Using container with Traefik result in invalid SOAP Public base URL

[warlof]

Describe the issue
Hi,

When we're using container with Traefik, the public SOAP url is not used to generate web services definitions.
Calling http(s)://{host}/{container}/WS/Services is showing published web services with http(s)://{host}:7047/BC/WS/
Same apply in specific web service definition, at location attribute which is showing http(s)://{host}:7047/BC/WS/{Company}/{Type}/{Name}

This is preventing certain library to consume web service as they're using explicilty the location attribute ship in web service definition.

It's perhaps tied to #1832

Scripts used to create container and cause the issue

New-BcContainer -accept_eula `
    -containerName $container `
    -artifactUrl $artifactUrl `
    -enableTaskScheduler `
    -licenseFile $licenseFile `
    -databaseServer "$sqlServer\$sqlInstance" `
    -databasePrefix "docker-" `
    -databaseName $container `
    -databaseCredential $databaseCredentials `
    -useTraefik `
    -PublicDnsName $node_fqdn `
    -auth "NavUserPassword" `
    -shortcuts None `
    -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $navUser, (ConvertTo-SecureString -String $navPassword -AsPlainText -Force))

Full output of scripts

Initializing...
Setting host.containerhelper.internal to 172.27.96.1 in container hosts file
Restarting Container
PublicDnsName unchanged
Hostname is {host}
PublicDnsName is {host}
Using NavUserPassword Authentication
Starting Internet Information Server
Starting Service Tier
Container IP Address: 172.27.109.64
Container Hostname  : {host}
Container Dns Name  : {host}
Web Client          : https://{host}/{container}/
Dev. Server         : https://{host}
Dev. ServerInstance : BC

Files:
http://{host}:8080/ALLanguage.vsix
http://{host}:8080/certificate.cer

Container Total Physical Memory is 128.0Gb
Container Free Physical Memory is 101.9Gb

Initialization took 30 seconds
Ready for connections!

[freddydk]

Duplicate of #983
You would have to file a bug for the product team to get this fixed, it isn't something I can fix in ContainerHelper, sorry

[freddydk]

Actually, there already was filed a bug based on 983 - and it is marked as fixed.
What version of Business Central are you using here?

[catadumitru]

Hi Freddy, I also found the same issue here: microsoft/nav-docker#460

I am running BC18 and I get the same issue:

Where can we see the bug that was "fixed" for this?

[freddydk]

You mentioned SOAP URL - but you are displaying OData.
Could you check the SOAP WSDL?

[freddydk]

This is a problem in Business Central.
OData feed doesn't use the PublicODataBaseUrl - the platform team will be looking at this - no ETA though,
SOAP WSDL should be updated correctly and should be using PublicSoapBaseUrl

[catadumitru]

just tried with the latest BC18 onprem and it still looks like this

[freddydk]

What does
Get-BcContainerServerConfiguration $containername

return?

[catadumitru]

ContainerName : devtest
NetworkProtocol : Default
DatabaseServer : localhost
DatabaseInstance : SQLEXPRESS
DatabaseName : CRONUS
EnableSqlConnectionEncryption : false
TrustSQLServerCertificate : false
ServerInstance : BC
EnableSqlInformationDebugger : true
AmountOfSqlStatementsInDebugger : 10
EnableLongRunningSqlStatementsInDebugger : true
LongRunningSqlStatementsInDebuggerThreshold : 500
ClientServicesPort : 7046
SOAPServicesPort : 7047
ODataServicesPort : 7048
ManagementServicesPort : 7045
ManagementServicesEnabled : true
ClientServicesEnabled : true
TestAutomationEnabled : true
PageBackgroundTaskAllowedAutomationMethods : (Update,Microsoft.Dynamics.Nav.Client.BusinessChart;PublicKeyToken=31bf3856ad364e35)
DeveloperServicesPort : 7049
DeveloperServicesEnabled : true
DeveloperServicesSSLEnabled : true
SnapshotDebuggerServicesPort : 7083
SnapshotDebuggerEnabled : true
UsePermissionSetsFromExtensions : true
SnapshotDebuggerServicesSSLEnabled : true
ExtensionAllowedTargetLevel : Internal
RequiredExtensions :
SolutionVersionExtension : 00000000-0000-0000-0000-000000000000
ReportPDFFontEmbedding : true
ReportAppDomainIsolation : true
ReportMaxRows : 1000000
ReportDefaultMaxRows : 500000
ReportTimeout : 12:00:00
ReportDefaultTimeout : 06:00:00
ReportMaxDocuments : 500
ReportDefaultMaxDocuments : 200
QueryMaxRows : MaxValue
QueryTimeout : MaxValue
EnableSaveToWordForRdlcReports : true
EnableSaveToExcelForRdlcReports : true
EnableSaveFromReportPreview : true
CompileBusinessApplicationAtStartup : true
SOAPServicesEnabled : true
ODataServicesEnabled : true
ODataServicesV3EndpointEnabled : false
ODataServicesV4EndpointEnabled : true
SOAPServicesSSLEnabled : true
ODataServicesSSLEnabled : true
ODataMaxConnections : 0
ODataMaxConnectionsPerTenant : 0
ODataV4MaxConcurrentRequests : 5
ODataV4MaxRequestQueueSize : 95
SOAPMaxConcurrentRequests : 5
SOAPMaxRequestQueueSize : 95
SOAPMaxConnections : 0
SOAPMaxConnectionsPerTenant : 0
DeltaServiceClientTimeout : 00:02:00
ODataServicesOperationTimeout : 00:08:00
SOAPServicesOperationTimeout : 00:10:00
PublicODataBaseUrl : https://mydomain.com/devtestrest/odata
PublicSOAPBaseUrl : https://mydomain.com/devtestsoap/ws
PublicWebBaseUrl : https://mydomain.com/devtest
PublicWinBaseUrl : DynamicsNAV://mydomain.com:7046/BC/
DefaultClient : Web
ServicesOptionFormat : OptionCaption
ServicesLanguage : en-US
CalendarTwoDigitYearMax : -1
SOAPServicesMaxMsgSize : 65536
ServicesUseNTLMAuthentication : false
ServicesDefaultTimeZone : UTC
ServicesDefaultCompany :
ODataServicesMaxPageSize : 20000
ClientServicesOperationTimeout : MaxValue
ClientServicesProtectionLevel : EncryptAndSign
MaxConcurrentCalls : 1000
ClientServicesMaxConcurrentConnections : 500
ClientServicesReconnectPeriod : 00:10:00
ClientServicesMaxNumberOfOrphanedConnections : 20
ClientServicesCompressionThreshold : 64
ClientServicesMaxUploadSize : 350
EnableDebugging : false
DebuggingAllowed : true
SqlTracingAllowed : true
SqlLockTimeoutOverride : 0
ClientServicesMaxItemsInObjectGraph : 512
ClientServicesChunkSize : 28
ClientServicesProhibitedFileTypes : ade;adp;asp;bas;bat;chm;cmd;com;cpl;csh;exe;fxp;gadget;hlp;hta;inf;ins;isp;its;js;jse;ksh;lnk;mad;maf;mag;mam;maq;mar;mas;mat;mau;mav;maw;mda;mdb;mde;mdt;mdw;mdz;msc;msi;msp;mst;ops;pcd;pif;prf;p
rg;pst;reg;scf;scr;sct;shb;shs;url;vb;vbe;vbs;vsmacros;vss;vst;vsw;ws;wsc;wsf;wsh
ClientServicesAllowedFileTypes :
NASServicesStartupCodeunit :
NASServicesRunWithAdminRights : false
EnableDeadlockMonitoring : false
NASServicesStartupMethod :
NASServicesStartupArgument :
NASServicesEnableDebugging : false
ClientServicesCredentialType : NavUserPassword
UIElementRemovalOption : LicenseFileAndUserPermissions
ClientServicesTokenSigningKey :
ClientServicesFederationMetadataLocation :
ServicesCertificateThumbprint : 4E115DD232BC72A257B45273CEB41CA7E345F8C3
ServicesCertificateValidationEnabled : false
DisableTokenSigningCertificateValidation : false
TokenSigningCertificateValidationMode : IssuerNameValidation
DataCacheSize : 10
SessionEventTableRetainInterval : 90.00:00:00
NonInteractiveSessionsLogRetainInterval : 5.00:00:00
SqlCommandTimeout : 00:30:00
SqlManagementCommandTimeout : -1
SqlConnectionTimeout : 00:01:30
EnableSqlReadOnlyReplicaSupport : false
EnableExclusiveExistsCheckOnModify : false
BufferedInsertEnabled : true
DisableSmartSql : false
EnableFullALFunctionTracing : false
Multitenant : False
SqlConnectionIdleTimeout : 00:05:00
EnableALServerFileAccess : true
EnableApplicationChannelLog : true
EncryptionProvider : LocalKeyFile
AzureKeyVaultAppSecretsPublisherValidationEnabled : true
ExchangeAuthenticationMetadataLocation :
AppIdUri :
WSFederationLoginEndpoint :
AzureActiveDirectoryClientId :
AzureActiveDirectoryClientSecret :
AzureActiveDirectoryClientCertificateThumbprint :
EnableMembershipEntitlement :
EnablePartialRecords : true
MaxRowsToExportToExcel : MaxValue
EnableTaskScheduler : false
TaskSchedulerMaximumConcurrentRunningTasks : 3
DefaultTaskSchedulerSessionTimeout : 12:00:00
DefaultStartSessionTimeout : 08:00:00
ClientServicesKeepAliveInterval : 00:02:00
UseSimplifiedFilters : false
ExcelAddInAzureActiveDirectoryClientId :
DisableWriteInsideTryFunctions : true
ExtendedSecurityTokenLifetime : 0
ClientServicesIdleClientTimeout : MaxValue
ODataEnableExcelAddInAnnotations : true
NavHttpClientMaxResponseContentSize : 150
NavHttpClientMaxTimeout : 00:05:00
ClientBuildRestriction : WarnClient
TraceLevel : Normal
ExternalTraceLevel : Error
EnableDataExportImport : true
MaximumSessionRecursionDepth : 14
MaxStreamReadSize : 1000000
ValidAudiences :
DefaultLanguage :
SupportedLanguages :
UnsupportedLanguageIds : 1034
ApiServicesEnabled : True
ApiSubscriptionsEnabled : true
ApiSubscriptionExpiration : 3
ApiSubscriptionNotificationUrlTimeout : 5000
ApiSubscriptionSendingNotificationTimeout : 30000
ApiSubscriptionDelayTime : 30000
ApiSubscriptionMaxNumberOfNotifications : 100
ApiSubscriptionMaxNumberOfSubscriptions : 200
EnableSymbolLoadingAtServerStartup : False
SqlLongRunningThreshold : 750
SqlLongRunningThresholdForApplicationInsights : 750
SqlBulkImportBatchSize : 448
UseIncrementalCompanyDelete : false
TaskSchedulerSystemTaskStartTime : 00:00:00
TaskSchedulerSystemTaskEndTime : 23:59:59
ChildSessionsMaxConcurrency : 5
ChildSessionsMaxQueueLength : 100
PageBackgroundTaskDefaultTimeout : 00:02:00
PageBackgroundTaskMaxTimeout : 00:10:00
XmlMetadataCacheSize : 500
AllowSessionWhileSyncAndDataUpgrade : true
SearchTimeout : 00:00:10
OverwriteExistingTranslations : true
LockoutPolicyFailedAuthenticationCount : 0
LockoutPolicyFailedAuthenticationWindow : 0
ReplaceReportExecutionTimeWithClientTime : true
UseFindMinusWhenPopulatingPage : true
DisableQueryHintOptimizeForUnknown : true
DisableQueryHintForceOrder : true
DisableQueryHintLoopJoin : true
EnableSqlQueryTopParameterization : false
SecurityProtocol : Tls12
IntegrationRecordsTableId : 5151
LegacyOptionCaptionResolution : false
EnableMultithreadedCompilation : true
ApplicationInsightsInstrumentationKey :
ApplicationInsightsConnectionString :
EnableUserConsistencyValidationOnTasks : true
AllowReadingCrossTenantApplicationDatabaseTables : false
EnableExclusiveApplicationPackageRole : true
ManagementServicesIdleClientTimeout : 02:00:00
ALLongRunningFunctionTracingThresholdForApplicationInsights : 10000
ALFunctionTimingEnabled : true
ALCompatibleDateFormatCultureList :
EnableCloudReplicationMaintenance : false
EnableProfileCacheSynchronization : false
AllowSessionCallSuspendWhenWriteTransactionStarted : true
AzureKeyVaultClientId : 00000000-0000-0000-0000-000000000000
AzureKeyVaultClientCertificateStoreLocation : LocalMachine
AzureKeyVaultClientCertificateStoreName : My
AzureKeyVaultClientCertificateThumbprint :
AzureKeyVaultKeyUri :

[warlof]

Hi,

The thing is applying to the overall soa endpoints at least (so, soap and odata).

Used version is 16.5

What I don't hunderstand is using base url is working properly on non docker environments. Can it be a miss configuration from traefik or even an issue from it?

[freddydk]

I will try to spin up a VM with docker and traefik to troubleshoot.

[elweilando]

Same here. The request to the container URL always responds with an instance name "BC".
For this reason, PowerBI or PowerQuery queries from Excel fail when going against a Docker container with traefik.

It's in 17.2 and 17.6

[elweilando]

Some news about this issue?

[warlof]

Is there anything else we can do/provide as extra information for this issue ?

[warlof]

If it may help with diagnose, using any OData (not v4) web service (like a page or a query) in Excel is resulting to the following error message :

(415) Unsupported Media Type.

1. publish page 33 (Customers) in WebServices as customers
2. in a Excel Workbook, load it using Data > Sources > Other > OData

EDIT:
I wonder if overall replace issue is not coming from a bug from Traefik 1.x which has since be addressed in v2.x
traefik/traefik#6355

I tried to check what could cause an issue from my today report based on OData and Excel integration, and figure the resulting endpoint was altered :

Still using my Customers example, this is how the metadata url is exposed when directly accessed (without traefik front) : scheme://domain/NAV/OData/Company('DEMO')/customers

And this is the resulting url once pass by traefik : scheme://domain/NAV/OData/Company%28%27DEMO%27%29/customers

As you may notice, both ( and ' characters which encapsulate company are escaped - resulting into an invalid endpoint.

The upper github issue is referencing this special case as beeing addressed in v2.1
Question is : wouldn't is be better to switch used traefik version ?

[freddydk]

This is a problem in Business Central.
OData feed doesn't use the PublicODataBaseUrl - the platform team will be looking at this - no ETA though,
SOAP WSDL should be updated correctly and should be using PublicSoapBaseUrl

I will try to file a bug on the server team again (did that a few times already)

[freddydk]

This is the same issue as #2595
Closing this, keeping the other and will query and update from the Server team.