Unable to use remote copy of st2web #34
Description
I have st2-docker installed on a CentOS 7.3 server where I've installed docker. This server is only accessible from within the our corporate LAN. I can access the default webui via a domain name that is mapped to that server's internal IP. However, I can't use a remote copy of st2web. (remote, but still within the corporate lan)
After verifying that the machine with a git clone of st2web can actually access the default webui on docker host, we can't do more than just authenticate with the dockerized st2 in the cloned copy of st2web. (The dev version of st2web is served by gulp.) All of the /api calls complain about a missing header: Cross Site Request Origin Allowed (or something like that).
I tried several permutations of allow_origin in /etc/st2/st2.conf to resolve that:
allow_origin = *allow_origin = http://localhost:3000,http://127.0.0.1:3000,https://<local domain>allow_origin = http://localhost:3000,http://127.0.0.1:3000,http://localhost:9101,http://127.0.0.1:9101,https://<local domain>
In the dev copy of st2web, we tried setting the url several different ways. (snippet is in the hosts section of config.js)
url: https://<local domain>:443/api
auth: https://<local domain>:443/auth
url: https://<local domain>:443
api: https://<local domain>:443/api
auth: https://<local domain>:443/auth
url: https://<local domain>:443
url: https://<local domain>:443
auth: true
Auth was successful when both url and auth were specified. api calls were not with any permutation.
I don't need to modify the nginx config do I? I would imagine that st2api would use the allow_origin setting to send the CORS headers. If I were to modify nginx (I haven't tried it), would I need to do something like this: https://enable-cors.org/server_nginx.html