Reporting

After installing the reporting module requirements, you must configure the base_url parameter in ${OKA_INSTALL_DIR}/config/oka/oka.yaml so that the report generator can access OKA internally to render each page.

The correct value depends on how NGINX is configured to serve OKA.

Using NGINX in HTTP

If OKA is served over plain HTTP, set base_url to point to localhost:

base_url: "http://localhost"

Restart OKA to apply the change:

sudo systemctl restart oka

Using NGINX in HTTPS with a CA-signed certificate

If OKA is served over HTTPS with a proper CA-signed certificate, the report generator (Playwright/Chromium) will be able to validate the certificate when accessing OKA internally.

In this case, however, Chromium still accesses OKA through the public HTTPS endpoint. To avoid this and reduce overhead, the recommended approach is to create a dedicated HTTP endpoint on localhost accessible only internally, used exclusively by the report generator.

Step 1 — Create a dedicated NGINX configuration for reporting

Create a new NGINX configuration file, for example /etc/nginx/conf.d/oka.reporting.conf, with an HTTP server listening on a dedicated local port (e.g., 8080):

server {
    listen 127.0.0.1:8080;
    large_client_header_buffers 4 16k;
    client_max_body_size 4G;

    proxy_connect_timeout 75s;
    proxy_read_timeout 3600s;

    keepalive_timeout 5;

    root /opt/OKA/current;

    location / {
        try_files $uri @proxy_to_app;
    }

    location /static/ {
        alias /opt/OKA/current/data/staticfiles/;
    }

    location /doc {
        alias /opt/OKA/current/data/doc/;
    }

    location @proxy_to_app {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header Host $http_host;
        proxy_read_timeout 500s;
        proxy_connect_timeout 75s;
        proxy_redirect off;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8000;
    }

    error_page 500 502 503 504 /error.html;
    location = /error.html {
        alias /opt/OKA/current/data/staticfiles/error.html;
    }
}

Note

This endpoint binds only to 127.0.0.1 and is therefore not exposed externally. Adjust the port (8080) if it conflicts with another service on your system.

Step 2 — Update the ``base_url`` parameter

Edit ${OKA_INSTALL_DIR}/config/oka/oka.yaml and set base_url to the local HTTP endpoint:

base_url: "http://localhost:8080"

Step 3 — Restart NGINX and OKA

sudo systemctl reload nginx
sudo systemctl restart oka

Using NGINX in HTTPS with a self-signed certificate

If you are using a self-signed certificate, the recommended approach is still to set up a dedicated HTTP endpoint as described above (replace the base_url accordingly).

If you cannot add an HTTP endpoint, you can instruct Chromium to bypass TLS certificate errors by enabling the reporting_bypass_https_errors feature flag. See Reporting for details.