Clowder Signup is Not Working for AWS Deployment

clowder-framework / clowder

A data management system that allows users to share, annotate, organize and analyze large collections of datasets. It provides support for extensible metadata annotation using JSON-LD and a distribute analytics event bus for automatic curation of uploaded data.

https://clowderframework.org/

University of Illinois/NCSA Open Source License

33 stars 17 forks source link

Clowder Signup is Not Working for AWS Deployment #430

Closed adkinsn closed 8 months ago

adkinsn commented 8 months ago

AWS now requires TLS 1.2 and higher. Please see below. We need to update the Clowder code to use TLS 1.2 in the email code. Here is the error from the log. We are using Amazon SES to send emails. This is definitely a big blocker for us because users can't sign up to use our Clowder instance.

Caused by: com.sun.mail.smtp.SMTPSendFailedException: 554 Access denied: Amazon SES no longer supports TLS 1.0 and TLS 1.1 connections. You must update your client to use TLS version 1.2 or above. To learn more and to update your client, see https://go.aws/3AUlVSb. For further assistance, contact AWS support

lmarini commented 8 months ago

Thanks for the issue @adkinsn . Posted this reply in slack. We can also continue conversation here.

I am assuming you are running clowder using docker compose?

If so, can you try the following. In the docker-compose.yml add the following command session. Replace smtp.ncsa.illinois.edu with the AWS mail server. Restart stack with docker compose down and docker compose up. Please let us know if that works. Thank you.

  clowder:
    image: clowder/clowder:${CLOWDER_VERSION:-latest}
    command:
      - /home/clowder/clowder.sh
      - -Dmail.smtps.ssl.protocols=TLSv1.2
      - -Dmail.smtps.ssl.trust=smtp.ncsa.illinois.edu

lmarini commented 8 months ago

@adkinsn we have built a new docker image that upgrades the versions of java. Can you try deploying clowder/clowder:PR-434 and see if it works? Can you try both with and without the command flags? So:

clowder:
    image: clowder/clowder:PR-434
    command:
      - /home/clowder/clowder.sh
      - -Dmail.smtps.ssl.protocols=TLSv1.2
      - -Dmail.smtps.ssl.trust=smtp.ncsa.illinois.edu

and no command:

clowder:
    image: clowder/clowder:PR-434

Please make sure to do docker compose down and docker compose up. Not docker compose stop.

Let us know how it goes. Thank you.

lmarini commented 8 months ago

We were able to resolve this issue by just adding the TLSv1.2 to the current 1.22.0 version. Upgrading the Java version was not required. That being said we might want to do that in a future release anyways. Current working docker file running on AWS looks like this:

clowder:
    image: clowder/clowder:${CLOWDER_VERSION:-latest}
    command:
      - /home/clowder/clowder.sh
      - -Dmail.smtp.ssl.protocols=TLSv1.2