jgraph / docker-drawio Goto Github PK

Exporting, embedding, publishing any diagrams will result in a URL going to diagrams.net:

This happens even with passing the "DRAWIO_BASE_URL" variable to docker, as follows:

docker run -it -m1g -e LETS_ENCRYPT_ENABLED=true -e PUBLIC_DNS=drawio.mysite.com -e DRAWIO_BASE_URL=https://drawio.mysite.com --rm --name="draw" -p 80:80 -p 443:8443 jgraph/drawio

Any way to make it so these functions have the correct secure self-hosted URL of the instance?

Using the latest (16.6.4 at time of writing) drawio from docker-hub my exported images appear similar to jgraph/drawio#1160

I am using the default diagram generated from the CSV import for testing. I've tried exporting in Linux and Windows using Brave, Chrome, Firefox and Edge, all with the same result as shown below.

All the details here in pull request:
#40

Docs specify public docker image as jgraph/draw.io but correct image name is jgraph/drawio (no dot).

There is a typo in the hub.docker.com page it says:
fjudith/draw.io with the (dot) in between instead of fjudith/drawio without the (dot)

this was a previous issue probably corrected on github but not on hub.docker.com.

Hello,

is it possible to get an ARM(v7) version of the (alpine) image? Building it on an raspberry pi works but is very slow and unhandy.

Thanks in advance

I asked a similar question on the nextcloud app form, but I haven't really gotten a response. Not sure if this is a different group here or not, but I thought I'd ask here too just in case.

Basically how does one prevent a user from going directly to the draw.io url via the proxy? Basically if I want to integrate draw.io in my nextcloud instance, I don't want my draw.io docker instance directly exposed so just any user can use it if they figure out the hostname/url for it. Please let me know any thoughts anyone may have on the subject. I feel like this would probably help with the security of a lot of apps that rely on an apache proxy to expose a backend.

The goal is to ensure only Nextcloud authenticated users can use my draw.io instance.

When you deploy container with self signet cert not working.

main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
06-Mar-2022 12:21:16.099 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
06-Mar-2022 12:21:16.104 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [default] to match the defaultSSLHostConfigName for the connector [https-openssl-nio-8443]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:202)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1179)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1192)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
06-Mar-2022 12:21:16.106 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [1100] milliseconds
06-Mar-2022 12:21:16.262 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
06-Mar-2022 12:21:16.263 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/10.0.12]
06-Mar-2022 12:21:17.053 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Mar-2022 12:21:17.168 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/draw]
06-Mar-2022 12:21:17.487 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Mar-2022 12:21:17.495 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/draw] has finished in [325] ms
06-Mar-2022 12:21:17.503 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
06-Mar-2022 12:21:17.563 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1455] milliseconds
06-Mar-2022 12:22:55.358 INFO [Thread-2] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"]

There are changes in both repositories. so I can't consider this one a newer version of fjudith/docker-draw.io.

Which one should I use to get the latest version?

Hi! We use docker-drawio in local network, and it's work greate!
But we need viewer.diagrams.net functional.. and seems there is no docker image for it..

Is it possible to have personal 'viewer.diagrams.net' ?

Hello!
I upload csv to self-hosted drawio (via drawio-tools/csv).
I set CSP header into PreConfig.js (warning! this is only lab env):

s.setAttribute('content', 'default-src \'self\'; script-src \'self\' \'unsafe-inline\'; connect-src \'self\' http://tools.lab; img-src * data:; media-src * data:; font-src * about:; style-src \'self\' \'unsafe-inline\'');

And now I have CORS policy error : No 'Access-Control-Allow-Origin' header is present on the requested resource.
But with disable CORS, I have good result.

Thanks all!

Hi!

Just updated the docker image from version 15.9.1 to the latest available (running on Synology NAS) and facing some issues with the boot process.

The last line in the log says:
/usr/local/tomcat/bin/catalina.sh: line 421: /docker-java-home/bin/java: No such file or directory
and the docker container falls into a boot loop.

Anybody knows how to solve this issue?

Some more lines from the log:

2022-01-03 13:58:46 | stdout | /usr/local/tomcat/bin/catalina.sh: line 421: /docker-java-home/bin/java: No such file or directory
-- | -- | --
2022-01-03 13:58:46 | stdout | Using CATALINA_OPTS:
2022-01-03 13:58:46 | stdout | Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
2022-01-03 13:58:46 | stdout | Using JRE_HOME:        /docker-java-home
2022-01-03 13:58:46 | stdout | Using CATALINA_TMPDIR: /usr/local/tomcat/temp
2022-01-03 13:58:46 | stdout | Using CATALINA_HOME:   /usr/local/tomcat
2022-01-03 13:58:46 | stdout | Using CATALINA_BASE:   /usr/local/tomcat
2022-01-03 13:58:46 | stdout | /docker-entrypoint.sh: line 143: keytool: command not found
2022-01-03 13:58:46 | stdout | /docker-entrypoint.sh: line 141: keytool: command not found
2022-01-03 13:58:46 | stdout | Generating Self-Signed certificate
2022-01-03 13:58:46 | stdout | App.prototype.isDriveDomain = function() { return true; }
2022-01-03 13:58:46 | stdout | window.EMF_CONVERT_URL = null;
2022-01-03 13:58:46 | stdout | EditorUi.enableLogging = false; //Disable logging
2022-01-03 13:58:46 | stdout | window.ICONSEARCH_PATH = null;
2022-01-03 13:58:46 | stdout | window.VSD_CONVERT_URL = null;
2022-01-03 13:58:46 | stdout | Init PostConfig.js
2022-01-03 13:58:46 | stdout | urlParams['gl'] = '0'; //Gitlab
2022-01-03 13:58:46 | stdout | urlParams['od'] = '0'; //OneDrive
2022-01-03 13:58:46 | stdout | urlParams['gapi'] = '0'; //Google Drive
2022-01-03 13:58:46 | stdout | urlParams['tr'] = '0'; //trello
2022-01-03 13:58:46 | stdout | urlParams['gh'] = '0'; //github
2022-01-03 13:58:46 | stdout | urlParams['db'] = '0'; //dropbox
2022-01-03 13:58:46 | stdout | urlParams['sync'] = 'manual'; //Disable Real-Time

Publishing link or exporting a diagram by URL leads to this:

Is there a way to define service root URL somehow?

Maybe as simple as mapping in path to key, but needs a security review.

As already discussed and implemented as part of #21 ,
there should be also automated builds for the export-server image

A scan with trivy for the latest image

    "Name": "docker.io/jgraph/export-server",
    "Digest": "sha256:665af4a39fd31b31c49eff64c764f266fbe9ecc457520359a292ac3f5b94d0e5",
    "RepoTags": [ "latest" ],
    "Created": "2020-02-19T14:41:14.4959098Z",
    ...

shows currently the following output

jgraph/export-server (debian 9.11)
==================================
Total: 5573 (UNKNOWN: 17, LOW: 392, MEDIUM: 3136, HIGH: 1696, CRITICAL: 332)
--
usr/local/drawio/draw-image-export2/package-lock.json (npm)
===========================================================
Total: 9 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 3, CRITICAL: 0)

Running in k8s using suggested yaml file all_in_one and configured settings for OneDrive. This does not work as javascript source is still localhost:8080, even with PUBLIC_DNS configured.

Hey community!

firstly, thank you for your work. I really enjoy using drawio!

While working on my bachelor thesis, i tried to enable the real-time collaboration for my self-deployed drawio. I followed the instructions of the readme, but could not find any instructions nor folder regarding the mentioned "etc/mxPusher", which should explain the steps needed to "setup a lambda function for temporary keys as well as setting a role for that lambda function"

I would really appreciate it, if you could give me more informations regarding this.

I got the "Thing" working in my AWS and have also filled in alls cert/keys.

"DRAWIO_MXPUSHER_ENDPOINT" is the only thing that I am missing right now.
After testing drawio nothing seems to synchronise (using oneDrive), and that is why i think that this endpoint variable is crucial.

Thank you in advance!

Is it possible to run container as non root for some security reasons ? If I try with nobody user and group, there are some errors.

docker run -p 8080:8080 -u 65534:65534 jgraph/drawio:14.8.4-alpine:

Init PreConfig.js
/docker-entrypoint.sh: line 16: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 17: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 18: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 19: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 20: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 21: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 22: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 23: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 24: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 31: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 33: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 34: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 36: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 48: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 52: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 53: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 54: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 58: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 76: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/docker-entrypoint.sh: line 86: /usr/local/tomcat/webapps/draw/js/PreConfig.js: Permission denied
/**
 * Copyright (c) 2006-2020, JGraph Ltd
 * Copyright (c) 2006-2020, draw.io AG
 */
// Overrides of global vars need to be pre-loaded
window.EXPORT_URL = 'REPLACE_WITH_YOUR_IMAGE_SERVER';
window.PLANT_URL = 'REPLACE_WITH_YOUR_PLANTUML_SERVER';
window.DRAWIO_BASE_URL = null; // Replace with path to base of deployment, e.g. https://www.example.com/folder
window.DRAWIO_VIEWER_URL = null; // Replace your path to the viewer js, e.g. https://www.example.com/js/viewer.min.js
window.DRAW_MATH_URL = 'math';
window.DRAWIO_CONFIG = null; // Replace with your custom draw.io configurations. For more details, https://www.diagrams.net/doc/faq/configure-diagram-editor
urlParams['sync'] = 'manual';Init PostConfig.js
/docker-entrypoint.sh: line 98: /usr/local/tomcat/webapps/draw/js/PostConfig.js: Permission denied
/docker-entrypoint.sh: line 99: /usr/local/tomcat/webapps/draw/js/PostConfig.js: Permission denied
/docker-entrypoint.sh: line 100: /usr/local/tomcat/webapps/draw/js/PostConfig.js: Permission denied
/docker-entrypoint.sh: line 104: /usr/local/tomcat/webapps/draw/js/PostConfig.js: Permission denied
/docker-entrypoint.sh: line 115: /usr/local/tomcat/webapps/draw/js/PostConfig.js: Permission denied
/**
 * Copyright (c) 2006-2020, JGraph Ltd
 * Copyright (c) 2006-2020, draw.io AG
 */
// null'ing of global vars need to be after init.js
window.VSD_CONVERT_URL = null;
window.EMF_CONVERT_URL = null;
window.ICONSEARCH_PATH = null;Generating Self-Signed certificate
keytool error: java.io.FileNotFoundException: /usr/local/tomcat/.keystore (Permission denied)
keytool error: java.lang.Exception: Keystore file does not exist: /usr/local/tomcat/.keystore
java.lang.Exception: Keystore file does not exist: /usr/local/tomcat/.keystore
	at sun.security.tools.keytool.Main.doCommands(Main.java:772)
	at sun.security.tools.keytool.Main.run(Main.java:368)
	at sun.security.tools.keytool.Main.main(Main.java:361)
06-Jul-2021 11:09:16.750 WARNING [main] org.apache.catalina.core.StandardContext.setPath A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.20
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          May 3 2019 22:26:00 UTC
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.20.0
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            5.8.0-59-generic
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
06-Jul-2021 11:09:16.766 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/lib/jvm/java-1.8-openjdk/jre
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_212-b04
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            IcedTea
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
06-Jul-2021 11:09:16.767 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.5].
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
06-Jul-2021 11:09:16.768 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
06-Jul-2021 11:09:16.771 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1b  26 Feb 2019]
06-Jul-2021 11:09:17.014 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
06-Jul-2021 11:09:17.033 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
06-Jul-2021 11:09:17.034 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [435] milliseconds
06-Jul-2021 11:09:17.054 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
06-Jul-2021 11:09:17.054 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.20]
06-Jul-2021 11:09:17.057 SEVERE [main] org.apache.catalina.startup.HostConfig.beforeStart Unable to create directory for deployment: [/usr/local/tomcat/conf/Catalina/localhost]
06-Jul-2021 11:09:17.485 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Jul-2021 11:09:17.552 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/manager]
06-Jul-2021 11:09:17.575 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/manager] has finished in [23] ms
06-Jul-2021 11:09:17.576 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/examples]
06-Jul-2021 11:09:17.702 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/examples] has finished in [125] ms
06-Jul-2021 11:09:17.702 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/host-manager]
06-Jul-2021 11:09:17.717 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/host-manager] has finished in [15] ms
06-Jul-2021 11:09:17.717 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/docs]
06-Jul-2021 11:09:17.729 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/docs] has finished in [11] ms
06-Jul-2021 11:09:17.729 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/draw]
06-Jul-2021 11:09:17.948 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
06-Jul-2021 11:09:17.953 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/draw] has finished in [224] ms
06-Jul-2021 11:09:17.957 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
06-Jul-2021 11:09:17.963 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
06-Jul-2021 11:09:17.964 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [929] milliseconds

Hello!
I want to generate svg image from csv report (for example hardware inventory or webapps dependencies).
Now I use selenium to simulate import csv -> export svg.

May be exist cli tool for import csv -> export svg?
Thanks!

Attempting to enable the google drive integration does not appear to function, even to the point of getting the integration started.

When adding the DRAW_IO_GOOGLE environment variables we get the option to save to google drive, but immediately fails. After some troubleshooting it appears there is a dependency problem in the docker image itself.

A fresh start of the docker image gets this when accessing the <domain/google>:

Any refresh or future attempt provides a 404 error instead, until the container is restarted.

Logging at the logs in the container, this pops up:

07-Dec-2021 02:16:58.724 INFO [https-openssl-nio-8443-exec-3] org.apache.catalina.core.ApplicationContext.log Marking servlet [GoogleAuthServlet] as unavailable
07-Dec-2021 02:16:58.725 SEVERE [https-openssl-nio-8443-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Allocate exception for servlet [GoogleAuthServlet]
        java.lang.IncompatibleClassChangeError: class org.ehcache.jsr107.Eh107CacheManager can not implement javax.cache.CacheManager, because it is not an interface (javax.cache.CacheManager is in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @336f1079)
                at java.base/java.lang.ClassLoader.defineClass1(Native Method)
                at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1016)
                at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
                at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2415)
                at org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:863)
                at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1332)
                at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1186)
                at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
                at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3137)
                at java.base/java.lang.Class.getConstructor0(Class.java:3342)
                at java.base/java.lang.Class.getConstructor(Class.java:2151)
                at java.base/java.util.ServiceLoader$1.run(ServiceLoader.java:659)
                at java.base/java.util.ServiceLoader$1.run(ServiceLoader.java:656)
                at java.base/java.security.AccessController.doPrivileged(Native Method)
                at java.base/java.util.ServiceLoader.getConstructor(ServiceLoader.java:667)
                at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1232)
                at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1264)
                at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1299)
                at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1384)
                at javax.cache.Caching$CachingProviderRegistry$1.run(Caching.java:448)
                at javax.cache.Caching$CachingProviderRegistry$1.run(Caching.java:442)
                at java.base/java.security.AccessController.doPrivileged(Native Method)
                at javax.cache.Caching$CachingProviderRegistry.getCachingProviders(Caching.java:442)
                at javax.cache.Caching$CachingProviderRegistry.getCachingProvider(Caching.java:529)
                at javax.cache.Caching$CachingProviderRegistry.getCachingProvider(Caching.java:476)
                at javax.cache.Caching.getCachingProvider(Caching.java:226)
                at com.mxgraph.online.CacheFacade.createCache(CacheFacade.java:43)
                at com.mxgraph.online.CacheFacade.createCache(CacheFacade.java:23)
                at com.mxgraph.online.AbsAuthServlet.<clinit>(Unknown Source)
                at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
                at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
                at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:151)
                at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1030)
                at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:761)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:134)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:834)

As far as I can decipher, the image doesn't appear to include the libraries necessary to do the google authentication? Am I misinterpreting that?

I've just noticed the alpine dockerfile uses a Tomcat image from 3 years ago.
A Snyk analysis says there is 87 security flaws and 17 is high risk
source

Is it easily updatable ?

I'm trying to deploy a local instance of draw.io. The objective currently is to disable the unneeded online storage options. Using the options described here , I added :

urlParams['db'] = '0'; //dropbox
urlParams['gh'] = '0'; //github
urlParams['gl'] = '0'; //gitlab
urlParams['tr'] = '0'; //trello

in the file PreConfig.js. That made however no difference to the options shown at the first time the site is visited. (Every storage option is still available to the user)

Are these config options enough / correct ?

Thanks in advance

Hello,

https://github.com/aquasecurity/trivy scanner reports currently 356 Vulnerabilities of which 18 are critical, and 65 have patches.
Automated Builds would probably go a long way in fixing these.

Regards,

• Folken

Hi,
I try to add some querystring to force my users using offline mode and FR langage.
I put this in my vhost configuration :
RewriteEngine on
RewriteCond %{QUERY_STRING} !.+
RewriteRule “/(.+)?” “/$1local=1&lang=fr” [QSA,R]
But it doesn't Work ... Can someone help me ?

Hi,
We have been trying to deploy the docker hub image (jgraph/drawio:13.0.4) to Azure "Web App for Containers" service.
We can configure the service with docker hub correctly, but it is not picking the application settings from Azure.
We are trying to integrate the Onedrive using our own onedrive application.

Steps I followed:

1. Created a resource from Azure "Web App for Containers".
2. Configured the resource to connect with Docker-Hub respository with URL jgraph/drawio:13.0.4
3. Added the envrionment variables (DRAWIO_MSGRAPH_CLIENT_ID and DRAWIO_MSGRAPH_CLIENT_SECRET) into application settings in Azure portal - web app - Configuration.
4. When trying to access the web app from the deployed URL, it loads the diagrams frontend correctly, but the onedrive client_id is not updated, its still drawio's client_id.
5. So the authorization fails because the redirectUri is different.

So, Is there any specific configuration which we are missing while deploying the docker-hub container to azure web app.

I would know to if like Is there any possibility to put a customized library with my own shapes to the left shape bar for all users?
Every time I create a new diagram I have to add my customized library to the shape bar and each of the users they do the same thing.

Is there any way when I start the docker container it loads my library automatically and it makes my library visible to all users?

Command currently used to make drawio available:

docker run -d --name drawio -p 8081:8080 fjudith/draw.io:8.2.3

This bug have two reasons to be fixed:

1. Missed DRAWIO_LIGHTBOX_URL docker parameter to propagate to $CATALINA_HOME/webapps/draw/js/PreConfig.js in both alpine/docker-entrypoint.sh#L33 and debian/docker-entrypoint.sh#L33

#DRAWIO_VIEWER_URL is path to the viewer js, e.g. https://www.example.com/js/viewer.min.js
echo "window.DRAWIO_VIEWER_URL = '${DRAWIO_VIEWER_URL}';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js
+echo "window.DRAWIO_LIGHTBOX_URL = '${DRAWIO_LIGHTBOX_URL}';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js
echo "window.DRAW_MATH_URL = 'math';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js

2. URL link is not properly generated when doing File-->Export to-->URL. Currently this link opens file in editor even if lightbox tick is chosen on URL creation dialog. Need to manually edit generated URL by adding lightbox=1&.
   Seems to me this bug should be fixed in main drawio codebase, not in docker. But as described below in workaround of #12 need to add how to properly specify DRAWIO_LIGHTBOX_URL in docker-compose variable to use self-hosted lightbox viewer.

As workaround to fix #12 w/o rebuilding docker image:

1. Clone project, and modify self-contained/docker-compose.yml file as described in self-contained/README

git clone https://github.com/jgraph/docker-drawio.git
cd docker-drawio.git/self-contained

2. Configure DRAWIO_LIGHTBOX_URL parameter in self-contained/docker-compose.yml. I use same link as DRAWIO_VIEWER_URL (need to be clarified in README how to properly configure these parameters to use self-hosted viewer instead of viewer.diagrams.net to avoid manually adding lightbox=1& in generated URL)
3. run with --no-start, get docker-entrypoint.sh file from container

docker-compose up --no-start
docker cp self-contained_drawio_1:/docker-entrypoint.sh docker-entrypoint.sh

4. modify docker-entrypoint.sh locally: add line with DRAWIO_LIGHTBOX_URL near line 33:

...
#DRAWIO_VIEWER_URL is path to the viewer js, e.g. https://www.example.com/js/viewer.min.js
echo "window.DRAWIO_VIEWER_URL = '${DRAWIO_VIEWER_URL}';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js
echo "window.DRAWIO_LIGHTBOX_URL = '${DRAWIO_LIGHTBOX_URL}';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js
echo "window.DRAW_MATH_URL = 'math';" >> $CATALINA_HOME/webapps/draw/js/PreConfig.js
...

5. Write back docker-entrypoint.sh to drawio container and start it

docker cp docker-entrypoint.sh self-contained_drawio_1:/docker-entrypoint.sh 
docker-compose start

6. If you want to use Lightbox viewer for exported URL then modify manually generated URL by adding lightbox=1& as follows
   Menu --> Export As --> URL --> Create

• Example of generated link:
  https://drawio.local.instance.com/?highlight=0000ff&edit=_blank&layers=1&nav=1&title=Untitled%20Diagram1.drawio#blablablablabla....
• Add lightbox=1& after ? in generated link:
  https://drawio.local.instance.com/?lightbox=1&highlight=0000ff&edit=_blank&layers=1&nav=1&title=Untitled%20Diagram1.drawio#blablablablabla....

I am very new to Docker and I am trying to set up draw.io.

My question is, how do I configure the self-hosted draw.io instance in a way where the export option is not redirected to a diagrams.net URL?

I’ve installed draw.io using the docker image on GitHub and it runs it successfully using:
sudo docker run -it --rm --name="draw" -p 8080:8080 -p 8443:8443 jgraph/drawio

I have no problem accessing the site locally by navigating to: https://localhost:8443/?offline=1
But when I go to Export as.. > URL , I see that the link that is created is for https://viewer.diagrams.net/

I’ve tried editing the PreConfig.js file as so:

But nothing changed, and I'm not sure it is the right PreConfig.js file. I wasn't able to find the one mentioned in the GitHub README file ("next to Dockerfile in debian or alpine folders").

This PreConfig.js file was located in:

Background info on my system:
Testing this on a CentOS 7 VM.

Please let me know if you need more information to help me with my question.
Thank you in advance.

Hi,
I'm trying to find if there is a way to pass to the container custom certificates instead of using self signed or LetsEncrypt ones.
This of course without manually add them to Tomcat directly.

Thanks

The jgraph/drawio docker image has two versions, a normal and alpine version.

• Normal (jgraph/drawio:latest) ≈ 243MB compressed (667MB uncompressed)
• Alpine (jgraph/drawio:alpine) ≈ 143MB compressed (281MB uncompressed)

The Docker image for the export server is ≈ 500MB compressed (1.5GB uncompressed). Is there a smaller, Alpine-based version of the export server?

If Alpine isn't an option, I changed the source from node to node:slim, added git, and was able to get it working, at only 827MB uncompressed (50% of the original size).

# docker images | grep export
loganmarchione/exportserver       latest              e9c4058a87b7        7 minutes ago       827MB
jgraph/export-server              latest              84212c2bb207        4 months ago        1.45GB

Here is the Dockerfile for that build. I was able to export a PNG, JGP, and PDF without issue.

FROM node:slim

LABEL maintainer="JGraph Ltd"

RUN apt-get update -y && \
    apt-get install -y --no-install-recommends \
        git software-properties-common chromium libatk-bridge2.0-0 libgtk-3-0 && \
    apt-add-repository contrib && \
    apt-get update -y && \
    apt-get install -y --no-install-recommends \
        ttf-mscorefonts-installer && \
    mkdir /usr/local/drawio && \
    cd /usr/local/drawio && \
    git clone https://github.com/jgraph/draw-image-export2.git && \
    cd draw-image-export2 && \
    npm install && \
    apt-get remove -y --purge chromium

WORKDIR /usr/local/drawio/draw-image-export2

EXPOSE 8000

CMD ["npm", "start"]

When the proxy server is added, insert the PlantUML graphic to report an error.

To Reproduce

1. Use the self-built drawio service, use https://github.com/jgraph/docker-drawio/blob/master/self-contained/docker-compose.yml
2. Add a layer of reverse proxy traefik in front of the drawio service

Expected behavior

1. No error popup
2. Display plantuml graphics normally

Screenshots

1. Select insert plantuml graphics
   

2. Click Insert to return to the error message

3. It was found through packet capture that /service/1/png/xxxx returned an error from the proxy server: 500 Internal Server Error. Proxy server internal error message: '500 Internal Server Error' caused by: net/http: HTTP/1.x transport connection broken: too many transfer encodings: ["chunked" "chunked"]

4. By requesting the original service interface of drawio /service/1/png/xxxx, the return protocol is as follows:

HTTP/1.1 200
Transfer-Encoding: chunked
Server: Jetty(9.4.27.v20200227)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
X-Patreon: Support us on http://plantuml.com/patreon
Last-Modified: Sun, 01 Mar 2020 10:22:00 GMT
Date: Tue, 23 Mar 2021 15:47:23 GMT
Cache-Control: public, max-age=432000
ETag: "980qA-ueZWsK496IHumWV4J9m00"
Expires: Sun, 28 Mar 2021 15:47:23 GMT
X-Donate: http://plantuml.com/paypal
X-PlantUML-Diagram-Description: (2 participants)
X-Powered-By: PlantUML Version 1.2020.02
Content-Type: image/svg+xml
Transfer-Encoding: chunked

5. By requesting the original service interface of plantuml-server png/xxxx, the return protocol is as follows:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Content-Type: image/svg+xml
Expires: Sun, 28 Mar 2021 15:17:16 GMT
Date: Tue, 23 Mar 2021 15:17:16 GMT
Last-Modified: Sun, 01 Mar 2020 10:22:00 GMT
Cache-Control: public, max-age=432000
ETag: "980qA-ueZWsK496IHumWV4J9m00"
X-PlantUML-Diagram-Description: (2 participants)
X-Powered-By: PlantUML Version 1.2020.02
X-Patreon: Support us on http://plantuml.com/patreon
X-Donate: http://plantuml.com/paypal
Transfer-Encoding: chunked
Server: Jetty(9.4.27.v20200227)

It is found that the plantuml interface after the drawio service proxy has an extra Transfer-Encoding: chunked header information.

draw.io version (In the Help->About menu of the draw.io editor):

• draw.io version 14.5.0

Hello,

I have installed docker version on Ubunutu 20.04 server and pointed it to my domain.
How can I edit the content of loading page?

The Dockerfiles are not optimised: they are slow to build and don't follow the best practices.
I've created this pull request to improve the build time reusing layers and also separating the build stage from the final one.

When you deploy the drawio container (latest versions) port 8443 is not working anymore.
It should respond with self signed Certificate.

the http port 8080 works fine however not with things like onedrive.

in the log you see things like

12-Feb-2022 17:52:27.542 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
12-Feb-2022 17:52:27.552 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [default] to match the defaultSSLHostConfigName for the connector [https-openssl-nio-8443]
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:202)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1179)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1192)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
12-Feb-2022 17:52:27.559 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [3169] milliseconds
12-Feb-2022 17:52:28.005 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]

versions like 16.4.3 run with no issue

Hello,

Is there a way to add custom default library inside the Docker image so that when you use Draw.io with a browser connected to the docker image you can see this library in the list and maybe select it by default.

Thank you for your help.

I'm trying to self host my own draw.io and integrate it into nextcloud using the nextcloud app. When I set my url up to point to my docker it seems to work but then says it can't do embedding. Please let me know what settings I should change on or in the container to allow embedding. Is there a simple setting for that?

Current base alpine image (tomcat:9-jre8-alpine) is out-of-date, it wasn't updated for 3 years and there are no fresher images of tomcat over alpine.

Maybe disable builds on top of it or mark as "should not use in production"?

Hey,
i had installed drawio from docker on my PLESK server and it's working. Almost 90%.

I want to know how can i config the Oauth2 to run from my server.
If theres a manual where i can learn how to do it i will appreciate

thanks!

https issue solved however

Onedrive will give errors like [object Object] error.

older versions with same config and same environment settings is working fine.

container log error
11-Mar-2022 17:52:13.953 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1581] milliseconds
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

Hi,

Maybe I'm missing something obvious but I can't customize the exposed port of the container. I tried it with docker run -it --rm --name="draw" -p 8000:8000 jgraph/drawio and I changed the settings in all compose.yml files as well as all Dockerfiles.

The console reports this after the start up:
INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8443"]

So I guess there are some settings that I can find.

Best,
Connor

Our company has a system deploying our company's SSL certificate with Ansible. I wish we could mount our own SSL certificate and start drawio with HTTPS mode. But I failed to find any instructions related to this.
Could you be so kind as to point out how to provide our own certificate? thanks.

Currently, only "save on device" and "save in browser" are offered, and neither seems to provide collaboration capabilities.

If collaboration using a docker installation is supported already, it would be great if the documentation could be extended to illustrate how to do so.

Tried latest image today.
Export image png/svg opens up new page to external site.(convert.diagrams.net) .
I expected this to happen locally with in the container.
Is this expected behaviour , is there a fix if otherwise ?

I want to run the container in my own domain but i want to secure it with a username and password.
Is there a way on how to do that?

I configured my own drawio with docker container and connect it to my gitlab which domain name is git.tuogo.com.cn.
When I click authorize gitlab in drawio, it can redirect to my gitlab, and return from gitlab. But I can't display correct content, finally I have got http error code 400 as follow link:

http://draw.tuogo.com.cn/gitlab?code=4ae0a35ec1742b15be1523b8dbff0383ae1e22486187633a69491825d7413012&state=cId%3D074605aaff49198814d7f57ee3a9c7476b186e51a3e58c809e47fdcfd3e421e2%26domain%3Ddraw.tuogo.com.cn%26token%3Dsogidtmn8krqraq8dktgs27ltpcvulrof8d6v0icek258vcle2j

Gitlab version: 13.11

How should I fix this problem? Thanks.

Hi,

I'm looking for a docker image that can be used to convert drawio diagrams to images in a CI pipeline. Is that possible with this project?

Dear all,

I am using the docker compose file from the self-contained folder
https://github.com/jgraph/docker-drawio/tree/master/self-contained

Everything is working fine, but when I want to export the PDF, http://draw.io is connected, but as Docker has no internet connection the PDF export fails. With internet connection the PDF is downloaded from draw.io.
PlantUML Server is working fine and I do get the results.

9f368b6c4a65 jgraph/drawio "/docker-entrypoint.…" 8 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:8443->8443/tcp self-contained_drawio_1
6d1b18ebfffe plantuml/plantuml-server "/docker-entrypoint.…" 8 minutes ago Up 2 minutes 8080/tcp self-contained_plantuml-server_1
3fc1ad96b77c jgraph/export-server "docker-entrypoint.s…" 8 minutes ago Up 2 minutes 8000/tcp self-contained_image-export_1

Here the error log of the export-server:
image-export_1 | warn: Handled exception: net::ERR_CONNECTION_REFUSED at https://www.draw.io/export3.html req=ip=::ffff:192.168.144.4 format=pdf w=0 h=0 bg=#ffffff {"stack":"Error: net::ERR_CONNECTION_REFUSED at https://www.draw.io/export3.html\n at navigate (/usr/local/drawio/draw-image-export2/node_modules/puppeteer/lib/FrameManager.js:120:37)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n -- ASYNC --\n at Frame. (/usr/local/drawio/draw-image-export2/node_modules/puppeteer/lib/helper.js:111:15)\n at Page.goto (/usr/local/drawio/draw-image-export2/node_modules/puppeteer/lib/Page.js:674:49)\n at Page. (/usr/local/drawio/draw-image-export2/node_modules/puppeteer/lib/helper.js:112:23)\n at handleRequest (/usr/local/drawio/draw-image-export2/export.js:415:16)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)"}
image-export_1 | ::ffff:192.168.144.4 - - [28/Jan/2020:03:50:04 +0000] "POST / HTTP/1.1" 500 - "http://192.168.1.105:8080/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"

Do you have any idea, what I do wrong?
I thought that the export-server is considered to work offline.

Thank you.

Best regards,
Floppsi

Hi there,

when using the docker container for editing draw.io .xml files certain shapes cannot be displayed (rectangles are shown instead in the diagram and also in the shapes selection box on the left hand side).

Loading the same .xml file in the official instance works fine.

During load of the .xml file (or when opening the (e.g. "Arrow") shapes tabs the browser developer console reports:

error in getStencil: shapes/mxAWS4.js EvalError: Refused to evaluate a
string as JavaScript because 'unsafe-eval' is not an allowed source of
script in the following Content Security Policy directive: "script-src
'self' https://storage.googleapis.com https://apis.google.com
https://docs.google.com https://code.jquery.com 'unsafe-inline'".

at eval (<anonymous>)
at Object.mxStencilRegistry.getStencil (app.min.js:2820)
at mxCellRenderer.createShape (app.min.js:1165)
at mxCellRenderer.createShape (app.min.js:2818)
at mxCellRenderer.redrawShape (app.min.js:1206)
at mxCellRenderer.redraw (app.min.js:1205)
at mxGraphView.validateCellState (app.min.js:1266)
at mxGraphView.validateCellState (app.min.js:2807)
at mxGraphView.validateCellState (app.min.js:1266)
at mxGraphView.validateCellState (app.min.js:2807)

app.min.js:2820 error in getStencil: shapes/mxArrows.js EvalError:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is
not an allowed source of script in the following Content Security
Policy directive: "script-src 'self' https://storage.googleapis.com
https://apis.google.com https://docs.google.com
https://code.jquery.com 'unsafe-inline'".

at eval (<anonymous>)
at Object.mxStencilRegistry.getStencil (app.min.js:2820)
at mxCellRenderer.createShape (app.min.js:1165)
at mxCellRenderer.createShape (app.min.js:2818)
at mxCellRenderer.redrawShape (app.min.js:1206)
at mxCellRenderer.redraw (app.min.js:1205)
at mxGraphView.validateCellState (app.min.js:1266)
at mxGraphView.validateCellState (app.min.js:2807)
at mxGraphView.validateCellState (app.min.js:1266)
at mxGraphView.validateCellState (app.min.js:2807)

First I observed this behaviour from within my nextcloud instance.
However when using just plain docker (and apache proxy) and loading the file from local storage it gave exactly the same errors.