search

blindsidenetworks / scalelite

Scalable load balancer for BigBlueButton.
GNU Affero General Public License v3.0
465 stars 249 forks source link

Scalelite 1.5 Blocked Host log from scalelite-api #964

Closed GUFFMHRZ closed 1 year ago

GUFFMHRZ commented 1 year ago

Deployment (required):

  1. Systemd
  2. Greenlight V2.14.3 (stand alone VM)
  3. scalelite-api (stand alone VM including -nginx, -poller, -recording-importer)

Describe the problem (required): On our Testsystem, i run Greenlight on a stand alone Server and Scalelite (all 4 Containers) on a stand alone server, with some test-BBB-nodes behind the Scalelite Since upgrading Scalelite to 1.5, under systemctl status scalelite-api.service i get the message: Jun 12 16:47:15 bbb-testlb docker[20681]: E, [2023-06-12T14:47:15.457464 #10] ERROR -- : [ActionDispatch::HostAuthorization::DefaultResponseApp] Blocked host: bbb-testlb.rz.uni-frankfurt.de (bbb-testlb being our stand alone Scalelite VM) reverting back to Scalelite 1.4 makes it work again When logging in to Greenlight and wanting to start a room, i get a 500 error message When trying to access Scalelite-Version-Check under https://bbb-testlb.rz.uni-frankfurt.de/bigbluebutton/api, it shows access denied

Logs (may be required): Jun 12 16:47:15 bbb-testlb docker[20681]: E, [2023-06-12T14:47:15.457464 #10] ERROR -- : [ActionDispatch::HostAuthorization::DefaultResponseApp] Blocked host: bbb-testlb.rz.uni-frankfurt.de

PS: I'll be on vacation for a week, so in case more information is needed, i can't answer them before next week.

farhatahmad commented 1 year ago

Do you have your URL_HOST variable set?

GUFFMHRZ commented 1 year ago

when i set that to URL_HOST=bbb-testlb.rz.uni-frankfurt.de, scalelite-nginx suddenly doesn't boot up anymore with:

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/bbb-testlb.rz.uni-frankfurt.de/fullchain.pem": BIO_new_file() failed (SSL: error:02001>02:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/live/bbb-testlb.rz.uni-frankfurt.de/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

We have self-issued certificates, they are put in /etc/nginx/ssl/live

/default/scalelite: NGINX_SSL=true SCALELITE_NGINX_EXTRA_OPTS="--mount type=bind,source=/etc/nginx/ssl,target=/etc/nginx/ssl,readonly"

JeanPluzo commented 1 year ago

Hi, it seems it's a certificate problem. /etc/nginx/ssl/live isn't directly on your server, but on the SL container. You might have this path in your server, but the error message is coming from inside the docker container. You should check your volume mappings in the docker-compose.yml file from SL.

Regards, J.

GUFFMHRZ commented 1 year ago

We have a systemd setup, so i cant check docker-compose mappings, in my systemd file, nothing seems unusual i find the directory in the container, when i set the URL_HOST it seems to add the bbb-testlb.rz.uni-frankfurt.de-directory there, while the cert-files remain in /live any way to fix?

JeanPluzo commented 1 year ago

If you do docker inspect scalelite-api you should see where the volumes ("Mounts") are mapped to. I used the SCALELITE_NGINX_EXTRA_OPTS variable before, but it didn't work for me. I checked where the docker mounts were mapped to and changed my certificate files to this location. In the end, it seems your docker mounts are not pointing in the right direction.

Regards, J.