Docker issue: "403 Forbidden"

[wuffi]

On an Ubuntu 18.04 virtual server, I carefully followed the instructions on https://github.com/openwebwork/webwork2/wiki/Docker-newbie-instructions to setup up Webwork2 via docker. On the command line, the last message appearing without docker-compose up really finishing is app_1 | Check in with MAA site

I set the IP address of the server as a hostname in the docker-compose.yml file.

Opening Webwork2 in a browser gives me a "403 Forbidden" page.

What could be additional diagnostics to run in order to pin down the problem?

Being not too familiar with containers, I find accessing the log messages of the container difficult.

[taniwallach]

I suspect that the ping call for the "Check MAA site" is failing, so the server is not coming online.That issue was reported also in the forums at: https://webwork.maa.org/moodle/mod/forum/discuss.php?d=4842 and the solution provided there was to bypass the ping call by creating a local version of webwork.conf which skips the ping line.

The root problem seems to be that no one added the package iputils-ping to the Dockerfile after the startup procedure began to use it - so ping is not available in the Docker image, which apparently breaks things, and apparently everyone has worked around the issue in one way or another without bothering to fix it for everyone. (Sorry, I'm at fault too, but have too much of a dependence on my Docker image working to want to rebuild it right now.)

A long term fix would be to edit Dockerfile and add the iputils-ping packages to the lines for the main apt-get package installation (if you add it as a new line, you must end the line with a backslash like the other lines), and then run docker-compose build again. If you can do that and test that it helps - it would help the project team.

Once you either bypass the call to ping or have it installed in the Docker image, you should get further when you restart the Docker image. The end of the startup from docker-compose up should look something like

webwork.apache2-config:  WeBWorK server is starting
webwork.apache2-config:  WeBWorK root directory set to /opt/webwork/webwork2 in webwork2/conf/webwork.apache2-config
webwork.apache2-config:  The following locations and urls are set in webwork2/conf/site.conf
webwork.apache2-config:  PG root directory set to /opt/webwork/pg
webwork.apache2-config:  WeBWorK server userID is www-data
webwork.apache2-config:  WeBWorK server groupID is wwdata
webwork.apache2-config:  The webwork url on this site is http://localhost/webwork2
webwork.apache2-config:  The webwork smtp server address is localhost
webwork.apache2-config:     The webwork smtp server port is 
webwork.apache2-config:     The webwork smtp server protocol is 'not ssl'
WebworkSOAP::WSDL: webwork_directory set to /opt/webwork/webwork2 via $WeBWorK::Constants::WEBWORK_DIRECTORY set in webwork.apache2-config
WebworkSOAP::WSDL: rpc_url set to http://localhost/webwork2_rpc 
WebworkWebservice: webwork_directory set to /opt/webwork/webwork2 via $WeBWorK::Constants::WEBWORK_DIRECTORY set in webwork.apache2-config

[wuffi]

Thanks a lot for your answer and comment, which helped me to pin down the problems.

I added the iputils-ping after ADD_APT_PACKAGES: line in the file docker-compose.yml.

For fixing the 403 Forbidden problem, I needed to add the following section to docker-config/apache/apache2.conf:

    <Directory /www/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

I think this should not be a problem with respect to security.

[taniwallach]

I added the iputils-ping after ADD_APT_PACKAGES: line in the file docker-compose.yml.

Adding iputils-ping should get ping installed at container startup time which slows down each startup but is a reasonable short term solution. In the long term, it needs to get added to Dockerfile.

For fixing the 403 Forbidden problem, I needed to add the following section to docker-config/apache/apache2.conf:

    <Directory /www/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

The version of docker-config/apache/apache2.conf I see (and that in the master branch https://github.com/openwebwork/webwork2/blob/master/docker-config/apache/apache2.conf) seem to already have the block of lines you mentioned adding. I'm not sure why you needed to change anything.

• Could you have modified that file in the past?
• Does git diff docker-config/apache/apache2.conf show some other changes to the file?

[taniwallach]

This sort of problem should no longer occur.

• https://github.com/openwebwork/webwork2/pull/1242 added iputils-ping.
• https://github.com/openwebwork/webwork2/pull/1430 dropped the ping Closing the issue.