search

Islandora-Devops / isle-dc

ISLE 8 - Dockerized Islandora 8 Deployment orchestrated with docker-compose
MIT License
23 stars 60 forks source link

SSL error on generating derivatives #307

Closed rbos closed 1 year ago

rbos commented 2 years ago

Hi,

When we upload a new item to ISLE, thumbnails and such for new articles aren't being generated.

When we try, we get an error like [1], SSL certificate problem.

Our environment has some quirks: we run ISLE behind a virtual IP on a load balancer, which accepts port 443/80 traffic and handles our SSL certificate, then forwards all requests on. ISLE itself is configured to listen only on port 80 (I removed all the https entries in the docker-compose files, which was recommended on Slack, and that seems to work).

We did use a Letsencrypt certificate before taking the service live, so it's possible that certificate was being used somewhere, and then expired, but I'm not sure how/where.

This host has clear access to the internet, but we do have an HTTP proxy that we use elsewhere. I think I've disabled all references to the proxy. Outbound requests should be fine.

So I'm unclear on what URL it's trying to access and why it's trying to use SSL to access that URL. It looks like it's trying to access houdini:8000/convert from the error.

Am I missing something blindingly obvious?

[1]

isle-dc-houdini-1     | [2022-10-25 19:15:19] php.CRITICAL: Uncaught Exception: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) {"exception":"[object] (GuzzleHttp\\Exception\\RequestException(code: 0): cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) at /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:201)"} []
isle-dc-houdini-1     | NOTICE: PHP message: PHP Fatal error:  Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) in /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:201
isle-dc-houdini-1     | Stack trace:
isle-dc-houdini-1     | #0 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection()
isle-dc-houdini-1     | #1 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError()
isle-dc-houdini-1     | #2 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish()
isle-dc-houdini-1     | #3 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke()
isle-dc-houdini-1     | #4 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}()
isle-dc-houdini-1     | #5 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware in /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 201
isle-dc-houdini-1     | 192.168.9.10 - - [25/Oct/2022:19:15:19 +0000] "GET /convert HTTP/1.1" 500 5 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_345)" "-"
isle-dc-houdini-1     | 2022/10/25 19:15:19 [error] 823#823: *23 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) in /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:201
isle-dc-houdini-1     | Stack trace:
isle-dc-houdini-1     | #0 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(155): GuzzleHttp\Handler\CurlFactory::createRejection()
isle-dc-houdini-1     | #1 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php(105): GuzzleHttp\Handler\CurlFactory::finishError()
isle-dc-houdini-1     | #2 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php(43): GuzzleHttp\Handler\CurlFactory::finish()
isle-dc-houdini-1     | #3 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke()
isle-dc-houdini-1     | #4 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php(51): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}()
isle-dc-houdini-1     | #5 /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware in /var/www/crayfish/Houdini/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php on line 201" while reading response header from upstream, client: 192.168.9.10, server: , request: "GET /convert HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm7/php-fpm7.sock:", host: "houdini:8000"
rbos commented 1 year ago

I don't know how I fixed this, but it works now. I think maybe the admin panel had the houdini URL set wrong.