search

getmeli / meli

Platform for deploying static sites and frontend applications easily. Automatic SSL, deploy previews, reverse proxy, and more.
Other
2.41k stars 97 forks source link

could not update site: Error: Request failed with status code 400, when disabling Automatic SSL (ACME) #189

Closed FarisZR closed 3 years ago

FarisZR commented 3 years ago

hello, first of all thanks for awesome project!

i have deployed meli on meli.domain.com(couldn't get sub directory to work, is it supported?) and i want the site to be at domain.com

both domain.com and meli.domain.com are set to reverse proxy for 127.0.0.1:9999 however when adding domain.comto meli org it shows: Could not update site: Error: Request failed with status code 400

and when visiting domain.com apache2 shows : Requested URL not served on this server

this is not mentioned in the docs, and i don't want the site to be a subdomain

pimartin commented 3 years ago

At first glance, I'm guessing that Meli being deployed on a subdomain of the domain you're trying to add to a site is causing an issue in the Caddy configuration we generate. Up to now, we've always expected sites to be on different domains for security. I'll try to reproduce and see if we can find a fix.

Just in case: Make sure the "Expose branches" option is disabled for the domain in Meli, as this could definitely cause problems.

I confirm that sub directories for Meli are currently not supported.

FarisZR commented 3 years ago

At first glance, I'm guessing that Meli being deployed on a subdomain of the domain you're trying to add to a site is causing an issue in the Caddy configuration we generate. Up to now, we've always expected sites to be on different domains for security. I'll try to reproduce and see if we can find a fix.

Just in case: Make sure the "Expose branches" option is disabled for the domain in Meli, as this could definitely cause problems.

I confirm that sub directories for Meli are currently not supported.

disabling Automatic SSL (ACME) was the issue i have my own ssl cert so i disabled it since i don't need it and left the PEM/rsa keys empty since webmin handles my ssl certificates

however enabling it, fixed the issue, now it shows not found which is probably because the site currently has nothing in it.

gempain commented 3 years ago

@fareszr thanks for the kind words ! Just curious, could you try to reproduce the 400 and inspect the response from the server ? I'd be curious to see what you're getting. Chrom inspect should be enough, just the JSON response would help already. Also, if you can enable debug logs in Meli with DEBUG=meli*, reproduce the call and check the logs server side, that'd be great.

FarisZR commented 3 years ago

@fareszr thanks for the kind words ! Just curious, could you try to reproduce the 400 and inspect the response from the server ? I'd be curious to see what you're getting. Chrom inspect should be enough, just the JSON response would help already. Also, if you can enable debug logs in Meli with DEBUG=meli*, reproduce the call and check the logs server side, that'd be great.

can you clarify a bit? how can i enable DEBUG=meli? is it in the environment section in docker compose ? also the http response code is 523

gempain commented 3 years ago

The 523 is normal, it's returned (by Caddy) when you are trying to get a URL which is not served by Caddy. This happens when you've recently created a site manually in the UI and haven't chose a main branch yet.

What I'm trying to debug is the Could not update site: Error: Request failed with status code 400 which you mentioned in your first post. I'd like to get client side logs and server side logs. For client side logs, all I need is the JSON response returned by the server (you can view this by inspecting the page in Chrome). For the server logs, you'll need to enable debug in Meli. In your docker-compose.yml, set DEBUG: meli* in the environment variables of your meli service.

If you can reproduce the error (perhaps on a new site in Meli, to avoid disturbing your current setup) and post the logs here, it would be really helpful. Make sure to remove sensitive info like your domain if you don't want it visible here.

FarisZR commented 3 years ago

The 523 is normal, it's returned (by Caddy) when you are trying to get a URL which is not served by Caddy. This happens when you've recently created a site manually in the UI and haven't chose a main branch yet.

What I'm trying to debug is the Could not update site: Error: Request failed with status code 400 which you mentioned in your first post. I'd like to get client side logs and server side logs. For client side logs, all I need is the JSON response returned by the server (you can view this by inspecting the page in Chrome). For the server logs, you'll need to enable debug in Meli. In your docker-compose.yml, set DEBUG: meli* in the environment variables of your meli service.

If you can reproduce the error (perhaps on a new site in Meli, to avoid disturbing your current setup) and post the logs here, it would be really helpful. Make sure to remove sensitive info like your domain if you don't want it visible here.

got it!

note: things between `` have been replaced with placeholders

server logs

meli_1   | 2021-01-25T12:18:01.475Z meli.api:authorizeReq found token in request eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NjczOTU2My1mNWM4LTQwZmEtYjlkYy0yZDU1OGU2NzhkZDgiLCJpc3N1ZWRBdCI6MTYxMTU3NzAwMzk4OSwiaWF0IjoxNjExNTc3MDAzfQ.d3bSeeeAZ3foC_TIUm9ZUey5pqMAfEis-xpMZ8OXLls
meli_1   | 2021-01-25T12:18:01.479Z meli.api:authorizeReq setting req.user with {
meli_1   |   _id: '86739563-f5c8-40fa-b9dc-2d558e678dd8',
meli_1   |   createdAt: 2021-01-25T12:16:43.974Z,
meli_1   |   updatedAt: 2021-01-25T12:16:43.974Z,
meli_1   |   name: 'fareszr',
meli_1   |   email: 'me@domain.com',
meli_1   |   authProvider: 'gitea',
meli_1   |   externalUserId: 1,
meli_1   |   hooks: []
meli_1   | }
meli_1   | 2021-01-25T12:18:01.479Z meli.api:authorizeApiReq req.user already defined, skipping api authorization
meli_1   | 2021-01-25T12:18:01.506Z meli.api:handleError Error: Invalid body
meli_1   |     at /app/src/commons/express-joi/body.ts:17:14
meli_1   |     at processTicksAndRejections (internal/process/task_queues.js:97:5)
meli_1   | 2021-01-25T12:18:01.506Z meli.api:handleError {
meli_1   |   statusCode: 400,
meli_1   |   path: '/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822',
meli_1   |   message: 'Invalid body',
meli_1   |   error: [
meli_1   |     {
meli_1   |       message: '"domains[0].sslConfiguration" does not match any of the allowed types',
meli_1   |       path: [Array],
meli_1   |       type: 'alternatives.match',
meli_1   |       context: [Object]
meli_1   |     }
meli_1   |   ]
meli_1   | }
meli_1   | {"level":"debug","ts":1611577081.515629,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:3001","request":{"remote_addr":"192.168.80.1:52654","proto":"HTTP/1.1","method":"PUT","host":"meli.domain.com","uri":"/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822","headers":{"Accept":["application/json, text/plain, */*"],"Referer":["https://meli.domain.com/sites/4af349cf-f06c-4b78-b4a4-0343b719c822/settings"],"X-Forwarded-Server":["meli.domain.com"],"Sec-Fetch-Mode":["cors"],"Accept-Language":["en-US,en;q=0.9"],"Origin":["https://meli.domain.com"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["auth=``cookie auth``"],"X-Forwarded-For":["``external ip``, 192.168.80.1"],"Content-Length":["169"],"X-Forwarded-Proto":["http"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"],"X-Forwarded-Host":["meli.domain.com"],"Content-Type":["application/json;charset=UTF-8"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["empty"]}},"duration":0.044404477,"headers":{"X-Ratelimit-Remaining":["93"],"X-Ratelimit-Reset":["1611577098"],"X-Frame-Options":["SAMEORIGIN"],"Content-Type":["application/json; charset=utf-8"],"Etag":["W/\"401-BkGFeoagCH8iDELawhaF5CqBuK0\""],"Content-Encoding":["gzip"],"Date":["Mon, 25 Jan 2021 12:18:01 GMT"],"Vary":["Origin, Accept-Encoding"],"Keep-Alive":["timeout=5"],"X-Ratelimit-Limit":["100"],"Expect-Ct":["max-age=0"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Xss-Protection":["0"],"Access-Control-Allow-Credentials":["true"],"Connection":["keep-alive"],"Content-Security-Policy":["default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"],"X-Dns-Prefetch-Control":["off"],"X-Download-Options":["noopen"],"X-Content-Type-Options":["nosniff"],"Referrer-Policy":["no-referrer"],"Access-Control-Allow-Origin":["https://meli.domain.com"]},"status":400}
meli_1   | PUT /api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822 400 - - 39.933 ms

client

statusCode: 400, path: "/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822", message: "Invalid body",…}
error: [{message: ""domains[0].sslConfiguration" does not match any of the allowed types",…}]
message: "Invalid body"
path: "/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822"
statusCode: 400
gempain commented 3 years ago

That's awesome, thanks so much ! Very helpful 😄

FarisZR commented 3 years ago

That's awesome, thanks so much ! Very helpful smile

no problem! , and again thanks for the awesome project!

gempain commented 3 years ago

This was released on beta. I'm closing, but feel free to comment and we'll reopen if needed.