search

RestComm / Restcomm-Docker

Docker Image for RestComm at https://github.com/RestComm/RestComm-Connect
http://www.restcomm.com/
GNU Affero General Public License v3.0
14 stars 31 forks source link

Problem with authentication in Restcomm #25

Closed antonmry closed 8 years ago

antonmry commented 8 years ago

I'm trying this tutorial: http://docs.telestax.com/restcomm-docker-quick-start-guide/ and having some problems. I'm launching restcomm with the following command:

docker run  -i -d --name=restcomm-myInstance -v /var/log/restcomm/:/var/log/restcomm/ -e STATIC_ADDRESS="172.20.34.63" -e ENVCONFURL="https://raw.githubusercontent.com/RestComm/Restcomm-Docker/master/scripts/restcomm_env_locally.sh" -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest

I'm able to login to the admin, but when I try to login with the alice, Olympus returns an authentication error. If I try to change the Alice password, Restcomm ends the administrator session.

Looking with "docker logs", there is a "No route to the host" exception trying to connect to 172.20.34.63, my ethernet IP (no access from the docker instance).

Then I've tried changing STATIC_ADDRESS with the docker instance IP (172.17.0.2), the internal IP docker instance... but it fails when I try to login with alice with the following error:

17:26:01,275 INFO  [org.apache.shiro.realm.AuthorizingRealm] (http-/172.17.0.2:443-4) No cache or cacheManager properties have been set.  Authorization cache cannot be obtained.

I tried the uploaded image and also building one from the repository. My OS is Fedora 23 and I tried with Firefox 44

croufay commented 8 years ago

antonmry,

I noticed that you are using Firefox, did you get the same issue using Chrome?

Charles

atsakiridis commented 8 years ago

Right, also there's an issue with Firefox that doesn't allow you to accept a self-signed certificate when contacting a wss:// link. I assume you are using https, right? If so you can find a workaround here:

https://bugzilla.mozilla.org/show_bug.cgi?id=594502

Moreover keep in mind that the STATIC_ADDRESS should be the ip of the host, not the container, if you want to use the container externally

On Thu, Feb 4, 2016 at 7:45 PM, Charles R notifications@github.com wrote:

antonmry,

I noticed that you are using Firefox, did you get the same issue using Chrome?

Charles

— Reply to this email directly or view it on GitHub https://github.com/RestComm/Restcomm-Docker/issues/25#issuecomment-179963917 .

Antonis Tsakiridis Lead Developer, Mobile SDKs at Telestax antonis.tsakiridis@telestax.com http://www.telestax.com

antonmry commented 8 years ago

I tested again with alice and chrome and the Ethernet IP... you are right, I'm able to login now as alice... but if I try as administrator change the Alice password, the admin session is over and the following exception appears in the log:

18:13:18,665 ERROR [org.mobicents.servlet.restcomm.rvd.security.AutheticationFilter] (http-/172.17.0.2:443-3) Internal error while authentication against restcomm for user 'administrator@company.com': org.mobicents.servlet.restcomm.rvd.security.exceptions.RvdSecurityException: Error authenticating on restcomm
    at org.mobicents.servlet.restcomm.rvd.security.AuthenticationService.authenticate(AuthenticationService.java:55) [classes:]
    at org.mobicents.servlet.restcomm.rvd.security.AutheticationFilter.filter(AutheticationFilter.java:73) [classes:]
    at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:281) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1480) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1411) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1360) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1350) [jersey-server-1.13.jar:1.13]
    at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) [jersey-servlet-1.13.jar:1.13]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) [jersey-servlet-1.13.jar:1.13]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) [jersey-servlet-1.13.jar:1.13]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.0.Final.jar:7.2.0.Final]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_80]
Caused by: java.net.NoRouteToHostException: No route to host
    at java.net.PlainSocketImpl.socketConnect(Native Method) [rt.jar:1.7.0_80]
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) [rt.jar:1.7.0_80]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) [rt.jar:1.7.0_80]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) [rt.jar:1.7.0_80]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) [rt.jar:1.7.0_80]
    at java.net.Socket.connect(Socket.java:579) [rt.jar:1.7.0_80]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:337) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [httpclient-4.5.jar:4.5]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) [httpclient-4.5.jar:4.5]
    at org.mobicents.servlet.restcomm.rvd.security.AuthenticationService.authenticate(AuthenticationService.java:51) [classes:]
    ... 27 more
otsakir commented 8 years ago

Anton, there are parts in the AdminUI work-flow that rely on RVD and it seems that the later has problem contacting Restcomm, hence the 'No route to host' exception.

Please do the following to help us pinpoint the problem:

  1. Evaluate whether RVD login and common operations like create/remove a project work and if there any exception thrown ? Chances are, they won't.
  2. For the sake of clarity, please paste the docker run command you used once more to assure we're on the same page.
  3. I see that your ethernet IP is 172.20.34.63. What's your docker network interface IP ?
  4. After trying to login RVD skim through your server log for a message containing: "Using Restcomm server at" and paste the full log entry here.

Regards

Orestis

antonmry commented 8 years ago

Hi @otsakir

Thanks for your support. Here the answers:

  1. You are right, I'm not able to login to the RVD. See the exception in point 4. It seems Restcomm is using the ethernet IP internally instead of the docker instance IP, so it fails. Why are you using STATIC_ADDRESS? Because of AWS maybe?
  2. This is the command I'm using:
docker run -i -d --name=restcomm-myInstance -v /var/log/restcomm/:/var/log/restcomm/ -e STATIC_ADDRESS="172.20.34.63" -e ENVCONFURL="https://raw.githubusercontent.com/RestComm/Restcomm-Docker/master/scripts/restcomm_env_locally.sh" -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest
  1. My IPs:
    • Ethernet Interface: 172.20.34.63
    • Docker Interface: 172.17.0.1
    • Docker restcomm IP: 172.17.0.2
  2. Here the log when I try to login to RVD:
09:44:16,709 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) I/O exception (java.net.NoRouteToHostException) caught when processing request to {s}->https://172.20.34.63:443: No route to host
09:44:16,709 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) Retrying request to {s}->https://172.20.34.63:443
09:44:17,711 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) I/O exception (java.net.NoRouteToHostException) caught when processing request to {s}->https://172.20.34.63:443: No route to host
09:44:17,712 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) Retrying request to {s}->https://172.20.34.63:443
09:44:18,715 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) I/O exception (java.net.NoRouteToHostException) caught when processing request to {s}->https://172.20.34.63:443: No route to host
09:44:18,715 INFO  [org.apache.http.impl.execchain.RetryExec] (http-/172.17.0.2:443-7) Retrying request to {s}->https://172.20.34.63:443

Let me know if I can provide something more to help with it.

leftyb commented 8 years ago

Hi @antonmry,

Please make sure that you are using the latest container (docker pull mobicents/restcomm:latest),

Then try to run: docker run --rm -i -t --name=restcomm-myInstance -v /var/log/restcomm/:/var/log/restcomm/ -e STATIC_ADDRESS="172.20.34.63" -e ENVCONFURL="https://raw.githubusercontent.com/RestComm/Restcomm-Docker/master/scripts/restcomm_env_locally.sh" -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest

And please add the output here. Finally please add the output of "ifconfig"

*One more thing, as Fedora by default has SElinux enabled please make sure that it is disabled: here

Thank you.

antonmry commented 8 years ago

Hi @leftyb

I've repeated all the process, you can find it recorded here: https://asciinema.org/a/35978

I hope it helps. You can copy&paste from the video.

The first time I've introduced a wrong password. Then, log in as administrator, change the password, try to change Alice password and log in in the RVD.

Is this something happening only to me?

antonmry commented 8 years ago

If I run

docker run --rm -i -t --name=restcomm-myInstance -v /var/log/restcomm/:/var/log/restcomm/ -e STATIC_ADDRESS="172.17.0.2" -e ENVCONFURL="https://raw.githubusercontent.com/RestComm/Restcomm-Docker/master/scripts/restcomm_env_locally.sh" -p 80:80 -p 443:443 -p 9990:9990 -p 5060:5060 -p 5061:5061 -p 5062:5062 -p 5063:5063 -p 5060:5060/udp -p 65000-65535:65000-65535/udp mobicents/restcomm:latest

And I access to https://172.17.0.2 with Chrome, all works well.

leftyb commented 8 years ago

Hi @antonmry,

Nice to hear that everything works. If you want to run the container without all the starting log information remove -t (foreground) with -d (detach) and as well remote --rm.

Best regards.

antonmry commented 8 years ago

Finally I found the problem: I miss a iptables rule to allow the docker interface access to my network interface in the port 443 but it was allowed to access higher ports. Typical damn thing but hard to debug. Luckily I found it solving other issues.