search

syncloud / platform

Run popular services on your device with one click
https://syncloud.org
GNU General Public License v3.0
400 stars 40 forks source link

Activating with 'My own domain' not functional? #276

Closed snowboarder04 closed 6 years ago

snowboarder04 commented 6 years ago

Image: syncloud-raspberrypi3-17.10.1-sam.img

Steps to reproduce:

  1. I've flashed the image and navigated to the device's IP and am presented with the Activation page.

  2. I click on the 'My own domain' tab and complete the form and submit.

  3. The 'Activating' button animation spins for approx 120 seconds and reloads back to the same page. As there seems to be little documentation I dug into the issues a little to try and find if there is additional config required to make this work.

  4. As per Issue #236 I add the DNS zone file entries and use the TLD to navigate to the device's interface and attempt steps 2-3 again with the same result.

  5. Looking at the file /opt/data/platform/user_platform.cfg (mentioned in the above issue) I can see that there is configuration information written there which I entered so it seems there is some background work happening: (domain switched to example.com):

    
[platform]
redirect_enabled = False
custom_domain = example.com

[redirect] user_email = user@example.com domain = syncloud.it api_url = http://api.syncloud.it



Should I also change the domain under the `[redirect]` section?

Or perhaps I'm misunderstanding something about how Syncloud operates - must I still create a syncloud.it account and link it or can I just use the interface without doing so?

Thanks for all your hard work!
cyberb commented 6 years ago

You do not need an account at syncloud.it for custom domains. What you need is just to create two DNS records: A example.com device_ip CNAME *.example.com example.com

Also you need to make sure port 80 and port 81 are accessible (no firewall) during activation.

Do you have public IP on your device?

snowboarder04 commented 6 years ago

Thanks for the speedy reply :)

  1. Ok, so I have those DNS records in place - e.g:
$ dig sdfkjdsfbd.example.com
...
;; ANSWER SECTION:
sdfkjdsfbd.example.com.     300     IN      CNAME   example.com.
example.com.                300     IN      A       192.168.1.32
  1. Ports are confirmed open and accessible (same subnet as client browser, no firewall).
telnet example.com 80
Trying 192.168.1.32...
Connected to example.com.
Escape character is '^]'.
GET
HTTP/1.1 400 Bad Request

$ telnet example.com 81
Trying 192.168.1.32...
Connected to example.com.
Escape character is '^]'.
GET
HTTP/1.1 400 Bad Request
  1. No public IP assigned directly to the device (I'll eventually be proxying via a reverse device, if possible). Just testing on LAN-only for now. I guess you're asking for testing purposes?

I've just re-flashed the image and completed the form again - the problem persists. It just doesn't re-load/re-direct me to another screen (whether that's the login screen or the admin panel, I don't know yet). I'm just presented with the same 'Activate' button after it's done its spinning thing.

Digging deeper, I've taken a look at the log file here: /opt/data/platform/log/platform.log

From what I can see, it seems to have attempted doing the activation three times - at least it's written to the log three times (so far). I can see log entries in three blocks of time so far: *edit: this seems to be due to the three attempts I made to register, each unsuccessful according to the UI. Checking again with a clean-flash shows only one attempt being made to activate.

# egrep "activate|activation" /opt/data/platform/log/platform.log
2018-01-14 19:26:12,538 - Device - INFO - activate custom example.com, user
2018-01-14 19:27:39,540 - Device - INFO - activation completed
2018-01-14 20:16:53,809 - Device - INFO - activate custom example.com, user
2018-01-14 20:18:13,039 - Device - INFO - activation completed
2018-01-14 20:26:58,395 - Device - INFO - activate custom example.com, user
2018-01-14 20:28:45,736 - Device - INFO - activation completed

There is a log of info trimmed from that output, most of it is SSL certificate signing however, I did notice these lines which make me wonder if something is up (continuous log output below)...

2018-01-14 19:26:18,375 - Device - INFO - activating ldap
2018-01-14 19:26:18,401 - tls - INFO - generating CA Key
2018-01-14 19:27:17,769 - tls - INFO - Generating RSA private key, 4096 bit long modulus
...............................................++
.................................................................................................................................................................................................++
unable to write 'random state'
e is 65537 (0x10001)
2018-01-14 19:27:17,770 - tls - INFO - generating CA Certificate
2018-01-14 19:27:18,189 - tls - INFO -
2018-01-14 19:27:18,191 - tls - INFO - generating Server Key
2018-01-14 19:27:37,358 - tls - INFO - Generating RSA private key, 4096 bit long modulus
.................................................................++
...........++
unable to write 'random state'
e is 65537 (0x10001)
2018-01-14 19:27:37,360 - tls - INFO - generating Server Certificate Request
2018-01-14 19:27:37,781 - tls - INFO -
2018-01-14 19:27:37,783 - tls - INFO - generating Server Certificate
2018-01-14 19:27:38,222 - tls - INFO - Using configuration from /tmp/tmpeOVZoW
Check that the request matches the signature
Signature ok
Certificate Details:

There are 9 of these errors in the log file:

# egrep "unable to write 'random state'" /opt/data/platform/log/platform.log | wc -l
9

Perhaps related or expected behaviour?

cyberb commented 6 years ago

From the logs it looks like activation is done. Probably browser could not redirect to port 80. What happens if you access example.com in the browser? Does it redirect to example.com:81 (activation port for non-alcoholic devices) ?

As I understand browser does not show any other UI at the end of activation (bad). To debug that issue I would open browser Dev tools (f12) and check console and network tabs for errors.

Another thing, you are accessing your device by name for activation, which may be the problem (for me to fix). Could you try activating by internal IP (ex: 192.168.0.1:81) and see if that works.

snowboarder04 commented 6 years ago

N.B: I've moved the syncloud device into a new subnet (+updated DNS) for further testing - just in case it may cause confusion in the output shown below: Old subnet: 192.168.1. New subnet: 192.168.10.

Does it redirect to example.com:81 (activation port for non-alcoholic devices) ?

Yes it does redirect. This behaviour happens when accessing via FQDN or IP address.

open browser Dev tools (f12) and check console and network tabs for errors.

On the console I only see this line (standard): Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.[Learn More]

Network tab shows: image

Additionally, I've tested with both Chrome and Firefox browsers with the same results.

Thanks for your help 😃

cyberb commented 6 years ago

Non-alcoholic => non-altivated :)

Can you open browser network log and extend domain column to see port number. Then run activation. After it is done there should be redirect to port 80, I would like to know if there is any non 200 response (sorry it is a bit of guessing here)

Also you can check other log files like:

/opt/data/platform/log/uwsgi_public.log (for main UI on port 80)

/opt/data/platform/log/uwsgi_internal.log (activation UI port 81)

cyberb commented 6 years ago

Any updates?