search

rustdesk / rustdesk-server-pro

Some scripts for RustDesk Server Pro are hosted here.
107 stars 48 forks source link

Custom OIDC Login Error #236

Closed rmundel closed 1 month ago

rmundel commented 2 months ago

Bug Description

I'm using a custom OIDC as login provider (Authentik). Works fine for the admin UI but throws an error trying to login within Rusdesk Client.

How to Reproduce

Add a custom OIDC provider and try to login with it.

Expected Behavior

Should open the external OIDC Login Page.

Operating system(s) on local side and remote side

Windows 10 -> Any

RustDesk Version(s) on local side and remote side

1.2.3-2 -> Any

Screenshots

image

Additional Context

No response

fufesou commented 2 months ago

Hi @rmundel , thanks for your feedback.

Can you please run the following command on your command line?

curl --location 'http://localhost:21114/api/oidc/auth' --header 'Content-Type: application/json' --data '{"deviceInfo":{"name":"host name","os":"windows","type":"client"},"id":"1584180369","op":"okta","uuid":"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua"}'

There may be sth wrong with windows command line. You can also run the following powershell commands.

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")

$body = @"
{`"deviceInfo`":{`"name`":`"host name`",`"os`":`"windows`",`"type`":`"client`"},`"id`":`"1584180369`",`"op`":`"okta`",`"uuid`":`"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua`"}
"@

$response = Invoke-RestMethod 'http://localhost:21114/api/oidc/auth' -Method 'POST' -Headers $headers -Body $body
$response | ConvertTo-Json

Please replace

  1. The url of your own server.
  2. The "op" to your own custom op name.
rmundel commented 2 months ago

Hi @fufesou

From within WSL2:

{"code":"MUZ7LYdaYk9-3x7FT_gaWg","url":"https://xxxxxxxxx/application/o/authorize/?response_type=code&client_id=CDcbmaWuJjjgF9W4abcYtKb0HJsvPT4BXXApdkb4&state=MUZ7LYdaYk9-3x7FT_gaWg&redirect_uri=https%3A%2F%2Fxxxxxxxxxx%2Fapi%2Foidc%2Fcallback&scope=openid+openid+email+profile&nonce=nTME8VfY7i1S-bwacP-Taw"}

From within Windows with SSL:

Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.
At line:8 char:13
+ $response = Invoke-RestMethod 'https://xxxxxxxxxx/api/oidc/ ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

From within Windows without SSL:

{
    "code":  "2_aXmRrpbH3pRHyg1Doixg",
    "url":  "https://xxxxxxxxxxx/application/o/authorize/?response_type=code\u0026client_id=CDcbmaWuJjjgF9W4abcYtKb0HJsvPT4BXXApdkb4\u0026state=2_aXmRrpbH3pRHyg1Doixg\u0026redirect_uri
=https%3A%2F%2Fxxxxxxxxx%2Fapi%2Foidc%2Fcallback\u0026scope=openid+openid+email+profile\u0026nonce=23xriQ5lu6qbSeDELIx6lQ"
}
fufesou commented 2 months ago

Please hide your domain and IP.

From within WSL2:

The result seems Ok.

Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.

Maybe it's the reason. I'll try fix it.

rmundel commented 2 months ago

Thanks!

If you need any more information or testing, I'll be glad to help you out.

fufesou commented 2 months ago

Invoke-RestMethod : Unable to connect to the remote server At line:8 char:13 + $response = Invoke-RestMethod 'http://[ip]:21114/api/oidc/au ...

Just asking, it has nothing to do with https. Have you allowed port 21114?

rmundel commented 2 months ago

It works fine without SSL. Just updated my previous response. (My VPN was off first time I tested.)

fufesou commented 2 months ago

Do you have a bash or git bash on your windows?

Please run and paste the output here

curl -vv https://[domain]
rmundel commented 2 months ago

Git Bash over Windows:

$ curl -vv https://xxxxxxxx
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 179.127.21.180:443...
* Connected to xxxxxxxxxx (179.127.21.180) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
*  CApath: none
} [5 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2442 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [110 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=xxxxxxxxx
*  start date: Apr 14 19:08:01 2024 GMT
*  expire date: Jul 13 19:08:00 2024 GMT
*  subjectAltName: host "xxxxxxx" matched cert's "xxxxxxxxx"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: xxxxxxxxx]
* h2h3 [user-agent: curl/7.87.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x16103911ca0)
} [5 bytes data]
> GET / HTTP/2
> Host: xxxxxxxxx
> user-agent: curl/7.87.0
> accept: */*
>
{ [5 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 400
< content-length: 0
< date: Mon, 15 Apr 2024 14:44:49 GMT
<
{ [0 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host xxxxx left intact
fufesou commented 2 months ago

Hi, can you please try the temp build here https://github.com/fufesou/rustdesk/releases/tag/tmp

I didn't change anything except adding some logs.

You can find the log file at

%appdata%\rustdesk\log\RustDesk_rCURRENT.log

Please find the log line like Failed to parse response, code...

fufesou commented 2 months ago

Please also run the simple test app.

.\simple_test.exe -h

https-test 0.1.0
Test https requeset.

USAGE:
    simple_test.exe [OPTIONS] --data <data> --url <url>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -d, --data <data>            Send to. Default is from
    -l, --loglevel <loglevel>    The log level. t - trace, d - debug, i - info, w - warn, e - error. Default is "d"
    -u, --url <url>
.\simple_test.exe -l t -u http://localhost:21114/api/oidc/auth -d "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"okta\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}"

simple_test.zip

rmundel commented 2 months ago

%appdata%\rustdesk\log\RustDesk_rCURRENT.log

[2024-04-15 15:05:51.153302 -04:00] INFO [src\core_main.rs:164] main start args:[] [2024-04-15 15:05:51.156060 -04:00] INFO [src\server.rs:495] server not started (will try to start): The system cannot find the file specified. (os error 2) [2024-04-15 15:05:51.159137 -04:00] INFO [src\ipc.rs:280] Started ipc server at path: \.\pipe\RustDesk\query [2024-04-15 15:05:51.163989 -04:00] INFO [src\lan.rs:30] lan discovery listener started [2024-04-15 15:05:52.191109 -04:00] INFO [libs\scrap\src\common\hwcodec.rs:395] Check hwcodec config, exit with: exit code: 0 [2024-04-15 15:05:52.477461 -04:00] DEBUG [C:\Users\runneradmin.cargo\git\checkouts\reqwest-84a0398ffb35f677\9cb758c\src\async_impl\client.rs:2388] redirecting 'https://github.com/rustdesk/rustdesk/releases/latest' to 'https://github.com/rustdesk/rustdesk/releases/tag/1.2.3-2' [2024-04-15 15:05:56.404721 -04:00] DEBUG [C:\Users\runneradmin.cargo\git\checkouts\reqwest-84a0398ffb35f677\9cb758c\src\async_impl\client.rs:2388] redirecting 'http://xxxxxxxxxxx/api/oidc/auth' to 'https://xxxxxxxx/api/oidc/auth' [2024-04-15 15:05:56.598289 -04:00] ERROR [src\hbbs_http.rs:27] Failed to parse response, code: 405 Method Not Allowed, text: "", decode error: Error("EOF while parsing a value", line: 1, column: 0) [2024-04-15 15:05:56.598360 -04:00] INFO [src\hbbs_http\account.rs:208] Request oidc auth result: Ok(Error("EOF while parsing a value at line 1 column 0"))

rmundel commented 2 months ago

Please also run the simple test app.

.\simple_test.exe -h

https-test 0.1.0
Test https requeset.

USAGE:
    simple_test.exe [OPTIONS] --data <data> --url <url>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -d, --data <data>            Send to. Default is from
    -l, --loglevel <loglevel>    The log level. t - trace, d - debug, i - info, w - warn, e - error. Default is "d"
    -u, --url <url>
.\simple_test.exe -l t -u http://localhost:21114/api/oidc/auth -d "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"okta\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}"

simple_test.zip

error: Found argument 'deviceInfo\:{\name\:\host' which wasn't expected, or isn't valid in this context

After changing "host name\" to "host":

ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\}' which wasn't expected, or isn't valid in this context

Something with Windows enconding?

fufesou commented 2 months ago

Something with Windows enconding?

It seems you're using powershell command.

You can

  1. Enter powershell
  2. Input cmd
  3. .\simple_test.exe ...

But no need to test, the reason is clear now.

Failed to parse response, code: 405 Method Not Allowed,

This is the reason of the failure.

I'll test more to find why 405.

fufesou commented 2 months ago

Please try this build again https://github.com/fufesou/rustdesk/releases/tmp and paste the log here.

I've added more details of the http response.

rmundel commented 2 months ago

Results for simple_test.exe:

The options: Options { loglevel: Some("t"), url: "https://xxxxxxxx/api/oidc/auth", data: "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"Mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}" }
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] (ThreadId(2)) start runtime::block_on
[2024-04-16T15:04:56Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2024-04-16T15:04:56Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-04-16T15:04:56Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.9999975s
[2024-04-16T15:04:56Z TRACE hyper::client::pool] checkout waiting for idle connection: ("https", xxxxxxxx)
[2024-04-16T15:04:56Z DEBUG reqwest::connect] starting new connection: https://xxxxxxxx/
[2024-04-16T15:04:56Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("https"), host=Some("xxxxxxxx"), port=None
[2024-04-16T15:04:56Z DEBUG hyper::client::connect::dns] resolving host="xxxxxxxx"
[2024-04-16T15:04:56Z DEBUG hyper::client::connect::http] connecting to 179.127.21.180:443
[2024-04-16T15:04:56Z DEBUG hyper::client::connect::http] connected to 179.127.21.180:443
[2024-04-16T15:04:56Z TRACE hyper::client::conn] client handshake Http1
[2024-04-16T15:04:56Z TRACE hyper::client::client] handshake complete, spawning background dispatcher task
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
[2024-04-16T15:04:56Z TRACE hyper::client::pool] checkout dropped for ("https", xxxxxxxx)
[2024-04-16T15:04:56Z TRACE tracing::span] encode_headers;
[2024-04-16T15:04:56Z TRACE tracing::span::active] -> encode_headers;
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::role] Client::encode method=POST, body=Some(Known(156))
[2024-04-16T15:04:56Z TRACE tracing::span::active] <- encode_headers;
[2024-04-16T15:04:56Z TRACE tracing::span] -- encode_headers;
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::encode] sized write, len = 156
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::io] buffer.flatten self.len=126 buf.len=156
[2024-04-16T15:04:56Z DEBUG hyper::proto::h1::io] flushed 282 bytes
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] Conn::read_head
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::io] received 557 bytes
[2024-04-16T15:04:56Z TRACE tracing::span] parse_headers;
[2024-04-16T15:04:56Z TRACE tracing::span::active] -> parse_headers;
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::role] Response.parse bytes=557
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::role] Response.parse Complete(230)
[2024-04-16T15:04:56Z TRACE tracing::span::active] <- parse_headers;
[2024-04-16T15:04:56Z TRACE tracing::span] -- parse_headers;
[2024-04-16T15:04:56Z DEBUG hyper::proto::h1::io] parsed 7 headers
[2024-04-16T15:04:56Z DEBUG hyper::proto::h1::conn] incoming body is content-length (327 bytes)
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::decode] decode; state=Length(327)
[2024-04-16T15:04:56Z DEBUG hyper::proto::h1::conn] incoming body completed
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] maybe_notify; read_from_io blocked
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-04-16T15:04:56Z TRACE hyper::client::pool] put; add idle connection for ("https", xxxxxxxx)
[2024-04-16T15:04:56Z DEBUG hyper::client::pool] pooling idle connection for ("https", xxxxxxxx)
[2024-04-16T15:04:56Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-04-16T15:04:56Z TRACE hyper::client::pool] idle interval checking for expired
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(2))
[2024-04-16T15:04:56Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(2))
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] (ThreadId(2)) Receiver is shutdown
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] (ThreadId(2)) end runtime::block_on
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] (ThreadId(2)) finished
[2024-04-16T15:04:56Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(2))
"{\"code\":\"vZ0qxYeIzqfjzuOQluByog\",\"url\":\"https://xxxxxxxxxx/application/o/authorize/?response_type=code&client_id=CDcbmaWuJjjgF9W4abcYtKb0HJsvPT4BXXApdkb4&state=vZ0qxYeIzqfjzuOQluByog&redirect_uri=https%3A%2F%2Fxxxxxxx%2Fapi%2Foidc%2Fcallback&scope=openid+openid+email+profile&nonce=oCltUwlgwLirSbsiYZ0ZTg\"}"
rmundel commented 2 months ago

Please try this build again https://github.com/fufesou/rustdesk/releases/tmp and paste the log here.

I've added more details of the http response.

[2024-04-16 11:08:41.382239 -04:00] INFO [src\core_main.rs:164] main start args:["rustdesk:///"]
[2024-04-16 11:08:42.419585 -04:00] INFO [libs\scrap\src\common\hwcodec.rs:395] Check hwcodec config, exit with: exit code: 0
[2024-04-16 11:08:42.701020 -04:00] DEBUG [C:\Users\runneradmin\.cargo\git\checkouts\reqwest-84a0398ffb35f677\9cb758c\src\async_impl\client.rs:2388] redirecting 'https://github.com/rustdesk/rustdesk/releases/latest' to 'https://github.com/rustdesk/rustdesk/releases/tag/1.2.3-2'
[2024-04-16 11:08:45.248674 -04:00] DEBUG [C:\Users\runneradmin\.cargo\git\checkouts\reqwest-84a0398ffb35f677\9cb758c\src\async_impl\client.rs:2388] redirecting 'http://com.br/api/oidc/auth' to 'https://.com.br/api/oidc/auth'
[2024-04-16 11:08:45.412981 -04:00] ERROR [src\hbbs_http.rs:24] Failed to request, response details: Response { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain(".br")), port: None, path: "/api/oidc/auth", query: None, fragment: None }, status: 405, headers: {"content-length": "0", "access-control-allow-origin": "*", "vary": "origin", "vary": "access-control-request-method", "vary": "access-control-request-headers", "allow": "POST", "date": "Tue, 16 Apr 2024 15:08:44 GMT"} }
[2024-04-16 11:08:45.413043 -04:00] INFO [src\hbbs_http\account.rs:208] Request oidc auth result: Ok(Error("Status: 405 Method Not Allowed"))
fufesou commented 2 months ago

response details: Response { url: Url { ,,,, port: None, path: "/api/oidc/auth"... }, status: 405, headers: {..."vary": "access-control-request-method", "vary": "access-control-request-headers", "allow": "POST"...} }

Hi, I don't know why 405. /api/oidc/auth should accept the POST request.

But I see redirecting from "http" to "https" in RustDesk.

Can you please also try request simple_test.exe with http instead of https? I'm not sure if the redirect will affect.

fufesou commented 2 months ago

Can you please also try request simple_test.exe with http instead of https? I'm not sure if the redirect will affect.

@rmundel Hi, can you please try again?

rmundel commented 2 months ago

Hey @fufesou. Sorry about the delay, got caught in a couple of issues for another project.

I don't have access to my machine right now but I'll do all the testing tonight (GMT-4 here).

rmundel commented 1 month ago

Hey @fufesou, sorry about the delay.

Just adding a bit of context here:

simple_test with HTTP (behind HAProxy - every HTTP requests is forced to HTTPS):

C:\Users\rafael\Downloads\simple_test>.\simple_test.exe -l t -u http://remoto.mydomain.com/api/oidc/auth -d "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}"
The options: Options { loglevel: Some("t"), url: "http://remoto.mydomain.com/api/oidc/auth", data: "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}" }
[2024-05-02T16:49:15Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] (ThreadId(2)) start runtime::block_on
[2024-05-02T16:49:15Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:49:15Z TRACE hyper::client::pool] checkout waiting for idle connection: ("http", remoto.mydomain.com)
[2024-05-02T16:49:15Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.9999966s
[2024-05-02T16:49:15Z DEBUG reqwest::connect] starting new connection: http://remoto.mydomain.com/
[2024-05-02T16:49:15Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("http"), host=Some("remoto.mydomain.com"), port=None
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::dns] resolving host="remoto.mydomain.com"
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::http] connecting to 179.127.21.180:80
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::http] connected to 179.127.21.180:80
[2024-05-02T16:49:15Z TRACE hyper::client::conn] client handshake Http1
[2024-05-02T16:49:15Z TRACE hyper::client::client] handshake complete, spawning background dispatcher task
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
[2024-05-02T16:49:15Z TRACE hyper::client::pool] checkout dropped for ("http", remoto.mydomain.com)
[2024-05-02T16:49:15Z TRACE tracing::span] encode_headers;
[2024-05-02T16:49:15Z TRACE tracing::span::active] -> encode_headers;
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Client::encode method=POST, body=Some(Known(156))
[2024-05-02T16:49:15Z TRACE tracing::span::active] <- encode_headers;
[2024-05-02T16:49:15Z TRACE tracing::span] -- encode_headers;
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::encode] sized write, len = 156
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::io] buffer.queue self.len=126 buf.len=156
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::io] flushed 282 bytes
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] Conn::read_head
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::io] received 139 bytes
[2024-05-02T16:49:15Z TRACE tracing::span] parse_headers;
[2024-05-02T16:49:15Z TRACE tracing::span::active] -> parse_headers;
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Response.parse bytes=139
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Response.parse Complete(139)
[2024-05-02T16:49:15Z TRACE tracing::span::active] <- parse_headers;
[2024-05-02T16:49:15Z TRACE tracing::span] -- parse_headers;
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::io] parsed 4 headers
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::conn] incoming body is empty
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] remote disabling keep-alive
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] try_keep_alive({role=client}): could keep-alive, but status = Disabled
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] State::close()
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Closed, writing: Closed, keep_alive: Disabled }
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] shut down IO complete
[2024-05-02T16:49:15Z DEBUG reqwest::async_impl::client] redirecting 'http://remoto.mydomain.com/api/oidc/auth' to 'https://remoto.mydomain.com/api/oidc/auth'
[2024-05-02T16:49:15Z TRACE hyper::client::pool] checkout waiting for idle connection: ("https", remoto.mydomain.com)
[2024-05-02T16:49:15Z DEBUG reqwest::connect] starting new connection: https://remoto.mydomain.com/
[2024-05-02T16:49:15Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("https"), host=Some("remoto.mydomain.com"), port=None
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::dns] resolving host="remoto.mydomain.com"
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::http] connecting to 179.127.21.180:443
[2024-05-02T16:49:15Z DEBUG hyper::client::connect::http] connected to 179.127.21.180:443
[2024-05-02T16:49:15Z TRACE hyper::client::conn] client handshake Http1
[2024-05-02T16:49:15Z TRACE hyper::client::client] handshake complete, spawning background dispatcher task
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
[2024-05-02T16:49:15Z TRACE hyper::client::pool] checkout dropped for ("https", remoto.mydomain.com)
[2024-05-02T16:49:15Z TRACE tracing::span] encode_headers;
[2024-05-02T16:49:15Z TRACE tracing::span::active] -> encode_headers;
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Client::encode method=GET, body=None
[2024-05-02T16:49:15Z TRACE tracing::span::active] <- encode_headers;
[2024-05-02T16:49:15Z TRACE tracing::span] -- encode_headers;
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::io] flushed 124 bytes
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] Conn::read_head
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::io] received 225 bytes
[2024-05-02T16:49:15Z TRACE tracing::span] parse_headers;
[2024-05-02T16:49:15Z TRACE tracing::span::active] -> parse_headers;
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Response.parse bytes=225
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::role] Response.parse Complete(225)
[2024-05-02T16:49:15Z TRACE tracing::span::active] <- parse_headers;
[2024-05-02T16:49:15Z TRACE tracing::span] -- parse_headers;
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::io] parsed 7 headers
[2024-05-02T16:49:15Z DEBUG hyper::proto::h1::conn] incoming body is empty
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] maybe_notify; read_from_io blocked
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:49:15Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:49:15Z TRACE hyper::client::pool] put; add idle connection for ("https", remoto.mydomain.com)
[2024-05-02T16:49:15Z DEBUG hyper::client::pool] pooling idle connection for ("https", remoto.mydomain.com)
[2024-05-02T16:49:15Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:49:15Z TRACE hyper::client::pool] idle interval checking for expired
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(2))
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(2))
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] (ThreadId(2)) Receiver is shutdown
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] (ThreadId(2)) end runtime::block_on
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] (ThreadId(2)) finished
[2024-05-02T16:49:15Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(2))
""

simple_test with HTTPS (behind HAProxy):

C:\Users\rafael\Downloads\simple_test>.\simple_test.exe -l t -u https://remoto.mydomain.com/api/oidc/auth -d "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}"
The options: Options { loglevel: Some("t"), url: "https://remoto.mydomain.com/api/oidc/auth", data: "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}" }
[2024-05-02T16:50:31Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] (ThreadId(2)) start runtime::block_on
[2024-05-02T16:50:31Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:50:31Z TRACE hyper::client::pool] checkout waiting for idle connection: ("https", remoto.mydomain.com)
[2024-05-02T16:50:31Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.9999955s
[2024-05-02T16:50:31Z DEBUG reqwest::connect] starting new connection: https://remoto.mydomain.com/
[2024-05-02T16:50:31Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("https"), host=Some("remoto.mydomain.com"), port=None
[2024-05-02T16:50:31Z DEBUG hyper::client::connect::dns] resolving host="remoto.mydomain.com"
[2024-05-02T16:50:31Z DEBUG hyper::client::connect::http] connecting to 179.127.21.180:443
[2024-05-02T16:50:31Z DEBUG hyper::client::connect::http] connected to 179.127.21.180:443
[2024-05-02T16:50:31Z TRACE hyper::client::conn] client handshake Http1
[2024-05-02T16:50:31Z TRACE hyper::client::client] handshake complete, spawning background dispatcher task
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
[2024-05-02T16:50:31Z TRACE hyper::client::pool] checkout dropped for ("https", remoto.mydomain.com)
[2024-05-02T16:50:31Z TRACE tracing::span] encode_headers;
[2024-05-02T16:50:31Z TRACE tracing::span::active] -> encode_headers;
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::role] Client::encode method=POST, body=Some(Known(156))
[2024-05-02T16:50:31Z TRACE tracing::span::active] <- encode_headers;
[2024-05-02T16:50:31Z TRACE tracing::span] -- encode_headers;
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::encode] sized write, len = 156
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::io] buffer.flatten self.len=126 buf.len=156
[2024-05-02T16:50:31Z DEBUG hyper::proto::h1::io] flushed 282 bytes
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] Conn::read_head
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::io] received 557 bytes
[2024-05-02T16:50:31Z TRACE tracing::span] parse_headers;
[2024-05-02T16:50:31Z TRACE tracing::span::active] -> parse_headers;
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::role] Response.parse bytes=557
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::role] Response.parse Complete(230)
[2024-05-02T16:50:31Z TRACE tracing::span::active] <- parse_headers;
[2024-05-02T16:50:31Z TRACE tracing::span] -- parse_headers;
[2024-05-02T16:50:31Z DEBUG hyper::proto::h1::io] parsed 7 headers
[2024-05-02T16:50:31Z DEBUG hyper::proto::h1::conn] incoming body is content-length (327 bytes)
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::decode] decode; state=Length(327)
[2024-05-02T16:50:31Z DEBUG hyper::proto::h1::conn] incoming body completed
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] maybe_notify; read_from_io blocked
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:50:31Z TRACE hyper::client::pool] put; add idle connection for ("https", remoto.mydomain.com)
[2024-05-02T16:50:31Z DEBUG hyper::client::pool] pooling idle connection for ("https", remoto.mydomain.com)
[2024-05-02T16:50:31Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(2))
[2024-05-02T16:50:31Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(2))
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] (ThreadId(2)) Receiver is shutdown
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] (ThreadId(2)) end runtime::block_on
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] (ThreadId(2)) finished
[2024-05-02T16:50:31Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(2))
"{\"code\":\"jS9GC7_ReDMIYx5RxBYNhw\",\"url\":\"https://auth.mydomain.com/application/o/authorize/?response_type=code&client_id=CDcbmaWuJjjgF9W4abcYtKb0HJsvPT4BXXApdkb4&state=jS9GC7_ReDMIYx5RxBYNhw&redirect_uri=https%3A%2F%2Fremoto.mydomain.com%2Fapi%2Foidc%2Fcallback&scope=openid+openid+email+profile&nonce=hu3poLuYFCqc6FRbKhOueg\"}"

simple_test direct to rustdesk server using our internal IP:

C:\Users\rafael\Downloads\simple_test>.\simple_test.exe -l t -u http://10.250.250.42:21114/api/oidc/auth -d "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}"
The options: Options { loglevel: Some("t"), url: "http://10.250.250.42:21114/api/oidc/auth", data: "{\"deviceInfo\":{\"name\":\"host name\",\"os\":\"windows\",\"type\":\"client\"},\"id\":\"1584180369\",\"op\":\"mundel\",\"uuid\":\"ZGuiZWEzODftYzJKMii0ZFQ3LKhiKjgtNDeiYzcUNSk1t2Ua\"}" }
[2024-05-02T16:51:41Z TRACE reqwest::blocking::wait] (ThreadId(1)) park without timeout
[2024-05-02T16:51:41Z TRACE reqwest::blocking::client] (ThreadId(2)) start runtime::block_on
[2024-05-02T16:51:41Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:51:41Z TRACE hyper::client::pool] checkout waiting for idle connection: ("http", 10.250.250.42:21114)
[2024-05-02T16:51:41Z TRACE reqwest::blocking::wait] (ThreadId(1)) park timeout 29.9999966s
[2024-05-02T16:51:41Z DEBUG reqwest::connect] starting new connection: http://10.250.250.42:21114/
[2024-05-02T16:51:41Z TRACE hyper::client::connect::http] Http::connect; scheme=Some("http"), host=Some("10.250.250.42"), port=Some(Port(21114))
[2024-05-02T16:51:41Z DEBUG hyper::client::connect::http] connecting to 10.250.250.42:21114
[2024-05-02T16:51:41Z DEBUG hyper::client::connect::http] connected to 10.250.250.42:21114
[2024-05-02T16:51:41Z TRACE hyper::client::conn] client handshake Http1
[2024-05-02T16:51:41Z TRACE hyper::client::client] handshake complete, spawning background dispatcher task
[2024-05-02T16:51:41Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Busy }
[2024-05-02T16:51:41Z TRACE hyper::client::pool] checkout dropped for ("http", 10.250.250.42:21114)
[2024-05-02T16:51:41Z TRACE tracing::span] encode_headers;
[2024-05-02T16:51:41Z TRACE tracing::span::active] -> encode_headers;
[2024-05-02T16:51:41Z TRACE hyper::proto::h1::role] Client::encode method=POST, body=Some(Known(156))
[2024-05-02T16:51:41Z TRACE tracing::span::active] <- encode_headers;
[2024-05-02T16:51:41Z TRACE tracing::span] -- encode_headers;
[2024-05-02T16:51:41Z TRACE hyper::proto::h1::encode] sized write, len = 156
[2024-05-02T16:51:41Z TRACE hyper::proto::h1::io] buffer.queue self.len=125 buf.len=156
[2024-05-02T16:51:41Z DEBUG hyper::proto::h1::io] flushed 281 bytes
[2024-05-02T16:51:41Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: KeepAlive, keep_alive: Busy }
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::conn] Conn::read_head
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::io] received 557 bytes
[2024-05-02T16:51:42Z TRACE tracing::span] parse_headers;
[2024-05-02T16:51:42Z TRACE tracing::span::active] -> parse_headers;
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::role] Response.parse bytes=557
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::role] Response.parse Complete(230)
[2024-05-02T16:51:42Z TRACE tracing::span::active] <- parse_headers;
[2024-05-02T16:51:42Z TRACE tracing::span] -- parse_headers;
[2024-05-02T16:51:42Z DEBUG hyper::proto::h1::io] parsed 7 headers
[2024-05-02T16:51:42Z DEBUG hyper::proto::h1::conn] incoming body is content-length (327 bytes)
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::decode] decode; state=Length(327)
[2024-05-02T16:51:42Z DEBUG hyper::proto::h1::conn] incoming body completed
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::conn] maybe_notify; read_from_io blocked
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:51:42Z TRACE hyper::client::pool] put; add idle connection for ("http", 10.250.250.42:21114)
[2024-05-02T16:51:42Z DEBUG hyper::client::pool] pooling idle connection for ("http", 10.250.250.42:21114)
[2024-05-02T16:51:42Z TRACE reqwest::blocking::wait] wait at most 30s
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] closing runtime thread (ThreadId(2))
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] signaled close for runtime thread (ThreadId(2))
[2024-05-02T16:51:42Z TRACE hyper::proto::h1::conn] flushed({role=client}): State { reading: Init, writing: Init, keep_alive: Idle }
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] (ThreadId(2)) Receiver is shutdown
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] (ThreadId(2)) end runtime::block_on
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] (ThreadId(2)) finished
[2024-05-02T16:51:42Z TRACE reqwest::blocking::client] closed runtime thread (ThreadId(2))
"{\"code\":\"YM2TU6A2czMga3sl-Ot0gA\",\"url\":\"https://auth.mydomain.com/application/o/authorize/?response_type=code&client_id=CDcbmaWuJjjgF9W4abcYtKb0HJsvPT4BXXApdkb4&state=YM2TU6A2czMga3sl-Ot0gA&redirect_uri=https%3A%2F%2Fremoto.mydomain.com%2Fapi%2Foidc%2Fcallback&scope=openid+openid+email+profile&nonce=CKXRi5Ano6t5mrFeS6aqDA\"}"
rmundel commented 1 month ago

@fufesou if we go through the Commercial Support email I can give you remote access to our RD server.

fufesou commented 1 month ago

@rmundel Thanks for your kind reply.

Do you use https://remoto.mydomain.com or 10.250.250.42 as the API server in the RustDesk client?

If so, the only difference may be the HAProxy.

We have added a new feature about the http proxy, can you please try it? https://github.com/rustdesk/rustdesk/pull/7821

image

rmundel commented 1 month ago

HAProxy acts the same as Nginx as our reverse proxy.

The only URL used in production is https://mydomain...

The internal IP was only for debugging purposes to show you the results.

fufesou commented 1 month ago

Sorry for late.

Can you please set the env RUST_LOG to debug, and then restart the server? It will print more logs. You may see some logs like request; method=POST uri=/api/api/oidc/auth version=HTTP/1.1

You can also try:

  1. Login with the default administrator account in the RustDesk client. Maybe the request becomes GET after the proxy, as the server's 405 response.
  2. Try the "Socks/Http(s) Proxy". Maybe no help.

There's another strange thing. The reponse of http://remoto.mydomain.com/api/oidc/auth is empty, but not for https and http://ip:port

1715087843193
rmundel commented 1 month ago

@fufesou I don't know what the heck is going on.. Everything worked just fine using server 1.3.3 and rebuilding the custom clients...

We tested Linux default client with our server, and custom MacOS and Windows builds.

The only issue is that Linux is not getting the bookmarks from the server, but that's a problem for another time.

Thanks once again, and sorry for the inconvenience.