Dear devs of loomio,

I am a little confused about channels.loomio.domain. In the readme it says, that you put a CNAME record that forwards requests from channels.loomio.domain to loomio.domain. which seems a little weird to me. Why is it seperated in the first place? I didn't find any information in the guidelines or manual, so I am referring to it here in the issues.
I stumbled across it because navigating to channels.loomio leads to a 502 using a nginx reverse proxy but Loomio seems to work either way.

But my web console throws tons of errors that look like this:

polling-xhr.js:268 GET https://channels.loomio.domain/socket.io?channel_token=_sometoken_&EIO=3&transport=polling&t=NT8sq0R 502

So channels.loomio.domain is not reachable which probably is a reverse proxy problem because I haven't set up a CNAME forwarding from channels.loomio.domain -> loomio.domain via nginx yet. Before I dive into that I would really like to understand the channels. concept in the first place.

Thanks a lot in advance, really appreciate your work!

All my Best
p

Hi @phleba,

Loomio uses virtualhosts to direct traffic between the different apps that make it work. So channels.loomio.domain requests are directed to the nodeJS server which handles websockets and live updates, and loomio.domain traffic is routed to the rails server which handles the traditional requests and responses the Rails app makes.

It's just the easiest way (I've found) to do it with a single host, docker-compose and nginx-letsencrypt.

Hey @robguthrie,
thanks so much for the explanation.

I now added the CNAME record from channels.loomio -> loomio. for our domain in our domain provider dashboard. The other subdomains - including loomio.ourdomain - are handled via a nginx reverse proxy including letsencrypt.
But I still get the XHR GET 502 Bad Gateway errors in my web console regarding the socket.io connection and some features e.g. creating a poll do not work.
When navigating to channels.loomio.xxx - is navigating to channels.loomio.xxx supposed to return 502? Shouldn't it forward to loomio.xxx due to the CNAME?

I'm not sure I understand.
Is the loomio host on it's own IP? or is there some other frontend infront of it?

Sorry for being confusing here.

Is the loomio host on it's own IP? or is there some other frontend infront of it?

No, loomio is configured to run as a subdomain parallel to several other services on one IP. Access to those is configure via nginx-letsencrypt reverse proxy.

Adding a CNAME record with our domain provider as mentioned in the manual does seem to conflict with our nginx configuration.

So channels.loomio.domain requests are directed to the nodeJS server which handles websockets and live update

So that probably means that our nodeJS server is for some reason not accessible, which results in 502 bad gateway errors. Our logs, however, all seem fine. Our config is according to the manual.

This is the continuous web console output in firefox when accessing https://loomio.ourdomain.tld: https://imgbox.com/q4uZdIAm

But, maybe a simple single step question first to not get confused anywhere: Is it "normal" that navigating (in a browser) to https://channels.loomio.domain.tld - independent of CNAME entry or access via our nginx reverse proxy - leads to a 502 Bad Gateway? Probably not, right? What would the expected behavior be?

Sorry, I simply don't know enough stuff to support custom setups. I recommend you give your Loomio box it's own IP.

Sorry if that wasn't a great message to receive, @phleba. I sometimes get concerned about how much time I have in the day and custom setups can seem overwhelming from a distance.

Loomio is already using an nginx-letsencrypt proxy. We tried to handle that for people by default. If you want to do that work yourselve, then you'll need to edit the docker-compose.yml file in loomio-deploy, and remove the nginx and lets-encrypt stuff, and decide for yourself how you're going to route traffic to the app and channels services loomio relies upon.

I think that it's a lot of labour, and I had imagined the cost of just running the setup on it's own IP was not a lot. It also means if I update that file with an infrastructure change, your system is upgraded too.

Yes I get the point, thanks for coming back to the topic!

Okay, so actually we also use the nginx-letsencrypt proxy in our whole system setup with multiple web services, so that was fine. We now were able to set it up and the 502 errors regarding channels.loomio.ourdomain disappeared! The XHR Get requests go through now. What we did:

• Removed the redundant VIRUTAL_HOST definition in docker-compose.yml (where we normally define it for our nginx-letsencrypt proxy regarding our system-wide setup) for app and channels and kept it in the env/channel_env files as proposed by the manual (not sure whether this solved it)
• Removing the second virtual_host definition (we normally define two domains per web service: www. + blank i.e. www.loomio.domain.tld + loomio.domain.tld) from our config (probably that helped)
• Having channels and app in the open nginx docker for external access plus the loomio-specific network in which it communicates with loomio-db, loomio-mailin etc. (this also helped I guess)

What we did not do since this breaks our nginx-reverseproxy setup: Submit the CNAME definition to our domain provider (guess that's optional).

Thanks for your support and patience!