search

fcrepo-exts / fcrepo-docker

The Official Fedora Repository Docker Build Scripts
10 stars 9 forks source link

Accessing fcrepo from public IP gives error #8

Open edwinvanderelst opened 3 years ago

edwinvanderelst commented 3 years ago

Running fcrepo in docker, I can open the admin console on localhost: http://localhost:8001/fcrepo/rest/ When I access the same url on my external IP address: http://192.168.2.6:8001/fcrepo/rest/ I get an exception: java.lang.IllegalArgumentException: Cannot translate NULL path at org.fcrepo.http.commons.api.rdf.HttpIdentifierConverter.toInternalId(HttpIdentifierConverter.java:91) at org.fcrepo.http.api.responses.StreamingBaseHtmlProvider.getResourceFromSubject(StreamingBaseHtmlProvider.java:227) at org.fcrepo.http.api.responses.StreamingBaseHtmlProvider.writeTo(StreamingBaseHtmlProvider.java:205) at org.fcrepo.http.api.responses.StreamingBaseHtmlProvider.writeTo(StreamingBaseHtmlProvider.java:92) at org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor.invokeWriteTo(WriterInterceptorExecutor.java:242) at org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor.aroundWriteTo(WriterInterceptorExecutor.java:227) at org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:139) at org.glassfish.jersey.server.internal.JsonWithPaddingInterceptor.aroundWriteTo(JsonWithPaddingInterceptor.java:85) at org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:139) at org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundWriteTo(MappableExceptionWrapperInterceptor.java:61) at org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:139) at org.glassfish.jersey.message.internal.MessageBodyFactory.writeTo(MessageBodyFactory.java:1115) at org.glassfish.jersey.server.ServerRuntime$Responder.writeResponse(ServerRuntime.java:638) at org.glassfish.jersey.server.ServerRuntime$Responder.processResponse(ServerRuntime.java:371) at org.glassfish.jersey.server.ServerRuntime$Responder.process(ServerRuntime.java:361) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:256) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:392) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:365) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:318) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.fcrepo.auth.webac.WebACFilter.doFilterInternal(WebACFilter.java:244) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)

whikloj commented 3 years ago

Hi @edwinvanderelst can you provide the docker run command you used to start the container. I'm not great with docker but I'll give it a try.

edwinvanderelst commented 3 years ago

Hi, for example: docker run -p 9101:8080 -e FEDORA_ADMIN_PASSWORD=admin fcrepo/fcrepo:6.0.0-SNAPSHOT

You can then access fedora with http://localhost:9101/fcrepo But it fails on the public IP

Login with fedoraAdmin / admin

whikloj commented 3 years ago

Ok, thanks and how are you determining the public IP? I'm running this on my Mac and with

> docker run -dt --name fcrepo6 -p 8080:8080 -e FEDORA_ADMIN_PASSWORD=fedoraAdmin fcrepo/fcrepo:6.0.0-SNAPSHOT
e824a772c6ec249b3d434646009e3b9c69eb1c539c9ac3efab13c131c426109d

I can access it on the published port at 8080

> curl -I -ufedoraAdmin:fedoraAdmin http://localhost:8080/fcrepo/rest     
HTTP/1.1 200 
...

This is where it gets hazy for me, if I get the public IP like this

> docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' fcrepo6
172.17.0.3

Then is this what I should be doing?

> curl -I -ufedoraAdmin:fedoraAdmin http://172.17.0.3/fcrepo/rest

because that just hangs, so I'm clearly missing a step.

edwinvanderelst commented 3 years ago

You get you public IP by clicking on the wifi-settings in the toolbar, Network Preferences. It shows your public IP. Or in the shell: ifconfig en0 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 8c:85:90:b2:a7:33 inet6 fe80::858:e550:255f:31d9%en0 prefixlen 64 secured scopeid 0x8 inet 192.168.2.6 netmask 0xffffff00 broadcast 192.168.2.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active And when you access the public IP, you also have to use the port (so http://192.168.2.6:8080)

The 172.* range is the IP that the docker VM uses (you don't want to use that one)

edwinvanderelst commented 3 years ago

hi, It must have something to do with the first request that I make. If I start fedora and access it on the public IP, it works on that one, and fails on localhost. And visa versa. Maybe nothing to do with docker, but a general issue on hosts accessible on multiple ip's

whikloj commented 3 years ago

Ohhhhh okay. So I disabled the firewall on my laptop and using Firefox on my phone I was able to access my laptop (http://192.168.0.18:8080/fcrepo/rest) and then entering the username/password I saw the HTML UI.

So there is still something different between my setup and yours.

whikloj commented 3 years ago

I am able to access it on my laptop via localhost and my phone at the same time. I just added a new container via the phone and see it via a curl request on my laptop.

edwinvanderelst commented 3 years ago

And it also still works on localhost:8080 ?

edwinvanderelst commented 3 years ago

ok, I will try to debug this further. Thank you for trying to replicate this.

whikloj commented 3 years ago

No problem, as I said my docker is weak so I sadly don't know why it is working for me and not you.

I'll need to try this via a separate curl instance as I think it could be how jersey determines the host. We have had issues in past when running Fedora behind a reverse proxy (which seems similar) to this.

In that case (I think) we got it to work by adding a Host header, but I can't remember the details.

edwinvanderelst commented 3 years ago

I'm debugging in the class StreamingBaseHtmlProvider In method getResourceFromSubject() the call to identifierConverter() gives a cached HttpIdentifierConverter, that was initialized with a different url. And that breaks. If I force a new instance (by clearing the identifierConverter field in the debugger), the request succeeds.

I will try to get a reproducable testcase next week.

tomcbe commented 1 year ago

No problem, as I said my docker is weak so I sadly don't know why it is working for me and not you.

I'll need to try this via a separate curl instance as I think it could be how jersey determines the host. We have had issues in past when running Fedora behind a reverse proxy (which seems similar) to this.

In that case (I think) we got it to work by adding a Host header, but I can't remember the details.

@whikloj Your right, but currently Tomcat used within the fcrepo docker container is not configured to read HTTP-headers used by reverse proxies. There is a PR that would address this https://github.com/fcrepo-exts/fcrepo-docker/pull/16

EDIT: But as far as I can see there is no reverse proxy in use here. So it might indeed be related to some caching that happens within Fedora.

whikloj commented 1 year ago

This issue seems to be the same as https://fedora-repository.atlassian.net/browse/FCREPO-3818

yuntianhu commented 4 months ago

I get a 404 problem. And can not access home page on the localhost:8080 as following. but I can access the admin.

can anyone help please. 

HTTP Status 404 – Not Found
Type Status Report

Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Surfrdan commented 4 months ago

@yuntianhu can you confirm the URLs that you are using for both the successful admin access and the failing 404.

The output off a curl command would be perfect but if you are using a browser, the URL will suffice

whikloj commented 4 months ago

@yuntianhu Are you accessing http://localhost:8080 only? You will need to access http://localhost:8080/fcrepo or (even better) http://localhost:8080/fcrepo/rest? That is where the Fedora web app is deployed on Tomcat.

yuntianhu commented 4 months ago

@Surfrdan the successful admin I used was http://localhost:8080/fcrepo/rest and failed on is http://localhost:8080

yuntianhu commented 4 months ago

thank you @whikloj do you have any tutorial videos about how to use Fadora repository. I am a first time user.