search

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack
https://doc.owncloud.com/ocis/next/
Apache License 2.0
1.42k stars 183 forks source link

Docker instance not working #5059

Closed drewbitt closed 2 years ago

drewbitt commented 2 years ago

docker run --rm -it -v /mnt/user/appdata/owncloud:/etc/ocis owncloud/ocis:2.0.0-rc.1 init

Do you want to configure Infinite Scale with certificate checking disabled?
 This is not recommended for public instances! [yes | no = default] yes

=========================================
 generated OCIS Config
=========================================
 configpath : /etc/ocis/ocis.yaml
 user       : admin
 password   : H6CteqseT5F+xx9bF%MtsK&CHk0jtc3c
/mnt/user/appdata/owncloud# ls -ln
total 4
-rwxrwxrwx 1 1000 1000 1662 Nov 15 13:16 ocis.yaml*
docker run
  -d
  --name='ownCloud'
  --net='bridge'
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="MyHostName"
  -e HOST_CONTAINERNAME="ownCloud"
  -e 'OCIS_INSECURE'='true'
  -e 'External https URL'='https://192.168.1.237:9200'
  -e 'IDM_CREATE_DEMO_USERS'='true'
  -e 'PROXY_HTTP_ADDR'='0.0.0.0:9200'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://192.168.1.237:9200/'
  -p '9200:9200/tcp'
  -v '/mnt/user/Documents/owncloud':'/var/lib/ocis':'rw'
  -v '/mnt/user/appdata/owncloud/':'/etc/ocis':'rw' 'owncloud/ocis:2.0.0-rc.1'
/mnt/user/Documents/owncloud# ls -ln 
total 4
drwx------+ 1 1000 1000 54 Nov 15 13:04 idm/
drwx------+ 1 1000 1000 64 Nov 15 13:04 idp/
drwxr-x---+ 1 1000 1000 18 Nov 15 13:04 nats/
drwx------+ 1 1000 1000 40 Nov 15 13:04 proxy/
drwx------+ 1 1000 1000 22 Nov 15 13:04 search/
drwx------+ 1 1000 1000 26 Nov 15 13:04 storage/
drwx------+ 1 1000 1000 40 Nov 15 13:23 store/

The container runs yet when navigating to the web UI the spinner continues forever. I see in dev console:

Failed to load resource: net::ERR_CONNECTION_REFUSED
web-runtime-81d261b1.js:1 Failed to load theme 'https://localhost:9200/themes/owncloud/theme.json' is not a valid json file, using default theme.
(anonymous) @ web-runtime-81d261b1.js:1
2vendor-f6b1ce79.js:17 [UserManager] getUser: user not found in storage
localhost:9200/.well-known/openid-configuration:1          Failed to load resource: net::ERR_CONNECTION_REFUSED
vendor-f6b1ce79.js:17 [JsonService] getJson: Network Error
error @ vendor-f6b1ce79.js:17
vendor-f6b1ce79.js:17          Uncaught (in promise) TypeError: Failed to fetch
    at I.fetchWithTimeout (vendor-f6b1ce79.js:17:30392)
    at I.getJson (vendor-f6b1ce79.js:17:30881)
    at R.getMetadata (vendor-f6b1ce79.js:17:33420)
    at R._getMetadataProperty (vendor-f6b1ce79.js:17:34306)
    at R.getAuthorizationEndpoint (vendor-f6b1ce79.js:17:33676)
    at z.createSigninRequest (vendor-f6b1ce79.js:17:48236)
    at j._signinStart (vendor-f6b1ce79.js:17:71553)
    at j.signinRedirect (vendor-f6b1ce79.js:17:67203)

Logs:

2022-11-15T18:37:00Z DBG New Connection addr="{\"IP\":\"127.0.0.1\",\"Port\":9235,\"Zone\":\"\"}" service=idm
2022-11-15T18:37:00Z DBG LDAP Connected service=graph
2022-11-15T18:37:00Z DBG Binding as uid=libregraph,ou=sysusers,o=libregraph-idm service=graph
2022-11-15T18:37:00Z DBG 127.0.0.1:49058 - cid:13 - Client connection created service=nats
2022-11-15T18:37:00Z INF rgrpc: chaining grpc unary interceptor prometheus with priority 100 pkg=rgrpc service=storage-users
2022-11-15T18:37:00Z INF rgrpc: chaining grpc unary interceptor eventsmiddleware with priority 200 pkg=rgrpc service=storage-users
2022-11-15T18:37:00Z INF grpc server listening at tcp:127.0.0.1:9157 pkg=rgrpc service=storage-users
2022-11-15T18:37:00Z DBG 127.0.0.1:49074 - cid:14 - Client connection created service=nats
2022-11-15T18:37:00Z DBG eventsNotifier started service=notifications
2022-11-15T18:37:00Z ERR invalid credentials bind_dn=uid=libregraph,ou=sysusers,o=libregraph-idm op=bind remote_addr=127.0.0.1:54656 service=idm
2022-11-15T18:37:00Z ERR Bind failed error="LDAP Result Code 49 \"Invalid Credentials\": " service=graph
2022-11-15T18:37:00Z ERR autoconnect could not get ldap Connection error="LDAP Result Code 49 \"Invalid Credentials\": " service=graph
2022-11-15T18:37:01Z DBG loading policy-selector selector_config={"Claims":null,"Regex":null,"Static":{"Policy":"ocis"}} service=proxy
2022-11-15T18:37:01Z DBG Tracing is not enabled service=sharing
2022-11-15T18:37:01Z INF registering external service com.owncloud.api.sharing-f22d021f-a04f-4e37-8805-ece161437881@127.0.0.1:9150 service=sharing
2022-11-15T18:37:01Z INF host info: e70d40aecdaf service=sharing
2022-11-15T18:37:01Z INF running on 20 cpus service=sharing
2022-11-15T18:37:01Z WRN No tls certificate provided, using a generated one service=proxy
2022-11-15T18:37:01Z INF pidfile saved at: /tmp/revad-sharing-04e724b9-cb41-431a-8d6a-9619d20fe2f8.pid pkg=grace service=sharing
2022-11-15T18:37:01Z INF loading encryption secret from file file=/var/lib/ocis/idp/encryption.key service=idp
2022-11-15T18:37:01Z DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/Authenticate pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z INF loading signing key path=/var/lib/ocis/idp/private-key.pem service=idp
2022-11-15T18:37:01Z DBG skipping auth method=/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52232 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=47795 traceid=00000000000000000000000000000000 uri=/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z DBG loaded signer key kid=private-key path=/var/lib/ocis/idp/private-key.pem service=idp
2022-11-15T18:37:01Z WRN skipped as signer with same kid already loaded kid=private-key path=/var/lib/ocis/idp/private-key.pem service=idp
2022-11-15T18:37:01Z INF encryption set up with 32 key size service=idp
2022-11-15T18:37:01Z DBG skipping auth method=/cs3.auth.provider.v1beta1.ProviderAPI/Authenticate pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z DBG parsing identifier registration conf from /var/lib/ocis/idp/tmp/identifier-registration.yaml service=idp
2022-11-15T18:37:01Z DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/GetUserByClaim pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z DBG registered client application_type=web client_id=web insecure=false origins=["https://localhost:9200"] redirect_uris=["https://localhost:9200/","https://localhost:9200/oidc-callback.html","https://localhost:9200/oidc-silent-redirect.html"] service=idp trusted=true with_client_secret=false
2022-11-15T18:37:01Z DBG registered client application_type=native client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 insecure=false origins=[] redirect_uris=["http://127.0.0.1","http://localhost"] service=idp trusted=false with_client_secret=true
2022-11-15T18:37:01Z DBG registered client application_type=native client_id=e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD insecure=false origins=[] redirect_uris=["oc://android.owncloud.com"] service=idp trusted=false with_client_secret=true
2022-11-15T18:37:01Z DBG skipping auth method=/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z DBG registered client application_type=native client_id=mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 insecure=false origins=[] redirect_uris=["oc://ios.owncloud.com","oc.ios://ios.owncloud.com"] service=idp trusted=false with_client_secret=true
2022-11-15T18:37:01Z DBG parsing authorities registration conf from /var/lib/ocis/idp/tmp/identifier-registration.yaml service=idp
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52260 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=45978 traceid=00000000000000000000000000000000 uri=/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52202 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=413461 traceid=00000000000000000000000000000000 uri=/cs3.gateway.v1beta1.GatewayAPI/GetUserByClaim user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z INF user idp:"internal" opaque_id:"dbb7ee98-02d7-455e-86fa-731d69e2172c" type:USER_TYPE_PRIMARY  authenticated pkg=rgrpc service=storage-system traceid=00000000000000000000000000000000
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52248 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=720065 traceid=00000000000000000000000000000000 uri=/cs3.auth.provider.v1beta1.ProviderAPI/Authenticate user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=sn:sn service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=givenName:givenName service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=uuid:uid service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=uuid_type:text service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=uid:uid service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=mail:mail service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set attribute attribute=cn:displayName service=idp
2022-11-15T18:37:01Z DBG ldap identifier backend set filter filter=(objectclass=inetOrgPerson) service=idp
2022-11-15T18:37:01Z INF ldap server identifier backend set up ldap="ldaps://localhost:9235 " service=idp
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52202 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=1666342 traceid=00000000000000000000000000000000 uri=/cs3.gateway.v1beta1.GatewayAPI/Authenticate user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z INF identifier set up security=A256GCM:A256GCMKW service=idp
2022-11-15T18:37:01Z INF using identifier backed identity manager service=idp
2022-11-15T18:37:01Z INF identity manager set up claims=["name","family_name","given_name","email","email_verified"] name=ldap scopes=["offline_access","profile","email","LibgreGraph.UUID","LibreGraph.RawSub"] service=idp
2022-11-15T18:37:01Z INF set provider signing alg alg=PS256 service=idp
2022-11-15T18:37:01Z INF set provider signing key id=private-key method=*jwt.SigningMethodRSAPSS service=idp type=*rsa.PrivateKey
2022-11-15T18:37:01Z INF set provider validation key id=private-key service=idp type=*rsa.PublicKey
2022-11-15T18:37:01Z INF set provider validation key id=default service=idp type=*rsa.PublicKey
2022-11-15T18:37:01Z INF oidc token signing default set up alg=PS256 id=private-key method=*jwt.SigningMethodRSAPSS service=idp
2022-11-15T18:37:01Z DBG unary code=OK end="15/Nov/2022:18:37:01 +0000" from=tcp://127.0.0.1:52218 pkg=rgrpc service=storage-system start="15/Nov/2022:18:37:01 +0000" time_ns=786038 traceid=00000000000000000000000000000000 uri=/cs3.storage.provider.v1beta1.ProviderAPI/CreateStorageSpace user-agent=grpc-go/1.50.1
2022-11-15T18:37:01Z INF rgrpc: grpc service enabled: publicshareprovider pkg=rgrpc service=sharing
2022-11-15T18:37:01Z INF rgrpc: grpc service enabled: usershareprovider pkg=rgrpc service=sharing
2022-11-15T18:37:01Z DBG 127.0.0.1:49078 - cid:16 - Client connection created service=nats
2022-11-15T18:37:01Z INF rgrpc: chaining grpc unary interceptor prometheus with priority 100 pkg=rgrpc service=sharing
2022-11-15T18:37:01Z INF rgrpc: chaining grpc unary interceptor eventsmiddleware with priority 200 pkg=rgrpc service=sharing
2022-11-15T18:37:01Z INF grpc server listening at tcp:127.0.0.1:9150 pkg=rgrpc service=sharing
2022-11-15T18:37:01Z DBG 127.0.0.1:49090 - cid:17 - Client connection created service=nats
2022-11-15T18:37:02Z DBG skipping auth method=/cs3.gateway.v1beta1.GatewayAPI/AddAppProvider pkg=rgrpc service=gateway traceid=00000000000000000000000000000000
2022-11-15T18:37:02Z DBG skipping auth method=/cs3.app.registry.v1beta1.RegistryAPI/AddAppProvider pkg=rgrpc service=app-registry traceid=00000000000000000000000000000000
2022-11-15T18:37:02Z DBG unary code=OK end="15/Nov/2022:18:37:02 +0000" from=tcp://127.0.0.1:34758 pkg=rgrpc service=app-registry start="15/Nov/2022:18:37:02 +0000" time_ns=53582 traceid=00000000000000000000000000000000 uri=/cs3.app.registry.v1beta1.RegistryAPI/AddAppProvider user-agent=grpc-go/1.50.1
2022-11-15T18:37:02Z DBG unary code=OK end="15/Nov/2022:18:37:02 +0000" from=tcp://127.0.0.1:55440 pkg=rgrpc service=gateway start="15/Nov/2022:18:37:02 +0000" time_ns=617258 traceid=00000000000000000000000000000000 uri=/cs3.gateway.v1beta1.GatewayAPI/AddAppProvider user-agent=grpc-go/1.50.1
2022-11-15T18:37:02Z DBG 127.0.0.1:49052 - cid:11 - "v1.19.0:go" - Client Ping Timer service=nats
2022-11-15T18:37:02Z DBG 127.0.0.1:49074 - cid:14 - "v1.19.0:go" - Client Ping Timer service=nats
2022-11-15T18:37:03Z DBG 127.0.0.1:49058 - cid:13 - "v1.19.0:go" - Client Ping Timer service=nats
2022-11-15T18:37:03Z DBG 127.0.0.1:49056 - cid:12 - "v1.19.0:go" - Client Ping Timer service=nats
2022-11-15T18:37:03Z DBG 127.0.0.1:49090 - cid:17 - "v1.19.0:go" - Client Ping Timer service=nats
2022-11-15T18:37:03Z DBG 127.0.0.1:49078 - cid:16 - "v1.19.0:go" - Client Ping Timer service=nats

Notably:

2022-11-15T18:37:00Z ERR Bind failed error="LDAP Result Code 49 \"Invalid Credentials\": " service=graph
2022-11-15T18:37:00Z ERR autoconnect could not get ldap Connection error="LDAP Result Code 49 \"Invalid Credentials\": " service=graph

and on restart, subsequent http: TLS handshake error from 192.168.1.174:64763: remote error: tls: unknown certificate errors although it is run as insecure

I seem to be missing a config value but the documentation is unclear. Setting IDM_ADMIN_PASSWORD=secret or removing PROXY_HTTP_ADDR does not help. theme.json should also not be using localhost

micbar commented 2 years ago

@drewbitt Without knowing your setup in detail, I see that you do not set OCIS_URL. This should be the publicly reachable ocis hostname or domain name. This is the reason why you see the errors in the WebUI.

drewbitt commented 2 years ago

Thanks. Immediately fixes it. I had the description 'External https URL' under the key label in the unraid GUI and had not noticed.