search

HemmeligOrg / Hemmelig.app

Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
https://hemmelig.app
MIT License
684 stars 59 forks source link

Database Connection Issue #214

Closed FuckingToasters closed 11 months ago

FuckingToasters commented 11 months ago

Description

I have an reverseproxy network called webproxy with a /16 subnet (172.26.0.0/16)

Hemmelig.app runs on ip 172.26.0.19

No public ports are exposed in my compose file for security reasons, ports are accessable within the vps and can be used with nginx proxy manager to access my services via a domain.

Here the compose file i use:

version: '3'
services:
    hemmelig:
        image: hemmeligapp/hemmelig:v5.13.1 # Check the tags for what version to use
        hostname: hemmelig
        init: true
        volumes:
            - ./data/hemmelig/:/var/tmp/hemmelig/upload/files
            - ./data/database/:/root/docker/data/hemmelig/database/
        environment:
            - SECRET_LOCAL_HOSTNAME=files.vbucksgenerator.zip # The local hostname for the fastify instance
            - SECRET_PORT=3000 # The port number for the fastify instance
            - SECRET_HOST=http://172.26.0.19:3000 # Used for i.e. set cors/cookies to your domain name
            - SECRET_ROOT_USER=groot # User as the root admin user
            - SECRET_ROOT_PASSWORD=iamroot # The admin user password (change this after signed in)
            - SECRET_ROOT_EMAIL=redacted@gmail.com # The email for the admin user
            - SECRET_FILE_SIZE=4 # Set the total allowed upload file size in mb
            - SECRET_FORCED_LANGUAGE=en # Set the default language for the application
            - SECRET_JWT_SECRET=P6FJuoLQPB8qcqWSVvmrXrdPL # Override this for the secret signin JWT tokens for log in
            - SECRET_MAX_TEXT_SIZE=256 # The max text size for the secret. Is set in kb. i.e. 256 for 256kb
        networks:
            - webproxy
        restart: always
        stop_grace_period: 1m

        #healthcheck:
            #test: 'wget -O /dev/null http://172.26.0.19:3000 || exit 1'
            #timeout: 5s
            #retries: 1

networks:
    webproxy:
        external: true

Here the docker logs:

> hemmelig@5.0.0 start
> prisma migrate deploy && node server.js
Environment variables loaded from .env
Prisma schema loaded from prisma/schema.prisma
Datasource "db": SQLite database "hemmelig.db" at "file:../database/hemmelig.db"
SQLite database hemmelig.db created at file:../database/hemmelig.db
13 migrations found in prisma/migrations
Applying migration `20230403094651_init`
Applying migration `20230403105353_init`
Applying migration `20230405075854_usergenerated`
Applying migration `20230405082548_userrole`
Applying migration `20230406072002_settings`
Applying migration `20230406095057_readonly`
Applying migration `20230409114406_disablefileupload`
Applying migration `20230409162446_cascadedelete`
Applying migration `20230411070916_disable_account_creation`
Applying migration `20230415103015_user_secret_relation`
Applying migration `20230417053342_org_email_setting`
Applying migration `20230417111804_rename_restrict`
Applying migration `20230421090823_secretid_uuid`
The following migrations have been applied:
migrations/
  └─ 20230403094651_init/
    └─ migration.sql
  └─ 20230403105353_init/
    └─ migration.sql
  └─ 20230405075854_usergenerated/
    └─ migration.sql
  └─ 20230405082548_userrole/
    └─ migration.sql
  └─ 20230406072002_settings/
    └─ migration.sql
  └─ 20230406095057_readonly/
    └─ migration.sql
  └─ 20230409114406_disablefileupload/
    └─ migration.sql
  └─ 20230409162446_cascadedelete/
    └─ migration.sql
  └─ 20230411070916_disable_account_creation/
    └─ migration.sql
  └─ 20230415103015_user_secret_relation/
    └─ migration.sql
  └─ 20230417053342_org_email_setting/
    └─ migration.sql
  └─ 20230417111804_rename_restrict/
    └─ migration.sql
  └─ 20230421090823_secretid_uuid/
    └─ migration.sql

All migrations have been successfully applied.
(node:20) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.
Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)
2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 hostname=hemmelig 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 hostname=hemmelig err={"type":"Error","message":"listen EADDRNOTAVAIL: address not available 172.67.215.213:3000","stack":"Error: listen EADDRNOTAVAIL: address not available 172.67.215.213:3000\n    at Server.setupListenHandle [as _listen2] (node:net:1800:21)\n    at listenInCluster (node:net:1865:12)\n    at GetAddrInfoReqWrap.doListen [as callback] (node:net:2014:7)\n    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:110:8)","code":"EADDRNOTAVAIL","errno":-99,"syscall":"listen","address":"172.67.215.213","port":3000} 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 hostname=hemmelig 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 2023/09/28 04:58PM 2023/09/28 04:58PM 50 pid=20 hostname=hemmelig err={"type":"Error","message":"listen EADDRNOTAVAIL: address not available 172.67.215.213:3000","stack":"Error: listen EADDRNOTAVAIL: address not available 172.67.215.213:3000\n    at Server.setupListenHandle [as _listen2] (node:net:1800:21)\n    at listenInCluster (node:net:1865:12)\n    at GetAddrInfoReqWrap.doListen [as callback] (node:net:2014:7)\n    at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:110:8)","code":"EADDRNOTAVAIL","errno":-99,"syscall":"listen","address":"172.67.215.213","port":3000} msg=listen EADDRNOTAVAIL: address not available 172.67.215.213:3000

As you can see, it try to use 172.67.215.213 which is outside of the webproxy subnet so i need to figure out, how i can cange the ip it is trying to run on. (172.26.0.0/16)

Screenshots

No response

Additional information

No response

bjarneo commented 11 months ago

Well, I do not think this is a bug within Hemmelig. And, it is kind of hard to debug without access to such a network.

That said,

SECRET_LOCAL_HOSTNAME=files.vbucksgenerator.zip should be set to 0.0.0.0 (or not used at all)

SECRET_HOST you can remove http://, but you should use the domain name here (files.vbucksgenerator.zip)

FuckingToasters commented 11 months ago

Well, I do not think this is a bug within Hemmelig. And, it is kind of hard to debug without access to such a network.

That said,

SECRET_LOCAL_HOSTNAME=files.vbucksgenerator.zip should be set to 0.0.0.0 (or not used at all)

SECRET_HOST you can remove http://, but you should use the domain name here (files.vbucksgenerator.zip)

Thanks, i now got it up and running. little sidequestion, where do i find the html, js files from the service?

bjarneo commented 11 months ago

If you can work with private networks, then you should be able to figure out that one yourself. 😉