of your app. https://letsencrypt.org/ can help you get started with https for free, or you can just run the dashboard locally. |
|
Thanks @drew-gross |
|
That should work, but I haven't used SSL on GoDaddy so I can't be 100% sure. The connection to the express app that serves the dashboard must be secure, so as long as your setup on GoDaddy ensures you have a secure connection to dashboard, it will work. I'd recommend trying letsencrypt.org first, it's free so if it doesn't work then you haven't lost anything. |
|
Hi @thphuc, any luck getting this set this up? |
|
Hi @kevinbluer
|
|
I just got the dashboard set up on Heroku and am also getting this error even though I set the PARSE_DASHBOARD_ALLOW_INSECURE_HTTP environment variable to 1. I'm attempting to get it set up in Heroku like this as a node app that runs both the dashboard and the api/cloud code: var api = new ParseServer({
databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
appId: process.env.APP_ID || 'myAppId',
masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!
serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse', // Don't forget to change to https if needed
liveQuery: {
classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
}
});
var dashboard = new ParseDashboard({
apps: [
{
appId: process.env.APP_ID || 'myAppId',
masterKey: process.env.MASTER_KEY || 'myMasterKey',
serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse',
appName: process.env.APP_NAME || 'MyApp',
},
],
});
var app = express();
// Serve static assets from the /public folder
app.use('/public', express.static(path.join(__dirname, '/public')));
// Serve the Parse API on the /parse URL prefix
var mountPath = process.env.PARSE_MOUNT || '/parse';
app.use(mountPath, api);
// Serve the Parse API on the /dashboard
app.use('/dashboard/', dashboard);
var port = process.env.PORT || 1337;
var httpServer = require('http').createServer(app);
httpServer.listen(port, function() {
console.log('parse-server-example running on port ' + port + '.');
});Any clue what I'm missing @drew-gross @kevinbluer ? |
|
Hi, i Have a same issue, the variable "allowInsecureHTTPS" won't work in a configuration section in index.js.. where is the error? `var express = require('express'); var databaseUri = 'mongodb://......'; var api = new ParseServer({ var dashboard = new ParseDashboard({ var app = express(); |
|
@milonet this worked for me So the ParseDashboard class constructor accepts two parameters, first one if for the config file and second for allowInsecureHTTP flag. You can check out the code here. |
ghost
mentioned this issue
|
None of the advice above seems applicable to the dockerized usage as detailed out under https://github.com/parse-community/parse-dashboard#run-with-docker How can I work around the http/s issue when using docker image locally as described in the link? |
|
@holgerbrandl I'm having the same problem, runs fine locally outside Docker, but returns the same when running in Docker locally. There needs to be a way to pass in the allowInsecureHTTP config param into docker run for local use. |
|
Yes the same way you pass the —port. |
|
THX @flovilmart I am trying docker run with -e allowInsecureHTTP='true' but that is not working (also tried. -e allowInsecureHTTP=true and -e allowInsecureHTTP:true). |
|
-e is for environment vrairables , not for arguments. |
|
Sorry, there are several places that arguments could be provided, in Dockerfile and in docker run command and I'm not familiar with the right place or syntax for doing this. If you are able to give a brief example of how and where to do this it would be great as others are also having trouble with getting this to work. |
|
@paulfreeman this is explained in the readme here https://github.com/parse-community/parse-dashboard/blob/master/README.md#run-with-docker |
|
Thanks again, I've tried that passing in --allowInsecureHTTP true as, but I still can't access the dashboard. If I run parse-dashboard locally everything works, but the dockerised version reports if can only be accessed via https. My invocation is
I've also tried
with allowInsecureHTTP true set in config.json like this
|
|
Can you try with just trustProxy set? This should be enough. |
|
Also what version of the dashboard are you using? |
|
For the version, I pulled the master branch from git, then did the docker build. That version is running fine from the command line against my parse-server running on a user defined docker network. |
|
That’s very odd indeed, you ca probably debunk this but putting a few logs here and there. We’re using that flag on google app engine without any issue. |
|
@flovilart thanks for your help, as you say I'll just have to see if I can get some logging to figure this out, I'm probably making some odd mistake somewhere. On the positive side this is a good way of learning how everything fits together. |
|
Same with with me: I've build it from git on Aug 14. and I've provided allowInsecureHTTP as last position docker run argument as shown above in paulfreeman's posting, and it did not work. Maybe you @flovilmart are running a different docker version? I'm using v17.06. |
|
@holgerbrandl I'm running 17.03.1-ce-rc1 |
|
If anybody looking for the solution in the latest version. The below will work. A small change from @warrenca comment during the initialization code. The change is instead of Now the |
|
@holgerbrandl |
|
@swami701 solution worked for me. Use: |
|
For anyone looking to solve this via Docker setup |
|
via docker setup: |
|
The solution to this was merged on #808, please refer to that. |
|
The change is app.use('/parse-dashboard', new ParseDashboard(config.dashboard, { allowInsecureHTTP: true })); instead of app.use('/parse-dashboard', ParseDashboard(config.dashboard, true)); you will find this code in index.js |
|
<3 |
Thank you, this method is successful in my case. I don't need to pay for SSL certificate |
After setting up the dashboard, I get the message "Parse Dashboard can only be remotely accessed via HTTPS".
I am hosting my backend on Digital Ocean (my domain is from Godaddy, but I didn't point to my IP yet), my dashboard url format: http://xxx.xxx.xxx.xxx:4040.
I am a mobile developer and I don't have experience on setting up https. Please tell me how to fix this!
The text was updated successfully, but these errors were encountered: