Closed Ciangi closed 5 years ago
Seems to be a Prosody configuration problem. Prosody doesn't know that it is responsible for mydomain.com
. Did you update the VirtualHost
line in prosody.cfg.lua
?
The jabber.org
URL is nothing to contact, but just an XML namespace (a unique identifier of how the protocol behaves; in this case, this enables BoSH requests).
If it does not work, could you please provide some configuration information (copies of the config files, versions of the OS/software used, …)
As I said, oh i didn't said that both nextcloud and prosody are docker containers. So, prosody based on: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
but maybe there is a problem with proxy? look that prosody open ocnnection for 172.17.238.1 but this is ip of the docker host, but when i try log in in nextcloud i dont know the ip 172.17.238.1. So if i good understand the prosody should open connection for my IP, not ip of the docker host right? But wait .... the heart of proxy is that i don't "know" the subnet.
the prosody.cfg.lua:
admins = { }
plugin_paths = { "/usr/lib/prosody-modules/xmpp-cloud-auth/prosody-modules" }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
-- "register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
};
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
};
cross_domain_bosh = true
consider_bosh_secure = true
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
daemonize = false;
pidfile = "/var/run/prosody/prosody.pid";
ssl = {
key = "/etc/prosody/certs/ssl-cert-snakeoil.key";
certificate = "/etc/prosody/certs/ssl-cert-snakeoil.pem";
}
c2s_require_encryption = true
s2s_secure_auth = true
authentication = "external"
external_auth_command = "/usr/lib/prosody-modules/xmpp-cloud-auth/xcauth.py"
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
warn = "/var/log/prosody/prosody.warn";
debug = "/var/log/prosody/prosody.debug";
-- "*syslog"; -- Uncomment this for logging to syslog
"*console"; -- Log to the console, useful for debugging with daemonize=false
}
VirtualHost "mydomain.com"
enabled = true -- Remove this line to enable this host
cat /etc/xcauth.conf:
type=prosody
secret=MYSECRET
url=https://mydomain.com/apps/ojsxc/ajax/externalApi.php
timeout=5
log=/var/log/xcauth
cache-query-ttl=4h
cache-verification-ttl=1d
cache-unreachable-ttl=1w
debug
Sorry, I do not know enough about Docker to help out here. But you need to make sure that XMPP requests (5222, 5269, 5280, 5281) to "mydomain.com" are directed to Prosody and HTTP(S) requests to Nextcloud (80, 443).
I also do not have any experience running on Ubuntu < 16.04. What is the Prosody version?
Can you try and connect to the XMPP server with another XMPP client? Or with telnet localhost 5280
in the XMPP container (and then paste the command you have been seeing in your log, where it tries to select the virtual host "mydomain.com")? If that does not work, you may need to consult Prosody configuration advice. (@DanScharon: Do you have any further ideas?)
<body xml:lang='en' xmpp:version='1.0' xmlns='http://jabber.org/protocol/httpbind' content='text/xml; charset=utf-8' to='mydomain.com' ver='1.6' rid='3480731015' wait='60' hold='1' xmlns:xmpp='urn:xmpp:xbosh'/>
Hello and welcome to Prosody version 0.9.1
but wait ... i only opened port 5281 because its a secure connection to XMPP server right? Should I open this others ports too?? isn't dangerous?
I will open this ports (5222, 5269, 5280) tomorrow and see the result, because i thought that i can just open port 5281 and it should works... ( Edit i opened them ).
I found the mistake what i did, sorry for that. The problem was that i was writing bad domain name .... because i create VirtualHost in prosody in smth like "sub.mydomain.com" and i tried to logon using "user@mydomain.com" but should use " user@sub.mydomain.com".
i also added from documentation of mod_bosh (https://prosody.im/doc/modules/mod_bosh)
trusted_proxies = { "172.17.238.1" }
But now problem is another....
(***)
socket debug server.lua: auto-starting ssl negotiation...
socket debug server.lua: attempting to start tls on tcp{client}: 0x10c4be8
socket debug server.lua: accepted new client connection from 172.17.238.1:51998 to 5281
socket debug server.lua: ssl handshake done
mod_bosh debug Handling new request table: 0x10f0800: <body xml:lang='en' xmpp:version='1.0' xmlns='http://jabber.org/protocol/httpbind' content='text/xml; charset=utf-8' to='sub.mydomain.com' ver='1.6' rid='1305589663' wait='60' hold='1' xmlns:xmpp='urn:xmpp:xbosh'/>
----------
mod_bosh debug BOSH body open (sid: <none>)
bosh7fca9e31-4235-4425-a2bc-0a21f7288035 debug BOSH session created for request from 10.8.13.6
mod_bosh info New BOSH session, assigned it sid '7fca9e31-4235-4425-a2bc-0a21f7288035'
mod_bosh debug We have an open request, so sending on that
mod_bosh debug Request destroyed: table: 0xf93a80
socket debug server.lua: closed client handler and removed socket from list
mod_bosh debug Session 7fca9e31-4235-4425-a2bc-0a21f7288035 has 0 out of 1 requests open
mod_bosh debug and there are 0 things in the send_buffer:
socket debug server.lua: auto-starting ssl negotiation...
socket debug server.lua: attempting to start tls on tcp{client}: 0x11792e8
socket debug server.lua: accepted new client connection from 172.17.238.1:52004 to 5281
socket debug server.lua: ssl handshake done
mod_bosh debug Handling new request table: 0xeae5f0: <body xmlns='http://jabber.org/protocol/httpbind' rid='1305589664' sid='7fca9e31-4235-4425-a2bc-0a21f7288035'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>YWRtaW5AY2xvdWQuc2NvcHRvbmljLmNvbQBhZG1pbgBQb2xza2ExMjMh</auth></body>
----------
mod_bosh debug BOSH body open (sid: 7fca9e31-4235-4425-a2bc-0a21f7288035)
mod_bosh debug BOSH stanza received: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
bosh7fca9e31-4235-4425-a2bc-0a21f7288035 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
sub.mydomain.com:auth_external warn Auth process exited unexpectedly with exit 1, restarting
sub.mydomain.com:auth_external warn Error while waiting for result from auth process: unknown error
sub.mydomain.com:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you've sent.</text></failure>
mod_bosh debug We have an open request, so sending on that
mod_bosh debug Request destroyed: table: 0x1031a30
bosh7fca9e31-4235-4425-a2bc-0a21f7288035 debug BOSH session marked as inactive (for 60s)
socket debug server.lua: closed client handler and removed socket from list
mod_bosh debug Session 7fca9e31-4235-4425-a2bc-0a21f7288035 has 0 out of 1 requests open
mod_bosh debug and there are 0 things in the send_buffer:
if i goos understand it tells my that i wrote wrong username/password, but now it is impossible because i wrote exactly the same username/password in excauth.py and it tells me that its correct:
2018-01-05 00:09:10,860 DEBUG: Start external auth script 0.9.0+ for prosody with endpoint: https://sub.mydomain.com/apps/ojsxc/ajax/externalApi.php 2018-01-05 00:09:10,861 DEBUG: Could not decode token (maybe not a token?) 2018-01-05 00:09:10,865 DEBUG: Starting new HTTPS connection (1): sub.mydomain.com 2018-01-05 00:09:11,314 DEBUG: https://sub.mydomain.com:443 "POST /apps/ojsxc/ajax/externalApi.php HTTP/1.1" 200 43 2018-01-05 00:09:11,319 INFO: SUCCESS: Cloud says password for user@sub.mydomain.com is valid True
so in nextcloud i wrote user@sub.mydomain.com and my password and the output is like above (***). Do you know maybe where the problem is? Thank you very much for help.
I thought that maybe there is a problem with version of Prosody, so i installed the newest version and the logs are almost similar:
socket debug server.lua: auto-starting ssl negotiation...
socket debug server.lua: attempting to start tls on tcp{client}: 0x17c80e8
socket debug server.lua: accepted new client connection from 172.17.238.1:58110 to 5281
socket debug server.lua: ssl handshake done
http.server debug Firing event: POST sub.mydomain.com/http-bind
mod_bosh debug Handling new request table: 0x17de6f0: <body xml:lang='en' xmpp:version='1.0' xmlns='http://jabber.org/protocol/httpbind' content='text/xml; charset=utf-8' to='sub.mydomain.com' ver='1.6' rid='1711553331' wait='60' hold='1' xmlns:xmpp='urn:xmpp:xbosh'/>
----------
mod_bosh debug BOSH body open (sid: <none>)
boshd7fe60cf-fd2f-4053-b2b4-43b23ec69691 debug BOSH session created for request from 10.8.13.6
mod_bosh info New BOSH session, assigned it sid 'd7fe60cf-fd2f-4053-b2b4-43b23ec69691'
mod_bosh debug We have an open request, so sending on that
mod_bosh debug Request destroyed: table: 0x17deb50
boshd7fe60cf-fd2f-4053-b2b4-43b23ec69691 debug BOSH session marked as inactive (for 60s)
socket debug server.lua: closed client handler and removed socket from list
mod_bosh debug Session d7fe60cf-fd2f-4053-b2b4-43b23ec69691 has 0 out of 1 requests open
mod_bosh debug and there are 0 things in the send_buffer:
socket debug server.lua: auto-starting ssl negotiation...
socket debug server.lua: attempting to start tls on tcp{client}: 0x18985f8
socket debug server.lua: accepted new client connection from 172.17.238.1:58118 to 5281
socket debug server.lua: ssl handshake done
http.server debug Firing event: POST sub.mydomain.com/http-bind
mod_bosh debug Handling new request table: 0x18a81b0: <body xmlns='http://jabber.org/protocol/httpbind' rid='1711553332' sid='d7fe60cf-fd2f-4053-b2b4-43b23ec69691'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>YWRtaW5AY2xvdWQuc2NvcHRvbmljLmNvbQBhZG1pbgBQb2xza2ExMjMh</auth></body>
----------
mod_bosh debug BOSH body open (sid: d7fe60cf-fd2f-4053-b2b4-43b23ec69691)
mod_bosh debug BOSH stanza received: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
boshd7fe60cf-fd2f-4053-b2b4-43b23ec69691 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
sub.mydomain.com:auth_external debug Started auth process
sub.mydomain.com:auth_external debug Response: Traceback (most recent call last):
sub.mydomain.com:auth_external warn Unable to interpret data from auth process, [34 bytes]
sub.mydomain.com:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you've sent.</text></failure>
mod_bosh debug We have an open request, so sending on that
mod_bosh debug Request destroyed: table: 0x18a3ee0
boshd7fe60cf-fd2f-4053-b2b4-43b23ec69691 debug BOSH session marked as inactive (for 60s)
socket debug server.lua: closed client handler and removed socket from list
mod_bosh debug Session d7fe60cf-fd2f-4053-b2b4-43b23ec69691 has 0 out of 1 requests open
mod_bosh debug and there are 0 things in the send_buffer:
So, this error comes from https://github.com/dhotson/prosody-modules/blob/master/mod_auth_external/mod_auth_external.lua Line 102-103.....
i tried also install prosody on the same container where nextcloud is. no results...
but i noticed one thing:
when i configure nextcloud apache like:
ProxyPass /http-bind/ http://localhost:5280/http-bind/
ProxyPassReverse /http-bind/ http://localhost:5280/http-bind/
ProxyPreserveHost On
then i got:
but when i configure nextcloud apache like:
ProxyPass /http-bind/ http://localhost:5280/http-bind/
ProxyPassReverse /http-bind/ http://localhost:5280/http-bind/
ProxyPreserveHost Off
i got:
and then the errors like the same:
localhost:auth_external warn Auth process exited unexpectedly with exit 1, restarting localhost:auth_external warn Error while waiting for result from auth process: unknown error
Hello @MarcelWaldvogel. Finally i installed ejabberd xmpp server and finally nextcloud see BOSH Server but: i can just login to chat only as admin. When i try to find my LDAP users it found them but only when i write their i dont know what is it in nextcloud but something like 5bsdfb54-2343-5490-8343-f72cdfsdfac56 not name.surname, and when i try to check password it every time says False i.e:
-I 5bsdfb54-2343-5490-8343-f72cdfsdfac5 domain.com = True
-I name.surname domain.com = False
-I admin domain.com = true
-A 5bsdfb54-2343-5490-8343-f72cdfsdfac5 domain.com password = False
-A 5bsdfb54-2343-5490-8343-f72cdfsdfac5@domain.com '' pasword = False
-A 5bsdfb54-2343-5490-8343-f72cdfsdfac5@domain.com domain.com password = False
-A admin domain.com password = True
Do you know maybe where is the problem? Thank you very much for help.
Finally, i manually changed in nextcloud database from "hash nextcloud name" to "ldap name" and now everything works.
As on the Topic.
What I noticed, i run prosody in console mode and it show me:
I did everything step by step using this tutorial: https://github.com/jsxc/xmpp-cloud-auth/wiki
I really don't know what i'm doing wrong .... In my opinion maybe this url is wrong? "http://jabber.org/protocol/httpbind" shouldn't be https://mydomain.com/http-bind ?? But i added this url in prosody config ...
Thank you for help!!
P.S. when i start prosody i got: