Parse-dashboard: Parse Dashboard can only be remotely accessed via HTTPS

Created on 5 Mar 2016  路  32Comments  路  Source: parse-community/parse-dashboard

After setting up the dashboard, I get the message "Parse Dashboard can only be remotely accessed via HTTPS".
I am hosting my backend on Digital Ocean (my domain is from Godaddy, but I didn't point to my IP yet), my dashboard url format: http://xxx.xxx.xxx.xxx:4040.
I am a mobile developer and I don't have experience on setting up https. Please tell me how to fix this!

Most helpful comment

If anybody looking for the solution in the latest version. The below will work. A small change from @warrenca comment during the initialization code.

var config = {
  "allowInsecureHTTP": true,
  "apps": [
    {
      "serverURL": "http://localhost:1337/parse",
      "appId": "xxx",
      "masterKey": "yyy",
      "appName": "appName"
    }
  ],"users": [
    {
      "user":"user",
      "pass":"pass"
    }
  ]
};
var dashboard = new ParseDashboard(config, {allowInsecureHTTP: config.allowInsecureHTTP});

The change is

var dashboard = new ParseDashboard(config, {allowInsecureHTTP: config.allowInsecureHTTP});

instead of

var dashboard = new ParseDashboard(config, config.allowInsecureHTTP);

Now the app.js code from parse dashboard has been changed. You can find it here.

All 32 comments

If you are running the dashboard on your own laptop (localhost), this shouldn't be an issue. If you want to run the dashboard on a remote server, https is mandatory to prevent you from leaking your Master Key and completely compromising the security of your app. https://letsencrypt.org/ can help you get started with https for free, or you can just run the dashboard locally.

Thanks @drew-gross
If I set up a https on Godaddy and point it to my IP address, will it work?

That should work, but I haven't used SSL on GoDaddy so I can't be 100% sure. The connection to the express app that serves the dashboard must be secure, so as long as your setup on GoDaddy ensures you have a secure connection to dashboard, it will work. I'd recommend trying letsencrypt.org first, it's free so if it doesn't work then you haven't lost anything.

Hi @thphuc, any luck getting this set this up?

Hi @kevinbluer
I followed these step and it worked:

  1. Install parse-dashboard: npm install -g parse-dashboard
  2. Create config file
  3. Run this command: parse-dashboard --config parse-dashboard-config.json --allowInsecureHTTP
    But this is for testing only, shouldn't use http for production

I just got the dashboard set up on Heroku and am also getting this error even though I set the PARSE_DASHBOARD_ALLOW_INSECURE_HTTP environment variable to 1. I'm attempting to get it set up in Heroku like this as a node app that runs both the dashboard and the api/cloud code:

var api = new ParseServer({
  databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
  cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
  appId: process.env.APP_ID || 'myAppId',
  masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!
  serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse',  // Don't forget to change to https if needed
  liveQuery: {
    classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
  }
});

var dashboard = new ParseDashboard({
  apps: [
    {
      appId: process.env.APP_ID || 'myAppId',
      masterKey: process.env.MASTER_KEY || 'myMasterKey',
      serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse',
      appName: process.env.APP_NAME || 'MyApp',
    },
  ],
});

var app = express();

// Serve static assets from the /public folder
app.use('/public', express.static(path.join(__dirname, '/public')));

// Serve the Parse API on the /parse URL prefix
var mountPath = process.env.PARSE_MOUNT || '/parse';
app.use(mountPath, api);

// Serve the Parse API on the /dashboard
app.use('/dashboard/', dashboard);

var port = process.env.PORT || 1337;
var httpServer = require('http').createServer(app);
httpServer.listen(port, function() {
    console.log('parse-server-example running on port ' + port + '.');   
});

Any clue what I'm missing @drew-gross @kevinbluer ?

Hi, i Have a same issue, the variable "allowInsecureHTTPS" won't work in a configuration section in index.js.. where is the error?

`var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var ParseDashboard = require('parse-dashboard');
var path = require('path');

var databaseUri = 'mongodb://......';

var api = new ParseServer({
databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
appId: process.env.APP_ID || 'xxxx',
masterKey: process.env.MASTER_KEY || yyyy', //Add your master key here. Keep it secret!
serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse', // Don't forget to change to https if needed
liveQuery: {
classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
}
});

var dashboard = new ParseDashboard({
"allowInsecureHTTP": true,
"apps": [
{
"serverURL": "http://localhost:1337/parse",
"appId": "xxx",
"masterKey": "yyy",
"appName": "appName"
}
],"users": [
{
"user":"user",
"pass":"pass"
}
]
});

var app = express();
`

@milonet this worked for me

var config = {
  "allowInsecureHTTP": true,
  "apps": [
    {
      "serverURL": "http://localhost:1337/parse",
      "appId": "xxx",
      "masterKey": "yyy",
      "appName": "appName"
    }
  ],"users": [
    {
      "user":"user",
      "pass":"pass"
    }
  ]
};
var dashboard = new ParseDashboard(config, config.allowInsecureHTTP);

So the ParseDashboard class constructor accepts two parameters, first one if for the config file and second for allowInsecureHTTP flag. You can check out the code here.

@warrenca I came to the same solution a few days ago. Seems like the environment variables and command line argument should work when running it as middleware too. I opened an issue for it: https://github.com/ParsePlatform/parse-dashboard/issues/361

None of the advice above seems applicable to the dockerized usage as detailed out under https://github.com/parse-community/parse-dashboard#run-with-docker

How can I work around the http/s issue when using docker image locally as described in the link?

@holgerbrandl I'm having the same problem, runs fine locally outside Docker, but returns the same when running in Docker locally. There needs to be a way to pass in the allowInsecureHTTP config param into docker run for local use.

Yes the same way you pass the 鈥攑ort.

THX @flovilmart I am trying docker run with -e allowInsecureHTTP='true' but that is not working (also tried. -e allowInsecureHTTP=true and -e allowInsecureHTTP:true).

-e is for environment vrairables , not for arguments.

Sorry, there are several places that arguments could be provided, in Dockerfile and in docker run command and I'm not familiar with the right place or syntax for doing this. If you are able to give a brief example of how and where to do this it would be great as others are also having trouble with getting this to work.

@paulfreeman this is explained in the readme here https://github.com/parse-community/parse-dashboard/blob/master/README.md#run-with-docker

Thanks again, I've tried that passing in --allowInsecureHTTP true as, but I still can't access the dashboard. If I run parse-dashboard locally everything works, but the dockerised version reports if can only be accessed via https.

My invocation is

docker run -it -p 4040:4040 --name dashboard --net mynetwork parse-dashboard --allowInsecureHTTP true

I've also tried

docker run -it -p 4040:4040 --name dashboard --net my network -v <fullyqualified>/parse-dashboard/parse-dashboard/config.json:/Parse-Dashboard/parse-dashboard-config.json parse-dashboard

with allowInsecureHTTP true set in config.json like this

{ "allowInsecureHTTP": true, "trustProxy": 1, "apps": [ { "serverURL": "http://myparseserver:1337/parse", "appId": "myAppId", "masterKey": "MKEY", "appName": "MyApp" } ] }

Can you try with just trustProxy set? This should be enough.

Also what version of the dashboard are you using?

For the version, I pulled the master branch from git, then did the docker build. That version is running fine from the command line against my parse-server running on a user defined docker network.

That鈥檚 very odd indeed, you ca probably debunk this but putting a few logs here and there. We鈥檙e using that flag on google app engine without any issue.

@flovilart thanks for your help, as you say I'll just have to see if I can get some logging to figure this out, I'm probably making some odd mistake somewhere. On the positive side this is a good way of learning how everything fits together.

Same with with me: I've build it from git on Aug 14. and I've provided allowInsecureHTTP as last position docker run argument as shown above in paulfreeman's posting, and it did not work.

Maybe you @flovilmart are running a different docker version? I'm using v17.06.

@holgerbrandl I'm running 17.03.1-ce-rc1

If anybody looking for the solution in the latest version. The below will work. A small change from @warrenca comment during the initialization code.

var config = {
  "allowInsecureHTTP": true,
  "apps": [
    {
      "serverURL": "http://localhost:1337/parse",
      "appId": "xxx",
      "masterKey": "yyy",
      "appName": "appName"
    }
  ],"users": [
    {
      "user":"user",
      "pass":"pass"
    }
  ]
};
var dashboard = new ParseDashboard(config, {allowInsecureHTTP: config.allowInsecureHTTP});

The change is

var dashboard = new ParseDashboard(config, {allowInsecureHTTP: config.allowInsecureHTTP});

instead of

var dashboard = new ParseDashboard(config, config.allowInsecureHTTP);

Now the app.js code from parse dashboard has been changed. You can find it here.

@holgerbrandl
have the same issue, Do you have any solutions now?

@swami701 solution worked for me. Use:
var dashboard = new ParseDashboard(config, {allowInsecureHTTP: config.allowInsecureHTTP});
Instead of:
var dashboard = new ParseDashboard(config, config.allowInsecureHTTP);

For anyone looking to solve this via Docker setup

FROM node:8-slim
ENV NPM_CONFIG_LOGLEVEL error
WORKDIR /src
ADD . /src
RUN cd /src \
 && npm install \
 && npm run build \
 && npm cache clear --force \
 && rm -rf ~/.npm \
 && rm -rf /var/lib/apt/lists/*

ENV PARSE_DASHBOARD_ALLOW_INSECURE_HTTP=true

ENV PORT=4040

EXPOSE $PORT

ENTRYPOINT ["npm", "run", "dashboard"]

via docker setup:
pass -e PARSE_DASHBOARD_ALLOW_INSECURE_HTTP=true argument to docker run solve this problem.

The solution to this was merged on #808, please refer to that.

The change is

app.use('/parse-dashboard', new ParseDashboard(config.dashboard, { allowInsecureHTTP: true }));

instead of

app.use('/parse-dashboard', ParseDashboard(config.dashboard, true));

you will find this code in index.js

<3

Was this page helpful?
0 / 5 - 0 ratings

Related issues

robertodias180 picture robertodias180  路  5Comments

thphuc picture thphuc  路  4Comments

SamuelEshetu picture SamuelEshetu  路  5Comments

guilhermevini picture guilhermevini  路  6Comments

grassland-curing-cfa picture grassland-curing-cfa  路  6Comments