geonode icon indicating copy to clipboard operation
geonode copied to clipboard
verified publisher icon GeoNode

Deploy GeoNode Core behind HAProxy

Open mkrueger-dev opened this issue 2 years ago • 1 comments

Hi GeoNode-Team,

We set up a GeoNode Core 4.1.0 on a VM using docker. The system worked well when tested on localhost and also when deployed accessible from the institutes network only. When proxied through HAProxy GeoNode and its components (Django, GeoServer, Postgres-DB) can be reached from the outside successfully but we ran into the following issues:

  • uploading even small resources as datasets takes unreasonable long
  • updating metadata of these datasets results in 504 error
  • register remote services results in 504 error
  • creating an dataset results in 504 error

Uploading resources as documents worked just fine. Editing metadata also worked here. Same applies to maps, geostories and dashboards.

The presumable fix:

After a while we figured what might be the problem here and the following .env settings did the trick:

  • PUBLIC_PORT=80
  • SITEURL=https://our-fancy-url
  • GEONODE_LB_HOST_IP=
  • GEONODE_LB_PORT=
  • HTTP_HOST=our-fancy-url
  • HTTPS_HOST=
  • LETSENCRYPT_MODE=disabled
  • GEOSERVER_WEB_UI_LOCATION=https://our-fancy-url/geoserver/
  • GEOSERVER_PUBLIC_LOCATION=https://our-fancy-url/geoserver/
  • GEOSERVER_LOCATION=http://geoserver:8080/geoserver/

When keeping GEONODE_LB_HOST entries empty GeoServer Proxy Base URL is set to http://geonode:80 by the system itself. GeoNode then already works behind the HAProxy but the OGC-Services provided by GeoServer are not reachable from the outside. We fixed this by logging into GeoServer and setting the Proxy Base URL entry empty...

I understand that GeoNode is supposed to run on its own. SSL/TLS encryption is provied internally by Letsencrypt. However, when deploying GeoNode behind a HAProxy encryption is already taken care of. Is there an 'official' way / recommendation to set up the system using a proxy?

Thanks!

Specifications

  • GeoNode version: 4.1.0
  • Installation type: GeoNode Core
  • Installation method: docker
  • Platform: VM
  • HAProxy timeouts: timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s

mkrueger-dev avatar Jun 26 '23 10:06 mkrueger-dev

The trick seems to be to set

HTTPS_HOST=your_fancy_host
HTTPS_PORT=443
LETSENCRYPT_MODE=disabled

SITE_URL=https://your_fancy_host/
ALLOWED_HOSTS="['django', 'your_fancy_host']"
GEOSERVER_WEB_UI_LOCATION=https://your_fancy_host/geoserver/
GEOSERVER_PUBLIC_LOCATION=https://your_fancy_host/geoserver/
NGINX_BASE_URL=https://your_fancy_host

The first 3 settings above will cause geonode nginx to create a self signed certificate for SSL/HTTPS

Then let the reverse proxy server (nginx proxy manager or haproxy or something else) forward to: https://your_internal_geonode_stack

anneb avatar Nov 18 '25 12:11 anneb