Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for a feature request that matches the one I want to file, without success.
Describe the bug
I'm running Drawio as a docker container in self-contained mode + PlantUML container. Containers are behind a reverse proxy (Traefik 2).
docker-compose.yaml
version: '3.9'
services:
traefik:
container_name: traefik
image: "traefik:2.10.4"
ports:
- 80:80 # HTTP
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
- --entryPoints.http.address=:80
- --entryPoints.traefik.address=:8080
- --api=true
- --api.dashboard=true
- --api.disabledashboardad=true
- --ping=true
- --log=true
- --log.level=DEBUG
- --accessLog=true
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.exposedByDefault=false
- --providers.docker.network=reverse_proxy
- --providers.docker.swarmMode=false
- --providers.docker.allowEmptyServices=true
labels:
- traefik.enable=true
- "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN_NAME}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" # Define the subdomain for the traefik dashboard.
- traefik.http.routers.api.service=api@internal # Enable Traefik API.
- traefik.http.routers.api.middlewares=basic-auth-dashboard # enable basic auth middleware
- traefik.http.middlewares.basic-auth-dashboard.basicauth.users=${TRAEFIK_HTTP_BASIC_AUTH}
networks:
reverse_proxy:
ipv4_address: $TRAEFIK_STATIC_IP
drawio:
image: jgraph/drawio:22.1.7
container_name: drawio
environment:
DRAWIO_SELF_CONTAINED: 1
DRAWIO_BASE_URL: http://drawio.${DOMAIN_NAME}
DRAWIO_SERVER_URL: http://drawio.${DOMAIN_NAME}/
DRAWIO_VIEWER_URL: http://drawio.${DOMAIN_NAME}/js/viewer.min.js
DRAWIO_LIGHTBOX_URL: https://drawio.${DOMAIN_NAME}/
PLANTUML_URL: http://plantuml:8080/
networks:
- reverse_proxy
labels:
- traefik.enable=true
- traefik.http.routers.drawio.rule=Host(`drawio.${DOMAIN_NAME}`)
- traefik.http.services.drawio.loadbalancer.server.port=8080
depends_on:
- plantuml
plantuml:
container_name: plantuml
image: plantuml/plantuml-server:jetty-v1.2023.12
networks:
- reverse_proxy
labels:
- traefik.enable=true
- traefik.http.routers.plantuml.rule=Host(`plantuml.${DOMAIN_NAME}`)
- traefik.http.services.plantuml.loadbalancer.server.port=8080When I try to insert/update a PlantUML diagram, I'm getting an error:
The request fails with 500 error:
GET: http://drawio.myhome.lan/service/1/svg/XSz12i9038NX_PmY5vWBY4Zh4Rn1RACDJfCwoU3r6zHLANJzFdvudJbMRtD9zc9PiE8CDk6e7vOdFB0OfRxmG90lSDNx2Vhc4udpWCugSADt8_CK6-GmNxoZR569rZOc6gu2xaT_-9ppWVx7Ev8nhgm0
Status: 500 Internal Server Error
Response payload: Internal Server Error
To Reproduce
Steps to reproduce the behavior:
- Go to: Arrange > Insert > Advanced > PlantUML...
- Paste the following diagram text:
@startuml
skinparam shadowing false
Alice -> Bob: Authentication Request
Bob --> Alice: Authentication Response
@enduml
- Choose: PlantUML (SVG)
- Click: Insert
- Observe the error
Expected behavior
The diagram is rendered without errors.
draw.io version (In the Help->About menu of the draw.io editor):
- draw.io version v22.1.7
Desktop (please complete the following information):
- OS: macOS 11.6.8 (20G730)
- Browser firefox
- Browser Version 120.0.1 (64-bit)
I tested the problem in incognito/private mode with all browser extensions switched off, write "yes" below:
- yes
Additional context
The PlantUML insertion flow works fine without the reverse proxy.
So I decided to investigate the error deeply, and found out that the error comes from the Traefik, because of:
time="2023-12-10T11:54:21+02:00" level=debug msg="'500 Internal Server Error' caused by: net/http: HTTP/1.x transport connection broken: too many transfer encodings: [\"chunked\" \"chunked\"]"
This is the known issue, caused by a stricter check on the Transfer-Encoding header in Go v1.15 which was then brought in Traefik 2.3 (traefik/traefik#8623).
After I inspected the network traffic, I found out that the response from the PlantUML server contains 1 Transfer-Encoding header:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: image/svg+xml
Expires: Fri, 15 Dec 2023 08:35:53 GMT
Date: Sun, 10 Dec 2023 08:35:53 GMT
Last-Modified: Fri, 20 Oct 2023 13:49:00 GMT
Cache-Control: public, max-age=432000
ETag: "dc6acd2768ae3525b13eb106d18a704eqA-ueZWsK496IHumWV4J9m00"
X-PlantUML-Diagram-Description: (2 participants)
X-Powered-By: PlantUML Version 1.2023.12
X-Patreon: Support us on https://plantuml.com/patreon
X-Donate: https://plantuml.com/paypal
Transfer-Encoding: chunked
Server: Jetty(11.0.15)
CD6
<?xml version="1.0" encoding="us-ascii" standalone="no"?>
...
But the response from the Drawio server contains 2 Transfer-Encoding headers:
HTTP/1.1 200
Transfer-Encoding: chunked
Server: Jetty(11.0.15)
Access-Control-Allow-Origin: *
X-Patreon: Support us on https://plantuml.com/patreon
Last-Modified: Fri, 20 Oct 2023 13:49:00 GMT
Date: Sun, 10 Dec 2023 08:35:53 GMT
Cache-Control: public, max-age=432000
ETag: "dc6acd2768ae3525b13eb106d18a704eqA-ueZWsK496IHumWV4J9m00"
Expires: Fri, 15 Dec 2023 08:35:53 GMT
X-Donate: https://plantuml.com/paypal
X-PlantUML-Diagram-Description: (2 participants)
X-Powered-By: PlantUML Version 1.2023.12
Content-Type: image/svg+xml
Transfer-Encoding: chunked
cd6
<?xml version="1.0" encoding="us-ascii" standalone="no"?>
...
Having two Transfer-Encoding headers in the PlantUML server response causes the Traefik proxy to fail, making it impossible to use self-contained Drawio instance to render PlantUML, when running behind a Traefik reverse proxy (v2.3+).