search

pilosus / dienstplan

Slack bot app for duty rotations
https://dienstplan-slack.pilosus.org
Other
21 stars 1 forks source link

[BUG] Unable to make it work #118

Closed jhmk closed 1 month ago

jhmk commented 1 month ago

Hi, need some help with the setup.

When using the @dienstplan command in slack nothing happens. Also on the Server I don't see any incoming Network Traffic or anything in the access & error.log from nginx.

How the setup looks like:

  1. created a ubuntu server on AWS including a domain + nginx + certbot to have HTTPS
  2. allowed traffic via Port 80,443 and 8080
  3. created docker container by cloning the Repo and run: 
    make build
make up
make migrate
  4. created the Slack App with the YAML Manifest 
    _metadata:
major_version: 1
minor_version: 1
display_information:
name: dienstplan
description: Slack bot for duty rotations
background_color: "#002087"
features:
bot_user:
display_name: dienstplan
always_online: false
oauth_config:
scopes:
bot:
  - app_mentions:read
  - channels:read
  - chat:write
  - chat:write.customize
settings:
event_subscriptions:
request_url: https://slack-dienstplan.MYDOMAIN/api/events
bot_events:
  - app_mention
org_deploy_enabled: false
socket_mode_enabled: false
token_rotation_enabled: false

Docker container are running:

CONTAINER ID   IMAGE                      COMMAND                  CREATED       STATUS       PORTS                                                                                    NAMES
7cc441353a6e   dienstplan-dienstplan      "entrypoint clojure …"   2 hours ago   Up 2 hours   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:16543->6543/tcp, :::16543->6543/tcp   dienstplan-dienstplan-1
756c85897107   postgres:16.2-alpine3.19   "docker-entrypoint.s…"   2 hours ago   Up 2 hours   0.0.0.0:15432->5432/tcp, :::15432->5432/tcp                                              dienstplan-postgres-1

Because I'm using NGINX do I need to make a Proxy Upstream to the docker container on Port 8080? When running curl to test the Server I get this error:

curl https://slack-dienstplan.DOMAIN:8080/api/events
curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

No error on: curl https://slack-dienstplan.DOMAIN

pilosus commented 1 month ago

Hey @jhmk,

it's hard to tell what happening without looking at your nginx config. But generally speaking, yes, you need to set up an upstream for you nginx that will be pointing at the dienstplan backend server.

Here's a template for the inspiration.

If your nginx and diesntplan are running on the same host, then your upsteam URI here will be just 127.0.0.1:8080.

Also, when you are debugging the whole set up in addition to looking at the nginx's logs, also take a look at what's happening in the dienstplan's docker container like this:

$ docker compose logs -f dienstplan

If all's good, then making an http request

$ curl -X GET --url 'https://slack-dienstplan.DOMAIN/api/healthcheck'

should generate a line in the diesntplan logs like:

dienstplan-1  | 2024-08-16 18:31:35,237 [qtp114211155-30] INFO  dienstplan.middlewares - GET /api/healthcheck

Also pay attention to your SSL traffic termination. I'm not sure what exactly causes the problem, but the line

curl: (35) LibreSSL/3.3.6: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version

looks like an HTTPS problem to me.

Last but not least, take a look at dienstplan-deploy project. Basically, it's an Ansible playbook that helps you with deploying the bot on your Linux server.

jhmk commented 1 month ago

Thanks for the hint. Updated the NGINX Config. When I now use curI, I can see this output in the logs: dienstplan-1 | 2024-08-19 09:30:40,616 [qtp1148046003-16] INFO dienstplan.middlewares - GET /api/healthcheck

But the Slack bot itself is still not working. I also don't see any logs when using the Bot Commands in Slack

pilosus commented 1 month ago

@jhmk two things to check:

  1. App's permissions

Go the installed app settings and check what permissions your installation of dienstplan has?

This is what mine list of permissions looks like:

  1. When you say you don't see any logs have you check all the logs?
slack api server <-> nginx <-> dienstplan upstream

If you mention @dienstplan, does the request from the Slack API reaches you nginx frontend? Do you see anything in access logs? If yes, what the upstream logs look like? If not, what happens if you craft a curl request yourself? E.g. something like curl -X POST --url 'https://slack-dienstplan.DOMAIN/api/events' --data '{"something": 1}'?

jhmk commented 1 month ago

Made it work. Thank you very much. Issue was in the ufw service

pilosus commented 1 month ago

Glad it works! Closing the issue