I am trying to tunnel with Pangolin to my Joplin notes Server. The Joplin docker has a configuration for the URL set to APP_BASE_URL=htt p://localhost:22300/. I can successfully define an http resource in Pangolin that reports this source as healthy. However, if I try to access is from the internet using http s://jl.mydomain.com/ I get the error "Invalid origin: htt p://jl.mydomain.com/. I tried many different definitions for the resource and the APP_BASE_URL variable but this does not seems to work. With the sparseness of documentation for both Pangolin and Joplin, I am not able to figure this out, and help is greatly appreciated.
I tried http s://jl.domain.com/ but the the resource does not connect properly to pangolin, shows unhealthy because the url points to pangolin and not to the source connected to pangolin via gerbil.
Is there a way to tell Joplin to ignore the origin?
With the help of another post here, I managed to patch the docker image to bypass the invalid origin error. However, this alone is insufficient. It seems the fundamental issue is that I do not seem able to rewrite the localhost to the external base URL, something that does work with nextcloud. Without this ability, Joplin does not seem compatible with Pangolin proxy. After 2 days of trying and without any input, I am cutting my losses and give up. Sorry that I could not solve this.
are you sure you're solving the right problem?
I don't use Pangolin (one of the reasons being it's quite new and I didn't like the odds of there being mature docs), but the concepts should be the same.
Have you tried setting APP_BASE_URL to the external url (http://jl.mydomain.com), and the upstream proxy in Pangolin to the local endpoint (http://localhost:22300)?
That could work because from pangolin's PoV you're still accessing the endpoint locally (and will avoid the looping resolution you mention), and Joplin will be expecting the correct forwarded host header.
@zblesk Thank you, thank you, thank you!!! While this was not directly the solution, I thank you for giving it another shot. I had tried yesterday what you suggested, and it had to be this simple. The mistake that I had is to attempt enabling the health check feature for the resource. This is supposed to just ping the resource to check if it is alive. For some reason, joplin is not compatible with this. You inspired me to try again, and I kept it simple as you stated and voila it worked!
For anyone else wondering, my best guess on what happened is that pangolin forwards the host header by defaul (which is the public domain), and joplin compares it to the base url to verify. If you put localhost in there, they don't match.
A quick search didn't tell me anything about pangolin health checks, but if it's reading the health status from docker, then you'd first need to define the check in your docker-compose file. Without that docker won't show any health status. (You can see the difference between a container that has it and one that doesn't when you do a docker ps.)
It’s reading what the user has defined, not so much the status from the socket ( Health Checks - Pangolin Docs ). The socket is mostly for auto discovery. Though oddly when we did recommend to switch the base url to https://jop.domain.com even my own tests a few hours ago were complaining the same issue that the origin didn’t match yet Traefik sends the host header data and other stuff downstream by default unless explicitly told not to. Should say now that I woke up it’s magically just working so that’s always fun.
As for the location of the healthcheck it’s done by the newt client and not by the traefik client, So Joplin should be seeing the response from however newt is running either via localhost or across from another server’s ip.
The health check is done by newt and this seems to be where the problem lies. It was set to ping http://localhost:22300 but Joplin does not respond because base url was set to https://jop.domain.com. At that point health was marked as bad and access to https://jop.domain.com failed. When I set up the resource with health check disabled, access to https://jop.domain.com worked. Perhaps this thread will be useful to someone else in the future. I really appreciated the guidance here.