search

TandoorRecipes / recipes

Application for managing recipes, planning meals, building shopping lists and much much more!
https://docs.tandoor.dev
Other
5.34k stars 563 forks source link

Cannot import any recipe #2364

Closed juantxorena closed 1 year ago

juantxorena commented 1 year ago

Tandoor Version

1.4.7

Setup

Manual Setup

Reverse Proxy

Others (please state below)

Other

nginx

Bug description

I cannot import any recipe. With debug on, I get this error:

There was an error fetching a resource! {"error":true,"msg":"Connection Refused."}

Looking in the network tools of firefox, the request has the following body, with an empty data field (I don't know if that's normal or not), and I get a 400: {"url":"https://www.chefkoch.de/rezepte/982031203667502/Kaese-Lauch-Suppe-mit-Hackfleisch.html","data":""}

Seeing that I seem to be the only one with this error, it's probably a problem on my side. Here are the relevant configs:

nginx:

server {
    #listen 80;
    listen 443 ssl;
    listen 8443 ssl;

    ssl_certificate /etc/ssl/certs/tandoor-bundle.crt;
    ssl_certificate_key /etc/ssl/private/tandoor.key;
    #access_log /var/log/nginx/access.log;
    #error_log /var/log/nginx/error.log;

    # serve media files
    location /static/ {
        alias /var/www/recipes/staticfiles/;
    }

    location /staticfiles/ {
        alias /var/www/recipes/staticfiles/;
    }

    location /media/ {
        alias /var/www/recipes/mediafiles/;
    }

    location /mediafiles/ {
        alias /var/www/recipes/mediafiles/;
    }

    location / {
        proxy_set_header Host $http_host;
        proxy_pass http://unix:/var/www/recipes/recipes.sock;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

.env file

# only set this to true when testing/debugging
# when unset: 1 (true) - dont unset this, just for development
DEBUG=1
SQL_DEBUG=0

# HTTP port to bind to
# TANDOOR_PORT=80

# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
ALLOWED_HOSTS=*

# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
# ---------------------------- REQUIRED -------------------------
SECRET_KEY=*****
# ---------------------------------------------------------------

# your default timezone See https://timezonedb.com/time-zones for a list of timezones
TIMEZONE=Europe/Berlin

# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
DB_ENGINE=django.db.backends.postgresql
# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl
POSTGRES_HOST=/mnt/postgresql
POSTGRES_PORT=5432
POSTGRES_USER=tandooruser
# ---------------------------- REQUIRED -------------------------
POSTGRES_PASSWORD=*****
# ---------------------------------------------------------------
POSTGRES_DB=tandoordb

# database connection string, when used overrides other database settings.
# format might vary depending on backend
# DATABASE_URL = engine://username:password@host:port/dbname

# the default value for the user preference 'fractions' (enable/disable fraction support)
# default: disabled=0
FRACTION_PREF_DEFAULT=0

# the default value for the user preference 'comments' (enable/disable commenting system)
# default comments enabled=1
COMMENT_PREF_DEFAULT=1

# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode
# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which
# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts)
SHOPPING_MIN_AUTOSYNC_INTERVAL=5

# Default for user setting sticky navbar
# STICKY_NAV_PREF_DEFAULT=1

# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/)
# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/'
# SCRIPT_NAME=/recipes

# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN /
# this is not required if you are just using a subfolder
# This can either be a relative path from the applications base path or the url of an external host
STATIC_URL=/staticfiles/

# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN /
# this is not required if you are just using a subfolder
# This can either be a relative path from the applications base path or the url of an external host
MEDIA_URL=/mediafiles/

# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
# provided that include an additional nxginx container to handle media file serving.
# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
GUNICORN_MEDIA=0

# GUNICORN SERVER RELATED SETTINGS (see https://docs.gunicorn.org/en/stable/design.html#how-many-workers for recommended settings)
# GUNICORN_WORKERS=1
# GUNICORN_THREADS=1

# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio)
# as long as S3_ACCESS_KEY is not set S3 features are disabled
# S3_ACCESS_KEY=
# S3_SECRET_ACCESS_KEY=
# S3_BUCKET_NAME=
# S3_REGION_NAME= # default none, set your region might be required
# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls
# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for
# S3_ENDPOINT_URL= # when using a custom endpoint like minio
# S3_CUSTOM_DOMAIN= # when using a CDN/proxy to S3 (see https://github.com/TandoorRecipes/recipes/issues/1943)

# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host
# Required for email confirmation and password reset (automatically activates if host is set)
EMAIL_HOST=*****
EMAIL_PORT=587
EMAIL_HOST_USER=*****
EMAIL_HOST_PASSWORD=*****
EMAIL_USE_TLS=1
EMAIL_USE_SSL=0
# email sender address (default 'webmaster@localhost')
# DEFAULT_FROM_EMAIL=
# prefix used for account related emails (default "[Tandoor Recipes] ")
# ACCOUNT_EMAIL_SUBJECT_PREFIX=

# allow authentication via reverse proxy (e.g. authelia), leave off if you dont know what you are doing
# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
# when unset: 0 (false)
REVERSE_PROXY_AUTH=0

# Default settings for spaces, apply per space and can be changed in the admin view
# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes
# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space
# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload.
# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links

# allow people to create accounts on your application instance (without an invite link)
# when unset: 0 (false)
ENABLE_SIGNUP=1

# If signup is enabled you might want to add a captcha to it to prevent spam
# HCAPTCHA_SITEKEY=
# HCAPTCHA_SECRET=

# if signup is enabled you might want to provide urls to data protection policies or terms and conditions
# TERMS_URL=
# PRIVACY_URL=
# IMPRINT_URL=

# enable serving of prometheus metrics under the /metrics path
# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it
# trough your web server (or leave it open of you dont care if the stats are exposed)
# ENABLE_METRICS=0

# allows you to setup OAuth providers
# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
# SOCIAL_PROVIDERS = allauth.socialaccount.providers.github, allauth.socialaccount.providers.nextcloud,
SOCIAL_PROVIDERS=allauth.socialaccount.providers.keycloak
SOCIALACCOUNT_PROVIDERS={\"keycloak\":{\"KEYCLOAK_URL\":\"https://auth.lan:8443/\",\"KEYCLOAK_REALM\":\"zuhause\"}}
REQUESTS_CA_BUNDLE=/etc/ssl/certs/rezepte.lan.crt

# Should a newly created user from a social provider get assigned to the default space and given permission by default ?
# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future
# default 0 (false), when 1 (true) users will be assigned space and group
# SOCIAL_DEFAULT_ACCESS = 1

# if SOCIAL_DEFAULT_ACCESS is used, which group should be added
# SOCIAL_DEFAULT_GROUP=guest

# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications
# when running under the same database
# SESSION_COOKIE_DOMAIN=.example.com
# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain

# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created
# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases.
# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x
# Keywords and Food can be manually sorted by name in Admin
# This value can also be temporarily changed in Admin, it will revert the next time the application is started
# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting
# SORT_TREE_BY_NAME=0
# LDAP authentication
# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server
#LDAP_AUTH=0
#AUTH_LDAP_SERVER_URI=
#AUTH_LDAP_BIND_DN=
#AUTH_LDAP_BIND_PASSWORD=
#AUTH_LDAP_USER_SEARCH_BASE_DN=
#AUTH_LDAP_TLS_CACERTFILE=

# Enables exporting PDF (see export docs)
# Disabled by default, uncomment to enable
# ENABLE_PDF_EXPORT=1

# Recipe exports are cached for a certain time by default, adjust time if needed
# EXPORT_FILE_CACHE_DURATION=600

Relevant logs

ciphers: None
  raw_paste_global_conf: []
  strip_header_spaces: False
[2023-03-08 20:21:19 +0100] [100] [INFO] Starting gunicorn 20.1.0
[2023-03-08 20:21:19 +0100] [100] [DEBUG] Arbiter booted
[2023-03-08 20:21:19 +0100] [100] [INFO] Listening at: unix:/var/www/recipes/recipes.sock (100)
[2023-03-08 20:21:19 +0100] [100] [INFO] Using worker: sync
[2023-03-08 20:21:19 +0100] [112] [INFO] Booting worker with pid: 112
[2023-03-08 20:21:20 +0100] [100] [DEBUG] 1 workers
[2023-03-08 20:21:43 +0100] [112] [DEBUG] GET /data/import/url
[2023-03-08 20:21:44 +0100] [112] [DEBUG] GET /api/space/1/
Not Found: /api/space/1/
Not Found: /api/space/1/
[2023-03-08 20:21:44 +0100] [112] [DEBUG] GET /service-worker.js
[2023-03-08 20:21:45 +0100] [112] [DEBUG] POST /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
[2023-03-08 20:21:52 +0100] [112] [DEBUG] POST /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
[2023-03-08 20:21:53 +0100] [112] [DEBUG] POST /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
[2023-03-08 20:22:01 +0100] [112] [DEBUG] POST /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
Bad Request: /api/recipe-from-source/
juantxorena commented 1 year ago

Just in case, here's the debug log of nginx when I try to import:

2023/03/09 18:56:07 [debug] 111#111: *1 http keepalive handler
2023/03/09 18:56:07 [debug] 111#111: *1 malloc: 000055FD394899F0:1024
2023/03/09 18:56:07 [debug] 111#111: *1 SSL_read: 752
2023/03/09 18:56:07 [debug] 111#111: *1 SSL_read: -1
2023/03/09 18:56:07 [debug] 111#111: *1 SSL_get_error: 2
2023/03/09 18:56:07 [debug] 111#111: *1 reusable connection: 0
2023/03/09 18:56:07 [debug] 111#111: *1 posix_memalign: 000055FD393FC090:4096 @16
2023/03/09 18:56:07 [debug] 111#111: *1 event timer del: 3: 358545083
2023/03/09 18:56:07 [debug] 111#111: *1 http process request line
2023/03/09 18:56:07 [debug] 111#111: *1 http request line: "POST /api/recipe-from-source/ HTTP/1.1"
2023/03/09 18:56:07 [debug] 111#111: *1 http uri: "/api/recipe-from-source/"
2023/03/09 18:56:07 [debug] 111#111: *1 http args: ""
2023/03/09 18:56:07 [debug] 111#111: *1 http exten: ""
2023/03/09 18:56:07 [debug] 111#111: *1 posix_memalign: 000055FD393FD0A0:4096 @16
2023/03/09 18:56:07 [debug] 111#111: *1 http process request header line
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Host: rezepte.lan"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Accept: application/json, text/plain, */*"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Accept-Language: en-US,en;q=0.5"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Accept-Encoding: gzip, deflate, br"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Content-Type: application/json"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Content-Length: 106"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Referer: https://rezepte.lan/data/import/url"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "X-CSRFTOKEN: 9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Origin: https://rezepte.lan"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "DNT: 1"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Sec-Fetch-Dest: empty"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Sec-Fetch-Mode: cors"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Sec-Fetch-Site: same-origin"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Sec-GPC: 1"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Connection: keep-alive"
2023/03/09 18:56:07 [debug] 111#111: *1 http header: "Cookie: csrftoken=9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo; sessionid=si9a5qs36eaigyox4ue6i971cn1edp1m"
2023/03/09 18:56:07 [debug] 111#111: *1 http header done
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 0
2023/03/09 18:56:07 [debug] 111#111: *1 rewrite phase: 1
2023/03/09 18:56:07 [debug] 111#111: *1 test location: "/"
2023/03/09 18:56:07 [debug] 111#111: *1 test location: "static/"
2023/03/09 18:56:07 [debug] 111#111: *1 test location: "mediafiles/"
2023/03/09 18:56:07 [debug] 111#111: *1 test location: "media/"
2023/03/09 18:56:07 [debug] 111#111: *1 using configuration "/"
2023/03/09 18:56:07 [debug] 111#111: *1 http cl:106 max:1048576
2023/03/09 18:56:07 [debug] 111#111: *1 rewrite phase: 3
2023/03/09 18:56:07 [debug] 111#111: *1 post rewrite phase: 4
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 5
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 6
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 7
2023/03/09 18:56:07 [debug] 111#111: *1 access phase: 8
2023/03/09 18:56:07 [debug] 111#111: *1 access phase: 9
2023/03/09 18:56:07 [debug] 111#111: *1 access phase: 10
2023/03/09 18:56:07 [debug] 111#111: *1 post access phase: 11
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 12
2023/03/09 18:56:07 [debug] 111#111: *1 generic phase: 13
2023/03/09 18:56:07 [debug] 111#111: *1 http client request body preread 106
2023/03/09 18:56:07 [debug] 111#111: *1 http request body content length filter
2023/03/09 18:56:07 [debug] 111#111: *1 http body new buf t:1 f:0 000055FD39489C76, pos 000055FD39489C76, size: 106 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http init upstream, client timer: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: "Host"
2023/03/09 18:56:07 [debug] 111#111: *1 http script var: "rezepte.lan"
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: "X-Forwarded-Proto"
2023/03/09 18:56:07 [debug] 111#111: *1 http script var: "https"
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: "Connection"
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: "close"
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: "Content-Length"
2023/03/09 18:56:07 [debug] 111#111: *1 http script var: "106"
2023/03/09 18:56:07 [debug] 111#111: *1 http script copy: ""
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Accept: application/json, text/plain, */*"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Accept-Language: en-US,en;q=0.5"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Accept-Encoding: gzip, deflate, br"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Content-Type: application/json"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Referer: https://rezepte.lan/data/import/url"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "X-CSRFTOKEN: 9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Origin: https://rezepte.lan"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "DNT: 1"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Sec-Fetch-Dest: empty"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Sec-Fetch-Mode: cors"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Sec-Fetch-Site: same-origin"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Sec-GPC: 1"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Cookie: csrftoken=9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo; sessionid=si9a5qs36eaigyox4ue6i971cn1edp1m"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header:
"POST /api/recipe-from-source/ HTTP/1.0
Host: rezepte.lan
X-Forwarded-Proto: https
Connection: close
Content-Length: 106
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Referer: https://rezepte.lan/data/import/url
X-CSRFTOKEN: 9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo
Origin: https://rezepte.lan
DNT: 1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-GPC: 1
Cookie: csrftoken=9ZzhREwBfLsRHw1snKC2wFbJVBJGmgDo; sessionid=si9a5qs36eaigyox4ue6i971cn1edp1m

"
2023/03/09 18:56:07 [debug] 111#111: *1 http cleanup add: 000055FD393FDD88
2023/03/09 18:56:07 [debug] 111#111: *1 get rr peer, try: 1
2023/03/09 18:56:07 [debug] 111#111: *1 stream socket 11
2023/03/09 18:56:07 [debug] 111#111: *1 epoll add connection: fd:11 ev:80002005
2023/03/09 18:56:07 [debug] 111#111: *1 connect to unix:/var/www/recipes/recipes.sock, fd:11 #11
2023/03/09 18:56:07 [debug] 111#111: *1 connected
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream connect: 0
2023/03/09 18:56:07 [debug] 111#111: *1 posix_memalign: 000055FD393FF880:128 @16
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream send request
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream send request body
2023/03/09 18:56:07 [debug] 111#111: *1 chain writer buf fl:0 s:667
2023/03/09 18:56:07 [debug] 111#111: *1 chain writer buf fl:1 s:106
2023/03/09 18:56:07 [debug] 111#111: *1 chain writer in: 000055FD393FDDE8
2023/03/09 18:56:07 [debug] 111#111: *1 writev: 773 of 773
2023/03/09 18:56:07 [debug] 111#111: *1 chain writer out: 0000000000000000
2023/03/09 18:56:07 [debug] 111#111: *1 event timer add: 11: 60000:358580707
2023/03/09 18:56:07 [debug] 111#111: *1 http finalize request: -4, "/api/recipe-from-source/?" a:1, c:2
2023/03/09 18:56:07 [debug] 111#111: *1 http request count:2 blk:0
2023/03/09 18:56:07 [debug] 111#111: *1 http run request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream check client, write event:1, "/api/recipe-from-source/"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream dummy handler
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream dummy handler
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream process header
2023/03/09 18:56:07 [debug] 111#111: *1 malloc: 000055FD39481170:4096
2023/03/09 18:56:07 [debug] 111#111: *1 recv: eof:0, avail:-1
2023/03/09 18:56:07 [debug] 111#111: *1 recv: fd:11 364 of 4096
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy status 400 "400 Bad Request"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Server: gunicorn"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Date: Thu, 09 Mar 2023 17:56:07 GMT"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Connection: close"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Content-Type: application/json"
2023/03/09 18:56:07 [debug] 111#111: *1 posix_memalign: 000055FD39482180:4096 @16
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Vary: Accept, Accept-Language, Cookie"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Allow: POST, OPTIONS"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "X-Frame-Options: DENY"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Content-Language: en"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Content-Length: 42"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "X-Content-Type-Options: nosniff"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Referrer-Policy: same-origin"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header: "Cross-Origin-Opener-Policy: same-origin"
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy header done
2023/03/09 18:56:07 [debug] 111#111: *1 xslt filter header
2023/03/09 18:56:07 [debug] 111#111: *1 HTTP/1.1 400 Bad Request
Server: nginx/1.18.0
Date: Thu, 09 Mar 2023 17:56:07 GMT
Content-Type: application/json
Content-Length: 42
Connection: keep-alive
Vary: Accept, Accept-Language, Cookie
Allow: POST, OPTIONS
X-Frame-Options: DENY
Content-Language: en
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin

2023/03/09 18:56:07 [debug] 111#111: *1 write new buf t:1 f:0 000055FD394824E0, pos 000055FD394824E0, size: 373 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http write filter: l:0 f:0 s:373
2023/03/09 18:56:07 [debug] 111#111: *1 http cacheable: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http proxy filter init s:400 h:0 c:0 l:42
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream process upstream
2023/03/09 18:56:07 [debug] 111#111: *1 pipe read upstream: 0
2023/03/09 18:56:07 [debug] 111#111: *1 pipe preread: 0
2023/03/09 18:56:07 [debug] 111#111: *1 pipe buf free s:0 t:1 f:0 000055FD39481170, pos 000055FD394812DC, size: 0 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 pipe length: 42
2023/03/09 18:56:07 [debug] 111#111: *1 event timer: 11, old: 358580707, new: 358580779
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream dummy handler
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream request: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream process upstream
2023/03/09 18:56:07 [debug] 111#111: *1 pipe read upstream: 1
2023/03/09 18:56:07 [debug] 111#111: *1 readv: eof:0, avail:-1
2023/03/09 18:56:07 [debug] 111#111: *1 readv: 1, last:3732
2023/03/09 18:56:07 [debug] 111#111: *1 pipe recv chain: 42
2023/03/09 18:56:07 [debug] 111#111: *1 pipe buf free s:0 t:1 f:0 000055FD39481170, pos 000055FD394812DC, size: 42 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 pipe length: 42
2023/03/09 18:56:07 [debug] 111#111: *1 input buf #0
2023/03/09 18:56:07 [debug] 111#111: *1 pipe write downstream: 1
2023/03/09 18:56:07 [debug] 111#111: *1 pipe write downstream flush in
2023/03/09 18:56:07 [debug] 111#111: *1 http output filter "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http copy filter: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 image filter
2023/03/09 18:56:07 [debug] 111#111: *1 xslt filter body
2023/03/09 18:56:07 [debug] 111#111: *1 http postpone filter "/api/recipe-from-source/?" 000055FD393FDDF8
2023/03/09 18:56:07 [debug] 111#111: *1 write old buf t:1 f:0 000055FD394824E0, pos 000055FD394824E0, size: 373 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 write new buf t:1 f:0 000055FD39481170, pos 000055FD394812DC, size: 42 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http write filter: l:0 f:0 s:415
2023/03/09 18:56:07 [debug] 111#111: *1 http copy filter: 0 "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 pipe write downstream done
2023/03/09 18:56:07 [debug] 111#111: *1 event timer: 11, old: 358580707, new: 358580779
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream exit: 0000000000000000
2023/03/09 18:56:07 [debug] 111#111: *1 finalize http upstream request: 0
2023/03/09 18:56:07 [debug] 111#111: *1 finalize http proxy request
2023/03/09 18:56:07 [debug] 111#111: *1 free rr peer 1 0
2023/03/09 18:56:07 [debug] 111#111: *1 close http upstream connection: 11
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD393FF880, unused: 48
2023/03/09 18:56:07 [debug] 111#111: *1 event timer del: 11: 358580707
2023/03/09 18:56:07 [debug] 111#111: *1 reusable connection: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http upstream temp fd: -1
2023/03/09 18:56:07 [debug] 111#111: *1 http output filter "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http copy filter: "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 image filter
2023/03/09 18:56:07 [debug] 111#111: *1 xslt filter body
2023/03/09 18:56:07 [debug] 111#111: *1 http postpone filter "/api/recipe-from-source/?" 00007FFF4DE8FA20
2023/03/09 18:56:07 [debug] 111#111: *1 write old buf t:1 f:0 000055FD394824E0, pos 000055FD394824E0, size: 373 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 write old buf t:1 f:0 000055FD39481170, pos 000055FD394812DC, size: 42 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 write new buf t:0 f:0 0000000000000000, pos 0000000000000000, size: 0 file: 0, size: 0
2023/03/09 18:56:07 [debug] 111#111: *1 http write filter: l:1 f:0 s:415
2023/03/09 18:56:07 [debug] 111#111: *1 http write filter limit 0
2023/03/09 18:56:07 [debug] 111#111: *1 malloc: 000055FD39489E00:16384
2023/03/09 18:56:07 [debug] 111#111: *1 SSL buf copy: 373
2023/03/09 18:56:07 [debug] 111#111: *1 SSL buf copy: 42
2023/03/09 18:56:07 [debug] 111#111: *1 SSL to write: 415
2023/03/09 18:56:07 [debug] 111#111: *1 SSL_write: 415
2023/03/09 18:56:07 [debug] 111#111: *1 http write filter 0000000000000000
2023/03/09 18:56:07 [debug] 111#111: *1 http copy filter: 0 "/api/recipe-from-source/?"
2023/03/09 18:56:07 [debug] 111#111: *1 http finalize request: 0, "/api/recipe-from-source/?" a:1, c:1
2023/03/09 18:56:07 [debug] 111#111: *1 set http keepalive handler
2023/03/09 18:56:07 [debug] 111#111: *1 http close request
2023/03/09 18:56:07 [debug] 111#111: *1 http log handler
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD39481170
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD393FC090, unused: 0
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD393FD0A0, unused: 23
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD39482180, unused: 2024
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD394899F0
2023/03/09 18:56:07 [debug] 111#111: *1 hc free: 0000000000000000
2023/03/09 18:56:07 [debug] 111#111: *1 hc busy: 0000000000000000 0
2023/03/09 18:56:07 [debug] 111#111: *1 free: 000055FD39489E00
2023/03/09 18:56:07 [debug] 111#111: *1 reusable connection: 1
2023/03/09 18:56:07 [debug] 111#111: *1 event timer add: 3: 75000:358595779
vabene1111 commented 1 year ago

Thanks for the good report. I do not see anything immediately wrong but it's a manual setup so I can't really help since a thousand things could be wrong.

Make sure all headers come trough correctly and maybe take a look at the Browser console network request responses, they might give more info as this does not seem to be a server error but an Api one

juantxorena commented 1 year ago

Thanks for the answer.

The gunicorn logs make me think that it's refusing the connection and it doesn't even enter the code, since there is no python logging there.

I also tried to use a http connection between nginx and gunicorn instead of an Unix socket, with the same result.

As you said, I suspect it's a header issue. I will try to add a couple proxy_set_headers to the nginx config that I saw around, and if if doesn't work, I'll try to connect to gunicorn directly instead of through nginx, capture traffic and see what's what.

juantxorena commented 1 year ago

Just a small update, connecting directly to gunicorn without nginx doesn't work neither, I have the same error. I have captured the traffic, and apparently it communicates with the actual app, and it tries to fetch the data, but I get an "unknown CA" error. Apparently the python app doesn't use the certs installed in the system or something.

smilerz commented 1 year ago

Outbound connections aren’t going to be impacted by nginx one way or another.

Make sure you’ve updated all of the python packages. One things you can try to further troubleshooting is to wget that URL and see what errors it throws.

The space not found errors from the original logs are also throwing me off. You don’t get any errors just by browsing tandoor in general?

juantxorena commented 1 year ago

The space not found errors from the original logs are also throwing me off. You don’t get any errors just by browsing tandoor in general?

It's troubling me too, but I get no errors. It doesn't appear if I'm logged as admin, who created the space.

In any case, I've found the problem, but I don't think I can fix it: the line #REQUESTS_CA_BUNDLE=/etc/ssl/certs/rezepte.lan.crt in my .env is necessary for keycloak to work (private CA for my server, not the real name), but then it tries to use it as the only CA for every request to the outside. If I comment that line, import works, but then keycloak login stops working.

juantxorena commented 1 year ago

And it's fixed: I'm using debian, so I added my root CA to the local CA store (in debian it's in /etc/ssl/certs/ca-certificates.crt, but you have to add your CA somewhere and run a script, it was already done), and then use the following line in .env: REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt.

I'm not closing this bug yet, do you think something about this is worth mentioning in the docs somewhere, or is it too specific? I could make a pull request to the docs.

vabene1111 commented 1 year ago

This sounds very specific to me. Closing this the issue can be found if needed