Acess to /nosh folder on apache server

[shihjay2]

From @rumsant on March 31, 2017 2:50

This has happened to me in the past, but I've just done a reinstall because I was working on other problems with the install:

After NOSH working fine, at some point I vagrant halt, and then vagrant up at some point later on. When I try to access either the local-ip/nosh or the domain/nosh (both of which worked find previously) I get taken to a page that says "Forbidden - You don't have permission to access /nosh on this server.

I think that each time this has happened the only thing that has changed has been a change in the local ip address assigned to the ubuntu/xenial64 virtual machine.

I'm guessing that there is a file I have to modify somewhere, or something like that, but I just don't know what or where it is.

Copied from original issue: shihjay2/nosh2#42

[rumsant]

I did that, and it didn't seem to change anything.

[rumsant]

Did you see my comment about the nosh2.conf file?

[shihjay2]

What was the comment about the nosh2.conf file?

[rumsant]

Almost forgot to mention this:

I remember you mentioning a file called "nosh2.conf" awhile ago and you mentioned it should be in /etc/apache2/conf-enabled. If this is true, I would like you to know that it is not present in that location.

[shihjay2]

This was my response:

nosh2.conf in v3.0 is now in /etc/apache2/sites-enabled

This was to address the letsencrypt errors you were getting before.

[rumsant]

Missed that. Yes, it's there all right.

[shihjay2]

Can you do a nosh/update_system call again? I've updated the code to see if this may have fixed things.

[rumsant]

I will do that. Although I will need to wait until tomorrow to do a proper install to test it because just now I reinstalled without adding domain for letsencrypt and without adding the JSON file because that is the only way that allows me to get into NOSH and use the system.

I will run a proper reinstall tomorrow when I have a chance to look at this again.

[rumsant]

One other funny thing I've noticed: If I specify static IP for NOSH in Vagrantfile, I'm unable to access /nosh (or even the apache2 ubuntu default page) from outside my LAN. In my router, the "Active Clients" shows the static IP for NOSH being there, but the host name for that IP is listed as "*".

But if I shut down the machine and use the MAC address of NOSH to set the static IP through my router instead of vagrantfile, and I specify a host name "ubuntu-xenial", then I am able to access /nosh from outside of my LAN via the domain, and the router shows the Active Client for that static IP with the host name "ubuntu-xenial".

This probably isn't connected, but I thought I'd mention it.

[rumsant]

I don't think I mentioned this yet because I assumed it was normal. But when I am going through the initial installation and enter a domain for letsencrypt, while the letsencrypt process is running, I get some text in yellow that says: "The directory '/home/ubuntu/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag."

Thought I would mention it just in case.

[rumsant]

I tried a fresh install with the update_system and it didn't seem to change anything.

I'm almost certain now that I can register with letsencrypt and everything works fine. It's only once I upload the JSON file that I start getting the redirect error. There's something going on there that breaks down.

Not sure if this access.log from /var/log/apache2 will have any helpful info, but this is a part of what repeats constantly when I try to access /nosh from my host before getting the redirect error:

"192.168.1.102 - - [03/Apr/2017:05:40:08 +0000] "GET /nosh/ HTTP/1.1" 302 1063 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2$ 192.168.1.102 - - [03/Apr/2017:05:40:08 +0000] "GET /nosh/googleoauth HTTP/1.1" 302 1062 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch$ 192.168.1.102 - - [03/Apr/2017:05:40:08 +0000] "GET /nosh/googleoauth HTTP/1.1" 302 1054 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch$ 192.168.1.102 - - [03/Apr/2017:05:40:08 +0000] "GET /nosh/googleoauth HTTP/1.1" 302 1058 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch$ 192.168.1.102 - - [03/Apr/2017:05:40:08 +0000] "GET /nosh/googleoauth HTTP/1.1" 302 1062 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Ch$"

[shihjay2]

Please update NOSH again (you don't have to destroy or redeploy VM). Let me know if that works.

[rumsant]

After updating, when I try to reach mylocalip/nosh from the host computer, I get a 400 error: "400. That’s an error. Error: invalid_request device_id and device_name are required for private IP: http://192.168.1.121/nosh/googleoauth Learn more Request Details response_type=code access_type=offline client_id=163461183484-2sourr9978jovolkibkjslsg7ra4m4lr.apps.googleusercontent.com redirect_uri=http://192.168.1.121/nosh/googleoauth state= scope=https://mail.google.com/ approval_prompt=force"

When I try to reach mydomain/nosh from outside the LAN, I am taken to an account sign-in page for google at the following URL: "https://accounts.google.com/AccountChooser?continue=https://accounts.google.com/o/oauth2/auth?response_type%3Dcode%26access_type%3Doffline%26client_id%3D163461183484-2sourr9978jovolkibkjslsg7ra4m4lr.apps.googleusercontent.com%26redirect_uri%3Dhttps://rscconf.us/nosh/googleoauth%26state%26scope%3Dhttps://mail.google.com/%26approval_prompt%3Dforce%26from_login%3D1%26as%3D-6fdfbb115705fdee&btmpl=authsub&scc=1&oauth=1"

After I sign into the account connected to Nosh, I am told that NOSH ChartingSystem would like to have offline access. If I click "Allow", I am taken to an error page with the following error: "QueryException in Connection.php line 770: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'refresh_token' in 'field list' (SQL: update practiceinfo set refresh_token = 1/hoqkv7kjrmcx8yvWdB55yv8G5WUR2rc6Bhfm1k53RC8 where practice_id = 1)"

[rumsant]

On a related note, here is a link to a possibly very similar issue that was solved: http://stackoverflow.com/questions/23298463/requesting-an-access-token-from-google-api-returns-302

[shihjay2]

Please update_system again; After you login again after updating, please do this from outside the LAN unless you can use your domain name inside the LAN (NAT loopback required). Uising local ip address will cause the Google OAuth to fail because it's looking to match the domain name in the redirect URL you provided when you set up the credentials but it's not because you're using a numerical address.

[rumsant]

Great. Was able to login from outside LAN following update.

Also able to login and navigate links using mylocalip/nosh from host computer.

Whew!

[rumsant]

Created a user and received the email at the user's email address. This looks good.

edit: the email to the new user that was created gives a link to follow that includes my Nosh IP address instead of the domain. Is this because I created the user from the host computer? For example, if I created the user from outside the LAN, using the domain name, would the invitation email include the domain name rather than the Nosh local IP?