search

solidtime-io / self-hosting-examples

Example self-hosting setups for solidtime
MIT License
22 stars 1 forks source link

Invalid key supplied #7

Open nestormata opened 4 days ago

nestormata commented 4 days ago

Hi, I'm installing solidtime in docker (Portainer). The application is installed, database migrate, it shows up, I get to register, I get the confirmation email, that link works... all good. But, when I enter the application, none of the front end calls to the backend works, they all give the following error.

Note: Since I'm using Portainer, I entered all the variables in portainer, which creates a stack.env file for it, so I changed the docker compose entries to use stack.env instead of laravel.env (just in case this affects something wired up)

INFO  [2024-11-13 16:49:28] production.ERROR: Invalid key supplied {"exception":"[object] (LogicException(code: 0): Invalid key supplied at vendor/league/oauth2-server/src/CryptKey.php:67).  
   INFO  [stacktrace].  
   INFO  #0 vendor/laravel/passport/src/PassportServiceProvider.php(325): League\\OAuth2\\Server\\CryptKey->__construct().  
   INFO  #1 vendor/laravel/passport/src/PassportServiceProvider.php(306): Laravel\\Passport\\PassportServiceProvider->makeCryptKey().  
   INFO  #2 vendor/laravel/framework/src/Illuminate/Container/Container.php(931): Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}().  
   INFO  #3 vendor/laravel/framework/src/Illuminate/Container/Container.php(815): Illuminate\\Container\\Container->build().  
   INFO  #4 vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1046): Illuminate\\Container\\Container->resolve().  
   INFO  #5 vendor/laravel/framework/src/Illuminate/Container/Container.php(751): Illuminate\\Foundation\\Application->resolve().  
   INFO  #6 vendor/laravel/framework/src/Illuminate/Foundation/Application.php(1028): Illuminate\\Container\\Container->make().  
   INFO  #7 vendor/laravel/passport/src/PassportServiceProvider.php(353): Illuminate\\Foundation\\Application->make().  
   INFO  #8 vendor/laravel/passport/src/PassportServiceProvider.php(337): Laravel\\Passport\\PassportServiceProvider->makeGuard().  
   INFO  #9 vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(113): Laravel\\Passport\\PassportServiceProvider->Laravel\\Passport\\{closure}().  
   INFO  #10 vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(90): Illuminate\\Auth\\AuthManager->callCustomCreator().  
   INFO  #11 vendor/laravel/framework/src/Illuminate/Auth/AuthManager.php(70): Illuminate\\Auth\\AuthManager->resolve().  
   INFO  #12 vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(83): Illuminate\\Auth\\AuthManager->guard().  
   INFO  #13 vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(62): Illuminate\\Auth\\Middleware\\Authenticate->authenticate().  
   INFO  #14 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Auth\\Middleware\\Authenticate->handle().  
   INFO  #15 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #16 vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\\Pipeline\\Pipeline->then().  
   INFO  #17 vendor/laravel/framework/src/Illuminate/Routing/Router.php(786): Illuminate\\Routing\\Router->runRouteWithinStack().  
   INFO  #18 vendor/laravel/framework/src/Illuminate/Routing/Router.php(750): Illuminate\\Routing\\Router->runRoute().  
   INFO  #19 vendor/laravel/framework/src/Illuminate/Routing/Router.php(739): Illuminate\\Routing\\Router->dispatchToRoute().  
   INFO  #20 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(201): Illuminate\\Routing\\Router->dispatch().  
   INFO  #21 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}().  
   INFO  #22 vendor/livewire/livewire/src/Features/SupportDisablingBackButtonCache/DisableBackButtonCacheMiddleware.php(19): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #23 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Livewire\\Features\\SupportDisablingBackButtonCache\\DisableBackButtonCacheMiddleware->handle().  
   INFO  #24 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #25 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle().  
   INFO  #26 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull->handle().  
   INFO  #27 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #28 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle().  
   INFO  #29 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle().  
   INFO  #30 vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #31 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\ValidatePostSize->handle().  
   INFO  #32 vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #33 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle().  
   INFO  #34 vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #35 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\HandleCors->handle().  
   INFO  #36 vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #37 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\\Http\\Middleware\\TrustProxies->handle().  
   INFO  #38 vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}().  
   INFO  #39 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Pipeline\\Pipeline->then().  
   INFO  #40 vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter().  
   INFO  #41 vendor/laravel/octane/src/ApplicationGateway.php(36): Illuminate\\Foundation\\Http\\Kernel->handle().  
   INFO  #42 vendor/laravel/octane/src/Worker.php(84): Laravel\\Octane\\ApplicationGateway->handle().  
   INFO  #43 vendor/laravel/octane/bin/frankenphp-worker.php(53): Laravel\\Octane\\Worker->handle().  
   INFO  #44 [internal function]: {closure}().  
   INFO  #45 vendor/laravel/octane/bin/frankenphp-worker.php(74): frankenphp_handle_request().  
   INFO  #46 public/frankenphp-worker.php(3): require('...').  
   INFO  #47 {main}.  
   INFO  "} .

The configuration of the keys looks something like this:

APP_FORCE_HTTPS="true"
TRUSTED_PROXIES="0.0.0.0/0,2000:0:0:0:0:0:0:0/3"
APP_KEY="base64:aXVvYnZ0cWF0M2lrZHlwZDl3cXlham42MHNqa3hqeGk="
PASSPORT_PRIVATE_KEY="-----BEGIN PRIVATE KEY----- MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDX0iojhpRduuzv Bxlu+/dqOQWhuSlfLA13IUIxBTfFFDe5GpyWKhSdp++BVDseUjbdd7jZFhceOO0C 
... more ...
rnFX9X0KEZyPuEd3Kq3RWeEnwZVWM0cUN4UPcp4M1ZQwiBzJ65Pz1xdJRJ8ezcKO sMuU/TjuGGfHenVJXVEPgVEQYqJufcH0+UcoTWP/Ng4GC7UfT5LHvvgT8INdlyqm 3S3N62mdHl4qPADL+GQcUXG3L2oR -----END PRIVATE KEY-----"
PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA19IqI4aUXbrs7wcZbvv3 ajkFobkpXywNdyFCMQU3xRQ3uRqclioUnafvgVQ7HlI23Xe42RYXHjjtAuZNC4n8 
... more ...
X3ZPvAzFa05hgo+nB0+vBi0CgyzdWbKkgl5ionutJQdFLBnA2ECERnZTYVzV1Oex RAZIss3HjB+VTu8QEXLs7LECAwEAAQ== -----END PUBLIC KEY-----"
vanillasoap commented 17 hours ago

I've managed to get it to work in portainer running on truenas scale 24.10. I am using cloudflare to handle https, and I am mounting the keys from files instead of passing them as environment variables to avoid potential formatting issues.

I made sure the key files had the correct permissions:

chmod 600 storage/oauth-keys/oauth-private.key
chmod 644 storage/oauth-keys/oauth-public.key
chown -R 1000:1000 storage/oauth-keys

here's my docker-compose.yaml 

services:
  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: always
    command: tunnel run --token ${CLOUDFLARE_TUNNEL_TOKEN}
    networks:
      - internal
    environment:
      - TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}

  app:
    restart: always
    image: "solidtime/solidtime:${SOLIDTIME_IMAGE_TAG:-latest}"
    user: "1000:1000"
    networks:
      - internal
    volumes:
      - "app-storage:/var/www/html/storage"
      - "./logs:/var/www/html/storage/logs"
      - "./app-storage:/var/www/html/storage/app"
      - "./storage/oauth-keys:/var/www/html/storage/oauth-keys"
    environment:
      CONTAINER_MODE: http
      APP_ENV: production
      APP_DEBUG: "true"
      APP_URL: "https://yourdomain.com"
      APP_FORCE_HTTPS: "true"
      TRUSTED_PROXIES: "0.0.0.0/0,2000:0:0:0:0:0:0:0/3"
      APP_KEY: ${APP_KEY}
      PASSPORT_PRIVATE_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-private.key
      PASSPORT_PUBLIC_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-public.key
      SUPER_ADMINS: ${SUPER_ADMINS}
      LOG_CHANNEL: stderr_daily
      LOG_LEVEL: debug
      DB_CONNECTION: pgsql
      DB_HOST: database
      DB_PORT: 5432
      DB_SSLMODE: require
      DB_DATABASE: solidtime
      DB_USERNAME: solidtime
      DB_PASSWORD: randompassword
      MAIL_MAILER: smtp
      MAIL_HOST: ${MAIL_HOST}
      MAIL_PORT: ${MAIL_PORT}
      MAIL_ENCRYPTION: tls
      MAIL_FROM_ADDRESS: "no-reply@yourdomain.com"
      MAIL_FROM_NAME: solidtime
      MAIL_USERNAME: ${MAIL_USERNAME}
      MAIL_PASSWORD: ${MAIL_PASSWORD}
      QUEUE_CONNECTION: database
      FILESYSTEM_DISK: local
      PUBLIC_FILESYSTEM_DISK: public
      SESSION_DOMAIN: "yourdomain.com"
      SANCTUM_STATEFUL_DOMAINS: "yourdomain.com"
      SESSION_SECURE_COOKIE: "true"
      CORS_ALLOWED_ORIGINS: "https://yourdomain.com"
      API_URL: "https://yourdomain.com"
    healthcheck:
      test: [ "CMD-SHELL", "curl --fail http://localhost:8000/health-check/up || exit 1" ]
    depends_on:
      - database

  scheduler:
    restart: always
    image: "solidtime/solidtime:${SOLIDTIME_IMAGE_TAG:-latest}"
    user: "1000:1000"
    networks:
      - internal
    volumes:
      - "app-storage:/var/www/html/storage"
      - "./logs:/var/www/html/storage/logs"
      - "./app-storage:/var/www/html/storage/app"
    environment:
      CONTAINER_MODE: scheduler
      APP_ENV: production
      APP_DEBUG: "false"
      APP_URL: "https://yourdomain.com"
      APP_FORCE_HTTPS: "true"
      TRUSTED_PROXIES: "0.0.0.0/0,2000:0:0:0:0:0:0:0/3"
      APP_KEY: ${APP_KEY}
      PASSPORT_PRIVATE_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-private.key
      PASSPORT_PUBLIC_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-public.key
      SUPER_ADMINS: ${SUPER_ADMINS}
      LOG_CHANNEL: stderr_daily
      LOG_LEVEL: debug
      DB_CONNECTION: pgsql
      DB_HOST: database
      DB_PORT: 5432
      DB_SSLMODE: prefer
      DB_DATABASE: solidtime
      DB_USERNAME: solidtime
      DB_PASSWORD: randompassword
      MAIL_MAILER: smtp
      MAIL_HOST: ${MAIL_HOST}
      MAIL_PORT: ${MAIL_PORT}
      MAIL_ENCRYPTION: tls
      MAIL_FROM_ADDRESS: "no-reply@yourdomain.com"
      MAIL_FROM_NAME: solidtime
      MAIL_USERNAME: ${MAIL_USERNAME}
      MAIL_PASSWORD: ${MAIL_PASSWORD}
      QUEUE_CONNECTION: database
      FILESYSTEM_DISK: local
      PUBLIC_FILESYSTEM_DISK: public
    healthcheck:
      test: [ "CMD-SHELL", "supervisorctl status scheduler:scheduler_00" ]
    depends_on:
      - database

  queue:
    restart: always
    image: "solidtime/solidtime:${SOLIDTIME_IMAGE_TAG:-latest}"
    user: "1000:1000"
    networks:
      - internal
    volumes:
      - "app-storage:/var/www/html/storage"
      - "./logs:/var/www/html/storage/logs"
      - "./app-storage:/var/www/html/storage/app"
    environment:
      CONTAINER_MODE: worker
      WORKER_COMMAND: "php /var/www/html/artisan queue:work"
      APP_ENV: production
      APP_DEBUG: "false"
      APP_URL: "https://yourdomain.com"
      APP_FORCE_HTTPS: "true"
      TRUSTED_PROXIES: "0.0.0.0/0,2000:0:0:0:0:0:0:0/3"
      APP_KEY: ${APP_KEY}
      PASSPORT_PRIVATE_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-private.key
      PASSPORT_PUBLIC_KEY_PATH: /var/www/html/storage/oauth-keys/oauth-public.key
      SUPER_ADMINS: ${SUPER_ADMINS}
      LOG_CHANNEL: stderr_daily
      LOG_LEVEL: debug
      DB_CONNECTION: pgsql
      DB_HOST: database
      DB_PORT: 5432
      DB_SSLMODE: require
      DB_DATABASE: solidtime
      DB_USERNAME: solidtime
      DB_PASSWORD: randompassword
      MAIL_MAILER: smtp
      MAIL_HOST: ${MAIL_HOST}
      MAIL_PORT: ${MAIL_PORT}
      MAIL_ENCRYPTION: tls
      MAIL_FROM_ADDRESS: "no-reply@yourdomain.com"
      MAIL_FROM_NAME: solidtime
      MAIL_USERNAME: ${MAIL_USERNAME}
      MAIL_PASSWORD: ${MAIL_PASSWORD}
      QUEUE_CONNECTION: database
      FILESYSTEM_DISK: local
      PUBLIC_FILESYSTEM_DISK: public
    healthcheck:
      test: [ "CMD-SHELL", "supervisorctl status worker:worker_00" ]
    depends_on:
      - database

  database:
    restart: always
    image: 'postgres:15'
    environment:
      PGPASSWORD: 'randompassword'
      POSTGRES_DB: 'solidtime'
      POSTGRES_USER: 'solidtime'
      POSTGRES_PASSWORD: 'randompassword'
    volumes:
      - 'database-storage:/var/lib/postgresql/data'
    networks:
      - internal
    healthcheck:
      test:
        - CMD
        - pg_isready
        - '-q'
        - '-d'
        - 'solidtime'
        - '-U'
        - 'solidtime'
      retries: 3
      timeout: 5s

networks:
  internal:

volumes:
  database-storage:
  app-storage:

and my .env

APP_KEY=""
PASSPORT_PRIVATE_KEY_PATH=/var/www/html/storage/oauth-keys/oauth-private.key
PASSPORT_PUBLIC_KEY_PATH=/var/www/html/storage/oauth-keys/oauth-public.key
SUPER_ADMINS=
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=yourmail.gmail.com
MAIL_PASSWORD=
MAIL_ENCRYPTION=tls
CLOUDFLARE_TUNNEL_TOKEN=