search

bitnami / vms

Bitnami VMs
https://bitnami.com
Other
206 stars 44 forks source link

[CanvasLMS] RCE API not working #314

Closed edtekio closed 2 years ago

edtekio commented 2 years ago

Platform

AWS

bndiagnostic ID know more about bndiagnostic ID

No response

bndiagnostic output

No response

bndiagnostic was not useful. Could you please tell us why?

No response

Describe your issue as much as you can

Hemos desplegado CanvasLMS en AWS usando la imagen de bitnami.

Tras haber seguido (meticulosamente) los manuales de configuración, no somos capaces de hacer que la API del RCE funcione.

Procedo a adjuntar cómo están configurados los distintos ficheros y el log del error que estamos recibiendo. Respecto a logs de la máquina no vemos nada en los logs del apache, ni del canvas-rce, ni el production.log…

Agradeceríamos si nos pudieseis echar una mano e indicarnos de dónde puede estar viniendo el error.

Por otro lado, también saber si el subdominio del RCE tiene que tener algún tipo de configuración DNS en particular.

Fichero /opt/bitnami/canvas-rce-api/.env

ECOSYSTEM_KEY=redacted-value
ECOSYSTEM_SECRET=redacted-value
FLICKR_API_KEY=
UNSPLASH_APP_ID=
UNSPLASH_SECRET=
UNSPLASH_APP_NAME=
YOUTUBE_API_KEY=
NODE_ENV=production
PORT=3000
The statsd server configuration fields are required even if no server will be used
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
Fix protocol for RCE API server requests to Canvas LMS /api
HTTP_PROTOCOL_OVERRIDE=http
HTTP_PROTOCOL_OVERRIDE=https
STATS_PREFIX=rceapi

Fichero /opt/bitnami/canvaslms/config/Dynamic_settings.yml

production:
    config:
        canvas:
            rich-content-service:
                app-host: [rce.ilerna.com](http://rce.ilerna.com/)
            canvas:
                encryption-secret: redacted-value
                signing-secret: redacted-value

Fichero /opt/bitnami/apache2/conf/vhosts/canvas-rce-api-vhost.conf

<VirtualHost [127.0.0.1:80](http://127.0.0.1/) _default_:80>
    ServerName [rce.ilerna.com](http://rce.ilerna.com/)
    ServerAlias [www.rce.ilerna.com](http://www.rce.ilerna.com/)
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
  <Directory "/opt/bitnami/apache2/htdocs">
    Options -Indexes +FollowSymLinks -MultiViews
    AllowOverride All
    Require all granted
    PassengerEnabled on
    Header set Access-Control-Allow-Origin "*"
    modsecurity on
    modsecurity_rules_file "/opt/bitnami/apache2/conf/modsecurity.conf"
  </Directory>
</VirtualHost>

Fichero /opt/bitnami/apache2/conf/vhosts/canvas-rce-api-https-vhost.conf

<VirtualHost [127.0.0.1:443](http://127.0.0.1:443/) _default_:443>
    ServerName [rce.ilerna.com](http://rce.ilerna.com/)
    ServerAlias [www.rce.ilerna.com](http://www.rce.ilerna.com/)
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/bitnami/certs/server.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/bitnami/certs/server.key"
    SSLCertificateChainFile "/opt/bitnami/apache2/conf/bitnami/certs/chain.crt"
    ProxyPass / http://127.0.0.1:3000/
    ProxyPassReverse / http://127.0.0.1:3000/
  <Directory "/opt/bitnami/apache2/htdocs">
    Options -Indexes +FollowSymLinks -MultiViews
    AllowOverride All
    Require all granted
    PassengerEnabled on
    Header set Access-Control-Allow-Origin "*"
    modsecurity on
    modsecurity_rules_file "/opt/bitnami/apache2/conf/modsecurity.conf"
  </Directory>
</VirtualHost>

Error en MS Edge image

Error en Firefox image

Muchas gracias de antemano!

gongomgra commented 2 years ago

Hi @edtekio,

Thanks for using Bitnami. Although a big part of our team is based in Spain, we prefer to provide support in English, so it can be of help to other users in the future.

I edited your ticket to remove the API keys for security reasons. Apart from that, I don't know if you are using the [http://my-domain.com](http://my-domain.com) construction here only, or also in the file in your computer. If you have configured it that way, please update the config file to http://my-domain.com. Remember to restart the services after that to apply the changes.

Additionally, it looks like the rce.ilerna.com domain is always redirected to www.ilerna.es, so I think the requests are never getting to the RCE API server but to the main website instead. Can you check it in your Apache and DNS configuration?

$ curl -LI "http://rce.ilerna.com"
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 12 Sep 2022 09:08:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 54
Connection: keep-alive
X-Powered-By: Express
Location: http://www.ilerna.es
Vary: Accept

HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Sep 2022 09:08:11 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://www.ilerna.es/
CF-Cache-Status: DYNAMIC
Set-Cookie: __cflb=02DiuJ2p2S6D44ndqaG1q4rZMn5hVMGA9taQ4VJ8CNhX2; SameSite=Lax; path=/; expires=Tue, 13-Sep-22 08:08:11 GMT; HttpOnly
Server: cloudflare
CF-RAY: 74977f455a8b7003-IAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

HTTP/2 200
date: Mon, 12 Sep 2022 09:08:12 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store
vary: Host
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuJ2p2S6D44ndqaG1q4rZMn5hVMGA9taQ4VJ8CNhX2; SameSite=Lax; path=/; expires=Tue, 13-Sep-22 08:08:12 GMT; HttpOnly
server: cloudflare
cf-ray: 74977f469a038286-IAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
edtekio commented 2 years ago

Thank you for your quick reply.

Could you please provide us with further details about where the rce subdomain DNS's should point to?

Thank you!

gongomgra commented 2 years ago

Hi @edtekio,

Thanks for your message. We have a guide on how to configure the RCE API of CanvasLMS. Can you check it?

https://docs.bitnami.com/google/apps/canvaslms/configuration/enable-canvas-rce-api/

Can you run the bnsupport tool and provide us with the bnsupport ID it generates? As mentioned I think your Apache configuration may be wrong and something is causing rce.ilerna.com to be redirected to www.ilerna.es as detected using the curl tool. Unfortunately, I don't know if that configuration is set at Apache's or CloudFlare's level.

edtekio commented 2 years ago

Thank you for your reply. To be honest - We have followed stricticly the shared documentation and reviewed many times to make sure we haven't missed any of the steps.

When trying to run the bndiagnostic tool - it appears that the output is way to big to be shown on screen. Please find attached below the message and the code to see the diagnostic response:

_The files listed below are bigger than 10MB and have not been included, please notify the support agent /opt/bitnami/canvaslms/log/delayedjob.log /opt/bitnami/canvaslms/log/production.log The diagnostic bundle was uploaded successfully to the Bitnami servers. Please copy the following code: 70a077db-56ba-37a6-516e-7cfa2cf5e5af

On top of this - As you mention the domain (rce.ilerna.com) is currently redirected (via DNS) to ilerna.es. Could you please inform us about where it should be pointing instead?

Thank you in advance!

gongomgra commented 2 years ago

Hi @edtekio,

Thanks for your message. I checked your Apache configuration and I didn't find any redirection from HTTP to HTTPS, or from one domain to another, so that configuration should be somewhere else. Double-checking the curl output for rce.ilerna.com, I see the first redirect is generated by an NGINX server. Our images use Apache, so I understand there is any other server on your side performing this action.

I also noticed the server for which you shared the bnsupport bundle is configured with a different domain (trial.YOUR-DOMAIN.com, redacted on purpose), and that according to the whatsmydns.net service, that domain points to your server correctly (IP address: 3.X.Y.239). I also checked that accessing your IP address, a Hello, from RCE Service message is shown, so I understand the RCE API for this server works fine. Also, visiting your trial subdomain from the browser shows a CanvasLMS login form. Maybe you need to update your DNS registries with this server Ip address, plus the Apache configuration to use the correct domains?

Regarding your question about the DNS redirect, my understanding is that rce.ilerna.com domain can be either a CNAME for ilerna.com (not sure if you can CNAME a domain ending to a different one, sorry), or an A entry in your DNS registry pointing to the server IP address directly. In case you use a CNAME, then ilerna.com should point to the same server, even via CloudFlare. I don't know if all your current domains point to the same server IP address or not, but according to the tests I performed and the configuration I see in your bnsupport bundle, I think they don't.

I also don't know if configuring some services as subdomains of ilerna.com, and others as subdomains of ilerna.es may cause any issue (I suppose it depends on your DNS redirect configuration). Can you clarify which domain (without redirects) are you expecting your website and the RCE API to be available?

github-actions[bot] commented 2 years ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 2 years ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.