Self hosted LanguageTool

codingHahn · August 8, 2019, 8:04am

Hello,
I set up my LanguageTool server using this docker container GitHub - silvio/docker-languagetool: Dockerfile for LanguageTool .
I tunnel this traffic through an nginx reverse-proxy which encrypts the traffic and exposes it to port 443 on my server. Now, when I add this server as custom server in the firefox extension, it does not work.

Instead, it tries to correct the text for a few seconds before erroring out:
Sorry, something went wrong while checking your text (400)

Did I configure something wrong?
cheers

dnaber · August 8, 2019, 8:05am

Hi, can you open that API endpoint with a browser? What does it return? It should look like https://localhost:8081/v2/check?text=foobar&language=en-US with your local value for localhost:8081.

codingHahn · August 12, 2019, 2:07pm

Yes. It outputs

 {"software":{"name":"LanguageTool","version":"4.5","buildDate":"2019-03-26 11:37","apiVersion":1,"premium":false,"premiumHint":"You might be missing errors only the Premium version can find. Contact us at support<at>languagetoolplus.com.","status":""},"warnings":{"incompleteResults":false},"language":{"name":"English (US)","code":"en-US","detectedLanguage":{"name":"Danish","code":"da-DK","confidence":0.46113405}},"matches":[]}

dnaber · August 12, 2019, 2:10pm

That sounds as if the --public --allow-origin '*' parameter was missing (works when called directly, doesn’t work when called from JS). But it’s in the docker’s start.sh. Maybe the reverse proxy messes up the CORS headers or something like that…

codingHahn · August 13, 2019, 7:36pm

I dunno. After your post i explicitly allowed the headers in my nginx config. Here is my full config to debug:

server {
	listen 80;
	server_name languagetool.example.com;
	return 301 https://languagetool.example.com$request_uri;
}

server {
	listen 443 ssl http2;
	server_name languagetool.example.com;
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	
	
	
	add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
	
	
	ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; # managed by Certbot
	ssl_stapling on; # managed by Certbot
	ssl_stapling_verify on; # managed by Certbot

	location / {
		add_header "Access-Control-Allow-Origin" *;
        	proxy_pass http://localhost:8010;
		}
}

codingHahn · August 13, 2019, 8:25pm

On further incpection it seems that something is way off with the extension. When I set add_header "Access-Control-Allow-Origin" *;, then the error message in the dev tools is:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://languagetool.example.com/v2/check?instanceId=84191%3A1565727384820&c=1&v=2.3. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘*, *’).

but when i set the header to add_header "Access-Control-Allow-Origin" "*, *"; it prints

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://languagetool.famhahn.xyz/v2/check?instanceId=33111%3A1565727813232&c=1&v=2.3. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘*, *, *’).

It seems to expect more *,* then it currently recieves through the header.

codingHahn · August 13, 2019, 8:31pm

When I curl -i example.com/v2/check on your server, I get

HTTP/2 400 
server: nginx/1.16.0
date: Tue, 13 Aug 2019 20:22:53 GMT
content-length: 41
access-control-allow-origin: *
x-backend-server: api10

when I do this on my server, I get

HTTP/2 500 
server: nginx/1.14.2
date: Tue, 13 Aug 2019 20:28:31 GMT
content-length: 57
access-control-allow-origin: *

There is a 500 internal server error when i do /check

codingHahn · August 13, 2019, 8:42pm

The server seems to do what it is supposed to. docker log shows:

2019-08-13 20:34:00 +0000 Check done: 888 chars, en-US (mother tongue: de)[auto], #67, null, 20 matches, 430ms, agent:webextension-firefox-ng, v:2.3, sent, q:0, h:1, dH:1, m:all_but_textlevel_only

That it checks successfully. It seems that there is some bug in Firefox, that does this, will confirm shortly.

codingHahn · August 13, 2019, 8:45pm

It works with Chromium, so it seems it is indeed a firefox specific bug -.- . And into the firefox source code we go.

codingHahn · August 21, 2019, 12:05pm

I didn’t have the nerve to debug Firefox. I will open a bug report on the Firefox bug tracker now.