barrybecker4
commented
2 months ago Looking at the network tab it looks like a CORS error. I think this means that perhaps all the public URLs in the env files need to have the same base URL.
Closed barrybecker4 closed 1 month ago
barrybecker4
commented
2 months ago Looking at the network tab it looks like a CORS error. I think this means that perhaps all the public URLs in the env files need to have the same base URL.
barrybecker4
commented
2 months ago I guess I am confused as to exactly which URLS in the env files need to have Localtunnel public URLs and which can be localhost. I am also not sure what the exact Localtunnel commands should be.
I used:
lt --port 3001 --subdomain issuer-identities &
yields: https://issuer-identities.loca.lt/ (with a password)
lt --port 3002 --subdomain issuer-credentials &
yields: https://issuer-credentials.loca.lt/
lt --port 8088 --subdomain issuer-ui &
yields https://issuer-ui.loca.lt/
There is an IP password for each that needs to be entered. Since late 2023 it cannot be avoided. That may be causing issues.
barrybecker4
commented
2 months ago By adding
10.0.2.15 host.docker.internal
(where 10.0.2.15 is IP address assigned to the host by VirtualBox)
to my /etc/hosts, I now see all the containers healthy, but I still see the same "Network Error" message in the UI. The Network tab shows CORS errors.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 98e25380f2aa issuer-ui "/bin/sh /app/script…" 9 minutes ago Up 9 minutes (healthy) 0.0.0.0:8088->80/tcp, :::8088->80/tcp issuer-ui-1 004636a7a1b7 issuer-pending_publisher "sh -c 'sleep 4s && …" 9 minutes ago Up 9 minutes 0.0.0.0:3005->3005/tcp, :::3005->3005/tcp issuer-pending_publisher-1 a91cb08da6c0 issuer-notifications "sh -c 'sleep 4s && …" 9 minutes ago Up 9 minutes 0.0.0.0:3004->3004/tcp, :::3004->3004/tcp issuer-notifications-1 bddda4883659 issuer-api "sh -c 'apk add curl…" 6 days ago Up 36 minutes (healthy) 0.0.0.0:3001->3001/tcp, :::3001->3001/tcp issuer-api-1 235c36666f75 redis:6-alpine "docker-entrypoint.s…" 6 days ago Up About an hour (healthy) 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp issuer-redis-1 398ba113b229 postgres:14-alpine "docker-entrypoint.s…" 6 days ago Up About an hour (healthy) 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp issuer-postgres-1 212d41379ccc vault:1.13.2 "docker-entrypoint.s…" 6 days ago Up About an hour (healthy) 0.0.0.0:8200->8200/tcp, :::8200->8200/tcp issuer-vault-1
barrybecker4
commented
2 months ago The frontend application, running on https://issuer-ui.loca.lt, is trying to make an XMLHttpRequest (AJAX request) to the backend API endpoint https://issuer-credentials.loca.lt/v1/schemas. Since these URLs have different origins (different subdomains under loca.lt), the browser enforces the CORS policy and checks for the Access-Control-Allow-Origin header in the response from the backend server. The error message indicates that this header is missing, causing the browser to block the request.
How do I get around CORS without modifying the code? Alernatively, perhaps the CORS headers can be added?
barrybecker4
commented
2 months ago I also tried following the steps to install the issuer-node on Kubernetes.
I created a values file, env-vars-bb4.yaml that looks like this
privateKey: "<private key from metamask>"
appInstanceName:: polygon-id-issuer
appDomain: "issuer-app.barrybecker4.org"
uiDomain: "issuer-ui.barrybecker4.org"
apiDomain: "issuer-api.barrybecker4.org"
mainnet: false
uiPassword: "password-issuer"
issuerName: "user-issuer"
issuerEthereumUrl: "https://polygon-amoy.g.alchemy.com/v2/***********************************"
ingressEnabled: false
vaultpwd: "password-vault"
rhsMode: "None"
rhsUrl: "https://reverse-hash-service.com"
issuerCustomDidMethods:
- blockchain: "linea"
network: "testnet"
networkFlag: "0b01000001"
chainID: 59140
issuerKeyStoreToken: "hvs.ETYYrRk4JDXAgubnm6LZTLAw"
issuerSchemaCache: false
issuerMediaTypeManagerEnabled: true
issuerApiUiIssuerDid: "polygon:amoy:****************************************"
issuerApiUiAuthUser: "user-api"
issuerApiUiAuthPassword: "password-api"
issuerApiUiIssuerName: "user-ui"
issuerApiUiIssuerDid: "password-ui"
issuerApiUiSchemaCache: false
issuerApiIdentityMethod: "polygonid"
issuerApiIdentityBlockchain: "polygon"
issuerApiIdentityNetwork: "amoy"Then start the pods using this script
#!/bin/bash
APP_INSTANCE_NAME="polygon-id-issuer"
NAMESPACE="default"
helm install "$APP_INSTANCE_NAME" . \
--create-namespace --namespace "$NAMESPACE" \
--values env-vars-bb4.yamlAll the pods startup successfully, but when I try to access http://http://issuer-api.barrybecker4.org/, I get 503 Service Temporarily Unavailable. Looking at the logs for api-issuer-node, I see
time=2024-08-25T15:08:20.813Z level=DEBUG msg=database url="postgres://polygonid:strongpasswordapp@postgres-issuer-node-svc:5432/platformid?sslmode=disable"
time=2024-08-25T15:08:20.880Z level=INFO msg="goose: no migrations to run. current version: 202402230818397"
time=2024-08-25T15:08:20.880Z level=INFO msg="migration done!"
2024/08/25 15:08:21 INFO starting issuer node... revision=""
2024/08/25 15:08:21 INFO missing toml config file. Fallback to env vars err="Config File \"config\" Not Found in \"[/service /home/runner/work/sh-id-platform/sh-id-platform]\""
2024/08/25 15:08:21 INFO ISSUER_KEY_STORE_TOKEN value is missing
2024/08/25 15:08:21 INFO ISSUER_SCHEMA_CACHE is missing and the server set up it as false
2024/08/25 15:08:21 INFO ISSUER_MEDIA_TYPE_MANAGER_ENABLED is missing and the server set up it as true
2024/08/25 15:08:21 INFO ISSUER_API_UI_KEY_TYPE is missing and the server set up it as BJJ
2024/08/25 15:08:21 INFO ISSUER_API_UI_SERVER_PORT value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_SERVER_URL value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_AUTH_USER value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_AUTH_PASSWORD value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_ISSUER_NAME value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_ISSUER_DID value is missing
2024/08/25 15:08:21 INFO ISSUER_API_UI_SCHEMA_CACHE is missing and the server set up it as false
2024/08/25 15:08:21 INFO ISSUER_API_IDENTITY_METHOD value is missing and the server set up it as polygonid
2024/08/25 15:08:21 INFO ISSUER_API_IDENTITY_BLOCKCHAIN value is missing and the server set up it as polygon
2024/08/25 15:08:21 INFO ISSUER_API_IDENTITY_NETWORK value is missing and the server set up it as amoy
time=2024-08-25T15:08:21.093Z level=INFO msg="Vault userpass auth enabled"
time=2024-08-25T15:08:22.816Z level=INFO msg="successfully logged in to vault with userpass auth" token=hvs.CAESIOAikDpNfnNsuBAYLVj5k6gXVvi_TftWayLS5yIhJU0IGh4KHGh2cy55aUpGMzh5Q1NjZ3I3WXFoUTZaaG56UHU
time=2024-08-25T15:08:22.828Z level=INFO msg="native prover enabled" enabled=true
time=2024-08-25T15:08:23.105Z level=INFO msg="Vault token successfully renewed" renewal=2024-08-25T15:08:23.105Z
time=2024-08-25T15:08:23.349Z level=INFO msg="server started" port=3001Does that mean that configuration is missing? Where should that configuration be set?
x1m3
commented
2 months ago Hello @barrybecker4
I think the certificate for loca.it is misconfigured and ends up returning html content, instead of the API response.
Can you try to call directly (curl, postman, etc...) to some url in the domain https://issuer-credentials.loca.it, for example https://issuer-credentials.loca.it/v1/state/status?
barrybecker4
commented
2 months ago @x1m3 , thanks responding.
I ran lt --port 3001 --subdomain issuer-identities & to create the public URL. I can then access
https://issuer-identities.loca.lt/#post-/v1/identities
from guest VM browser and in host browser.
Then I ran lt --port 3002 --subdomain issuer-credentials & and put the resulting https://issuer-credentials.loca.lt in .env.api as the value for ISSUER_API_UI_SERVER_URL.
Should http://localhost:3002 be accessible after running make run? Its not.
After running make run-ui, and waiting a few minutes, all the containers show healthy.
Now when I run curl -v https://issuer-credentials.loca.lt/v1/state/status, the response looks OK. I do not see a certificate error.
* Host issuer-credentials.loca.lt:443 was resolved.
* IPv6: (none)
* IPv4: 193.34.76.44
* Trying 193.34.76.44:443...
* Connected to issuer-credentials.loca.lt (193.34.76.44) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=loca.lt
* start date: Jul 28 01:59:11 2024 GMT
* expire date: Oct 26 01:59:10 2024 GMT
* subjectAltName: host "issuer-credentials.loca.lt" matched cert's "*.loca.lt"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://issuer-credentials.loca.lt/v1/state/status
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: issuer-credentials.loca.lt]
* [HTTP/2] [1] [:path: /v1/state/status]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET /v1/state/status HTTP/2
> Host: issuer-credentials.loca.lt
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/2 404
< server: nginx/1.17.9
< date: Sat, 31 Aug 2024 13:28:27 GMT
< content-length: 3
< ratelimit-limit: 6000
< ratelimit-remaining: 5999
< ratelimit-reset: 290
404There is a 404 at the end though, and I see 404 in the web page too if I try it there.
In the network tab, I also see a 511 error. If I look at the response, I see this
I tried entering the tunnel pw there, but it did nothing.
To bypass the page, the localtunnel instructions suggest
But I don't know how to do that without modifying the issuernode code. Do you have a suggestion for how to get past this?
barrybecker4
commented
2 months ago I did finally get it working, but it was difficult. I made this PR to update the README with some additional guidance.
barrybecker4
commented
1 month ago Should I be trying the develop-v2 branch instead of the main branch? Is that the updated README?
I apologize if this is not the right place for trouble shooting help, but I tried following the instructions, but am getting an error in the UI.
Expected behaviour
The UI starts and I do not see "Network Error" in all the tabs.
Actual behaviour
I see this in the UI
Steps to reproduce the problem
Follow the issuer node install instructions. I am performing the instructions in a Ubuntu VM on a windows host. I used Localtunnel to create public URLs and configured the env files as follows.
.env-ui
.env-api
.env-issuer (some sensitive info replaced with **)
System information
Issuer node version:
vX.X.X- I cloned the latest on Aug 10th 2024. Not sure of the version. OS & Version: Ubuntu 24.04 LTS Browser & Version: Chrome and Firefoxdocker ps shows
The ui and api show unhealthy, but there are no errors in the logs, and I can access http://localhost:3001/#post-/v1/identities.
Logs (if needed)
issuer-api-1
issuer-ui-1