Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker error on start: Error fetching openid configuration 500 Internal Server Error #1790

Open
JCLengeling opened this issue Jul 22, 2024 · 5 comments

Comments

@JCLengeling
Copy link

I am currently trying to set up NSS with docker compose. However, whenever I launch the container, I end up with 500 Internal Server Error. Whenever I visit the server through my browser, I also get 500 Internal Server Error. I am not sure what causes the error.

This is my current docker compose:

version: "3.9"

services:
  node-solid-server:
    image: nodesolidserver/node-solid-server:latest
    container_name: node-solid-server
    environment:
      - SOLID_MULTIUSER=true
      #- SOLID_NO_REJECT_UNAUTHORIZED
      - SOLID_WEBID=true
      - SOLID_USE_EMAIL=true
      - SOLID_EMAIL_HOST=menkent.uberspace.de
      - SOLID_EMAIL_PORT=587
      - [email protected]
      - SOLID_EMAIL_AUTH_PASS=REDACTED
      - SOLID_SERVER_NAME="Solid test Server"
      - SOLID_SERVER_DESCRIPTION="A test Solid server"
      - [email protected]
      - SOLID_SERVER_URI=https://solid.aresthedevil.com
      - SOLID_SSL_KEY=/opt/solid/certs/key.pem
      - SOLID_SSL_CERT=/opt/solid/certs/fullchain.pem
      #- NODE_TLS_REJECT_UNAUTHORIZED=0
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      - "traefik.docker.network=proxynet"
      - "traefik.http.routers.solid.rule=Host(`solid.aresthedevil.com`)"
      - "traefik.http.routers.solid.tls.domains[0].main=solid.aresthedevil.com"
      - "traefik.http.routers.solid.tls.domains[0].sans=*.solid.aresthedevil.com"
      - "traefik.http.services.solid.loadbalancer.server.port=8443"
      - "traefik.http.routers.solid.entrypoints=websecure"
      - "traefik.http.routers.solid.tls.certresolver=mydnsresolver"
      - "traefik.http.services.solid.loadbalancer.server.scheme=https"
      - "traefik.http.routers.solid.tls=true"
    restart: always
    ports:
      - 8443:8443
    expose:
      - 8443
    networks:
      - proxynet
    volumes:
      - /home/dockeruser/docker/configs/solid-node-server/data:/opt/solid/data
      - /home/dockeruser/docker/configs/solid-node-server/.db:/opt/solid/.db
      - /home/dockeruser/docker/configs/solid-node-server/config:/opt/solid/config
      - /home/dockeruser/docker/configs/traefik/certs/solid.aresthedevil.com/:/opt/solid/certs/
      #- /home/dockeruser/docker/configs/reverse-proxy/certs/solid.aresthedevil.com/:/opt/solid/certs/

networks:
  proxynet:
    external: true

This is the log when I start it with docker:

node-solid-server  | 2024-07-22T11:23:16.760105699Z checking preconditions...
node-solid-server  | 2024-07-22T11:23:16.760677437Z ✓ /opt/solid/config is accessible by node
node-solid-server  | 2024-07-22T11:23:16.761114832Z ✓ /opt/solid/data is accessible by node
node-solid-server  | 2024-07-22T11:23:16.761555882Z ✓ /opt/solid/.db is accessible by node
node-solid-server  | 2024-07-22T11:23:16.762056802Z ✓ /opt/solid/certs/key.pem is accessible by node
node-solid-server  | 2024-07-22T11:23:16.762533923Z ✓ /opt/solid/certs/fullchain.pem is accessible by node
node-solid-server  | 2024-07-22T11:23:16.762570027Z Finished: SUCCESS
node-solid-server  | 2024-07-22T11:23:17.462385025Z TIP create a config.json: `$ solid init`
node-solid-server  | 2024-07-22T11:23:17.705589455Z 2024-07-22T11:23:17.705Z solid:settings Server URI: https://solid.aresthedevil.com
node-solid-server  | 2024-07-22T11:23:17.705639714Z 2024-07-22T11:23:17.705Z solid:settings Auth method: oidc
node-solid-server  | 2024-07-22T11:23:17.705652562Z 2024-07-22T11:23:17.705Z solid:settings Strict origins: true
node-solid-server  | 2024-07-22T11:23:17.705657300Z 2024-07-22T11:23:17.705Z solid:settings Allowed origins:
node-solid-server  | 2024-07-22T11:23:17.705670992Z 2024-07-22T11:23:17.705Z solid:settings Db path: ./.db
node-solid-server  | 2024-07-22T11:23:17.705736454Z 2024-07-22T11:23:17.705Z solid:settings Config path: ./config
node-solid-server  | 2024-07-22T11:23:17.705742871Z 2024-07-22T11:23:17.705Z solid:settings Suffix Acl: undefined
node-solid-server  | 2024-07-22T11:23:17.705745490Z 2024-07-22T11:23:17.705Z solid:settings Suffix Meta: undefined
node-solid-server  | 2024-07-22T11:23:17.705941079Z 2024-07-22T11:23:17.705Z solid:settings Allow WebID authentication: true
node-solid-server  | 2024-07-22T11:23:17.706061162Z 2024-07-22T11:23:17.705Z solid:settings Live-updates: true
node-solid-server  | 2024-07-22T11:23:17.706069921Z 2024-07-22T11:23:17.706Z solid:settings Multi-user: true
node-solid-server  | 2024-07-22T11:23:17.706080421Z 2024-07-22T11:23:17.706Z solid:settings Suppress default data browser app: undefined
node-solid-server  | 2024-07-22T11:23:17.706101655Z 2024-07-22T11:23:17.706Z solid:settings Default data browser app file path: default
node-solid-server  | 2024-07-22T11:23:17.718423426Z 2024-07-22T11:23:17.718Z solid:settings Base URL (--mount): /
node-solid-server  | 2024-07-22T11:23:17.718434348Z 2024-07-22T11:23:17.718Z solid:settings SSL Private Key path: /opt/solid/certs/key.pem
node-solid-server  | 2024-07-22T11:23:17.718437150Z 2024-07-22T11:23:17.718Z solid:settings SSL Certificate path: /opt/solid/certs/fullchain.pem
node-solid-server  | 2024-07-22T11:23:17.730810769Z Solid server (5.7.10) running on https://localhost:8443/
node-solid-server  | 2024-07-22T11:23:17.730872615Z Press <ctrl>+c to stop
node-solid-server  | 2024-07-22T11:23:17.732107114Z 2024-07-22T11:23:17.732Z solid:authentication Provider keys loaded from config
node-solid-server  | 2024-07-22T11:23:17.749048488Z 2024-07-22T11:23:17.748Z solid:authentication Provider keychain initialized
node-solid-server  | 2024-07-22T11:23:17.749851456Z 2024-07-22T11:23:17.749Z solid:authentication Not sleeping before client registration...
node-solid-server  | 2024-07-22T11:23:17.750809834Z 2024-07-22T11:23:17.750Z solid:authentication Client not present for issuer https://solid.aresthedevil.com, initializing new client
node-solid-server  | 2024-07-22T11:23:17.751049297Z 2024-07-22T11:23:17.750Z solid:authentication Registering new client for issuer  https://solid.aresthedevil.com
node-solid-server  | 2024-07-22T11:23:17.823651019Z 2024-07-22T11:23:17.821Z solid:authentication Error registering a new client:  Error: Error fetching openid configuration: 500 Internal Server Error
node-solid-server  | 2024-07-22T11:23:17.823674325Z     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  | 2024-07-22T11:23:17.823677535Z     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  | 2024-07-22T11:23:17.823680177Z   response: Response {
node-solid-server  | 2024-07-22T11:23:17.823682638Z     size: 0,
node-solid-server  | 2024-07-22T11:23:17.823685135Z     timeout: 0,
node-solid-server  | 2024-07-22T11:23:17.823687897Z     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  | 2024-07-22T11:23:17.823690509Z     [Symbol(Response internals)]: {
node-solid-server  | 2024-07-22T11:23:17.823692955Z       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  | 2024-07-22T11:23:17.823704627Z       status: 500,
node-solid-server  | 2024-07-22T11:23:17.823708010Z       statusText: 'Internal Server Error',
node-solid-server  | 2024-07-22T11:23:17.823711552Z       headers: [Headers],
node-solid-server  | 2024-07-22T11:23:17.823715132Z       counter: 0
node-solid-server  | 2024-07-22T11:23:17.823719121Z     }
node-solid-server  | 2024-07-22T11:23:17.823721346Z   },
node-solid-server  | 2024-07-22T11:23:17.823723509Z   statusCode: 500
node-solid-server  | 2024-07-22T11:23:17.823725719Z }
node-solid-server  | 2024-07-22T11:23:17.823942368Z 2024-07-22T11:23:17.823Z solid:authentication Error initializing local RP client:  Error: Error fetching openid configuration: 500 Internal Server Error
node-solid-server  | 2024-07-22T11:23:17.823952270Z     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  | 2024-07-22T11:23:17.823955437Z     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  | 2024-07-22T11:23:17.823958017Z   response: Response {
node-solid-server  | 2024-07-22T11:23:17.823960428Z     size: 0,
node-solid-server  | 2024-07-22T11:23:17.823962801Z     timeout: 0,
node-solid-server  | 2024-07-22T11:23:17.823965217Z     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  | 2024-07-22T11:23:17.823967806Z     [Symbol(Response internals)]: {
node-solid-server  | 2024-07-22T11:23:17.823970335Z       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  | 2024-07-22T11:23:17.823972830Z       status: 500,
node-solid-server  | 2024-07-22T11:23:17.823975224Z       statusText: 'Internal Server Error',
node-solid-server  | 2024-07-22T11:23:17.823977650Z       headers: [Headers],
node-solid-server  | 2024-07-22T11:23:17.823989140Z       counter: 0
node-solid-server  | 2024-07-22T11:23:17.823998272Z     }
node-solid-server  | 2024-07-22T11:23:17.824000672Z   },
node-solid-server  | 2024-07-22T11:23:17.824002872Z   statusCode: 500
node-solid-server  | 2024-07-22T11:23:17.824005134Z }

When I try wget https://solid.aresthedevil.com/.well-known/openid-configuration I ended up with:

--2024-07-22 12:55:56--  https://solid.aresthedevil.com/.well-known/openid-configuration
Resolving solid.aresthedevil.com (solid.aresthedevil.com)... 84.130.233.142
Connecting to solid.aresthedevil.com (solid.aresthedevil.com)|84.130.233.142|:443... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2024-07-22 12:55:57 ERROR 500: Internal Server Error.

When I enter the container while running docker exec -it node-solid-server sh and I run wget --no-check-certificate https://localhost:8443/.well-known/openid-configuration , I end up with:

Connecting to localhost:8443 ([::1]:8443)
saving to 'openid-configuration'
openid-configuration 100% |***************************************************************************************************************************************************************************************|  1294  0:00:00 ETA
'openid-configuration' saved

That file contains:

{"issuer":"https://solid.aresthedevil.com","jwks_uri":"https://solid.aresthedevil.com/jwks","scopes_supported":["openid","offline_access"],"response_types_supported":["code","code token","code id_token","id_token code","id_token","id_token token","code id_token token","none"],"token_types_supported":["legacyPop","dpop"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":[],"claims_parameter_supported":false,"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_request_uri_registration":false,"check_session_iframe":"https://solid.aresthedevil.com/session","end_session_endpoint":"https://solid.aresthedevil.com/logout","authorization_endpoint":"https://solid.aresthedevil.com/authorize","token_endpoint":"https://solid.aresthedevil.com/token","userinfo_endpoint":"https://solid.aresthedevil.com/userinfo","registration_endpoint":"https://solid.aresthedevil.com/register"}

Looking for existing issues related to fetching openid configuration, I found some issues discussing 502 error and not 500. It seemed that in that situation, there was/is an error with the SSL certificate. If I run the docker server with - SOLID_NO_REJECT_UNAUTHORIZED and - NODE_TLS_REJECT_UNAUTHORIZED=0 I still get the error. However, my certificate seems fine, see the attached screenshot: CaptureSolid

This is the content of the config folder on my base system:

dockeruser@Station:~/docker/node-solid-server$ tree -a  /home/dockeruser/docker/configs/solid-node-server/
/home/dockeruser/docker/configs/solid-node-server/
├── config
│   ├── templates
│   │   ├── emails
│   │   │   ├── delete-account.js
│   │   │   ├── invalid-username.js
│   │   │   ├── reset-password.js
│   │   │   └── welcome.js
│   │   ├── new-account
│   │   │   ├── .acl
│   │   │   ├── favicon.ico
│   │   │   ├── favicon.ico.acl
│   │   │   ├── inbox
│   │   │   │   └── .acl
│   │   │   ├── .meta
│   │   │   ├── .meta.acl
│   │   │   ├── private
│   │   │   │   └── .acl
│   │   │   ├── profile
│   │   │   │   ├── .acl
│   │   │   │   └── card$.ttl
│   │   │   ├── public
│   │   │   │   └── .acl
│   │   │   ├── robots.txt
│   │   │   ├── robots.txt.acl
│   │   │   ├── settings
│   │   │   │   ├── .acl
│   │   │   │   ├── prefs.ttl
│   │   │   │   ├── privateTypeIndex.ttl
│   │   │   │   ├── publicTypeIndex.ttl
│   │   │   │   ├── publicTypeIndex.ttl.acl
│   │   │   │   ├── serverSide.ttl.acl
│   │   │   │   └── serverSide.ttl.inactive
│   │   │   └── .well-known
│   │   │       └── .acl
│   │   └── server
│   │       ├── .acl
│   │       ├── favicon.ico
│   │       ├── favicon.ico.acl
│   │       ├── index.html
│   │       ├── robots.txt
│   │       ├── robots.txt.acl
│   │       └── .well-known
│   │           └── .acl
│   └── views
│       ├── account
│       │   ├── account-deleted.hbs
│       │   ├── delete-confirm.hbs
│       │   ├── delete.hbs
│       │   ├── delete-link-sent.hbs
│       │   ├── invalid-username.hbs
│       │   ├── register-disabled.hbs
│       │   ├── register-form.hbs
│       │   └── register.hbs
│       ├── auth
│       │   ├── auth-hidden-fields.hbs
│       │   ├── change-password.hbs
│       │   ├── goodbye.hbs
│       │   ├── login.hbs
│       │   ├── login-required.hbs
│       │   ├── login-tls.hbs
│       │   ├── login-username-password.hbs
│       │   ├── no-permission.hbs
│       │   ├── password-changed.hbs
│       │   ├── reset-link-sent.hbs
│       │   ├── reset-password.hbs
│       │   └── sharing.hbs
│       └── shared
│           ├── create-account.hbs
│           └── error.hbs
├── data
│   └── solid.aresthedevil.com
│       ├── .acl
│       ├── favicon.ico
│       ├── favicon.ico.acl
│       ├── index.html
│       ├── robots.txt
│       ├── robots.txt.acl
│       └── .well-known
│           └── .acl
└── .db
    └── oidc
        ├── op
        │   ├── clients
        │   ├── codes
        │   ├── provider.json
        │   ├── refresh
        │   └── tokens
        ├── rp
        │   └── clients
        └── users
            ├── users
            └── users-by-email

31 directories, 61 files
@zg009
Copy link
Contributor

zg009 commented Jul 27, 2024

Hey there,

I'll get on this in a bit, I'm busy with my full-time job right now. I'm leaving this comment to let you know I'm looking into it, and the starting point (for my own reference) is here https://github.com/nodeSolidServer/solid-multi-rp-client/blob/e9985e2fed97e33fd345a25242c1722bf13c27b0/src/multi-rp-client.js#L104-L109

One thing which MAY be causing the issue is if the requests to your URI are actually getting routed to the localhost port. I'm wondering if you may be able to change a configuration file to fix it, or if there is something in the config file of NSS which is causing the URL resolution issue.

@JCLengeling
Copy link
Author

Hej hej,
thank you very much for your help.

I think that there indeed might be some configuration problem, especially since I don't get a 500 error when I am within the docker container (the wget --no-check-certificate https://localhost:8443/.well-known/openid-configuration does seem to work then). As far as I understood, using docker compose, the configuration is done through the environment variables (#1450 (comment)). If there is any mistake in the docker compose configuration I posted above (the environment variables), please let me know.

P.s.: this is my traefik docker compose, I don't think there is an error in that configuration; it works with multiple other services without a problem (nextcloud, mattermost, openproject, gitea, ....)

version: '3.9'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/dockeruser/docker/configs/traefik/acme.json:/letsencrypt/acme.json
    networks:
      - proxynet
    environment:
      - INWX_USERNAME=REDACTED
      - INWX_PASSWORD=REDACTED
    command:
      - "--log.level=DEBUG"
      - "--api=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=proxynet"
      - "--entryPoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--entryPoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--certificatesresolvers.mytlsresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlsresolver.acme.email=joel.cedric@lengeling.eu"
      - "--certificatesresolvers.mytlsresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.mydnsresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.mydnsresolver.acme.dnschallenge.provider=inwx"
      - "--certificatesresolvers.mydnsresolver.acme.email=joel.cedric@lengeling.eu"
      - "--certificatesresolvers.mydnsresolver.acme.storage=/letsencrypt/acme.json"
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      - "traefik.docker.network=proxynet"
      - "traefik.http.routers.api.rule=Host(`traefik.aresthedevil.com`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.tls.certresolver=mytlsresolver"
      - "traefik.http.middlewares.ipwhitelist.ipallowlist.sourcerange=84.130.233.142"
      - "traefik.http.routers.api.middlewares=ipwhitelist"
      - "traefik.http.routers.api.entrypoints=websecure"

@JCLengeling
Copy link
Author

Hej hej,
thinking back about the previous comment, I revisited my config. I made the changes below to the enviornment part of my docker compose. I also modified the traefik loadbalancer label to no longer reference port 8443.

      - SOLID_PORT=443
      - SOLID_SERVER_URI=https://solid.aresthedevil.com:443

Now I do not longer get the 500 error :),..... but I end up with bad gateway 502 errors :( :

node-solid-server  | 2024-07-27T08:28:58.029336987Z checking preconditions...
node-solid-server  | 2024-07-27T08:28:58.029847864Z ✓ /opt/solid/config is accessible by node
node-solid-server  | 2024-07-27T08:28:58.030289105Z ✓ /opt/solid/data is accessible by node
node-solid-server  | 2024-07-27T08:28:58.030719572Z ✓ /opt/solid/.db is accessible by node
node-solid-server  | 2024-07-27T08:28:58.031176407Z ✓ /opt/solid/certs/key.pem is accessible by node
node-solid-server  | 2024-07-27T08:28:58.031594815Z ✓ /opt/solid/certs/fullchain.pem is accessible by node
node-solid-server  | 2024-07-27T08:28:58.031602468Z Finished: SUCCESS
node-solid-server  | 2024-07-27T08:28:58.753622479Z TIP create a config.json: `$ solid init`
node-solid-server  | 2024-07-27T08:28:58.996422809Z 2024-07-27T08:28:58.996Z solid:settings Server URI: https://solid.aresthedevil.com:443
node-solid-server  | 2024-07-27T08:28:58.996448173Z 2024-07-27T08:28:58.996Z solid:settings Auth method: oidc
node-solid-server  | 2024-07-27T08:28:58.996461694Z 2024-07-27T08:28:58.996Z solid:settings Strict origins: true
node-solid-server  | 2024-07-27T08:28:58.996491375Z 2024-07-27T08:28:58.996Z solid:settings Allowed origins:
node-solid-server  | 2024-07-27T08:28:58.996545485Z 2024-07-27T08:28:58.996Z solid:settings Db path: ./.db
node-solid-server  | 2024-07-27T08:28:58.996560551Z 2024-07-27T08:28:58.996Z solid:settings Config path: ./config
node-solid-server  | 2024-07-27T08:28:58.996589105Z 2024-07-27T08:28:58.996Z solid:settings Suffix Acl: undefined
node-solid-server  | 2024-07-27T08:28:58.996598573Z 2024-07-27T08:28:58.996Z solid:settings Suffix Meta: undefined
node-solid-server  | 2024-07-27T08:28:58.996738015Z 2024-07-27T08:28:58.996Z solid:settings Allow WebID authentication: true
node-solid-server  | 2024-07-27T08:28:58.996829123Z 2024-07-27T08:28:58.996Z solid:settings Live-updates: true
node-solid-server  | 2024-07-27T08:28:58.996856861Z 2024-07-27T08:28:58.996Z solid:settings Multi-user: true
node-solid-server  | 2024-07-27T08:28:58.996876451Z 2024-07-27T08:28:58.996Z solid:settings Suppress default data browser app: undefined
node-solid-server  | 2024-07-27T08:28:58.996897911Z 2024-07-27T08:28:58.996Z solid:settings Default data browser app file path: default
node-solid-server  | 2024-07-27T08:28:59.013179516Z 2024-07-27T08:28:59.013Z solid:settings Base URL (--mount): /
node-solid-server  | 2024-07-27T08:28:59.013191231Z 2024-07-27T08:28:59.013Z solid:settings SSL Private Key path: /opt/solid/certs/key.pem
node-solid-server  | 2024-07-27T08:28:59.013193850Z 2024-07-27T08:28:59.013Z solid:settings SSL Certificate path: /opt/solid/certs/fullchain.pem
node-solid-server  | 2024-07-27T08:28:59.025457431Z Solid server (5.7.10) running on https://localhost:443/
node-solid-server  | 2024-07-27T08:28:59.025496514Z Press <ctrl>+c to stop
node-solid-server  | 2024-07-27T08:28:59.026844045Z 2024-07-27T08:28:59.026Z solid:authentication Provider keys loaded from config
node-solid-server  | 2024-07-27T08:28:59.043843754Z 2024-07-27T08:28:59.043Z solid:authentication Provider keychain initialized
node-solid-server  | 2024-07-27T08:28:59.044592090Z 2024-07-27T08:28:59.044Z solid:authentication Not sleeping before client registration...
node-solid-server  | 2024-07-27T08:28:59.045529756Z 2024-07-27T08:28:59.045Z solid:authentication Client not present for issuer https://solid.aresthedevil.com:443, initializing new client
node-solid-server  | 2024-07-27T08:28:59.045805397Z 2024-07-27T08:28:59.045Z solid:authentication Registering new client for issuer  https://solid.aresthedevil.com:443
node-solid-server  | 2024-07-27T08:28:59.100382737Z 2024-07-27T08:28:59.098Z solid:authentication Error registering a new client:  Error: Error fetching openid configuration: 502 Bad Gateway
node-solid-server  | 2024-07-27T08:28:59.100396527Z     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  | 2024-07-27T08:28:59.100399398Z     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  | 2024-07-27T08:28:59.100401793Z   response: Response {
node-solid-server  | 2024-07-27T08:28:59.100404010Z     size: 0,
node-solid-server  | 2024-07-27T08:28:59.100406243Z     timeout: 0,
node-solid-server  | 2024-07-27T08:28:59.100408408Z     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  | 2024-07-27T08:28:59.100410823Z     [Symbol(Response internals)]: {
node-solid-server  | 2024-07-27T08:28:59.100413037Z       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  | 2024-07-27T08:28:59.100415374Z       status: 502,
node-solid-server  | 2024-07-27T08:28:59.100417549Z       statusText: 'Bad Gateway',
node-solid-server  | 2024-07-27T08:28:59.100426598Z       headers: [Headers],
node-solid-server  | 2024-07-27T08:28:59.100429066Z       counter: 0
node-solid-server  | 2024-07-27T08:28:59.100431285Z     }
node-solid-server  | 2024-07-27T08:28:59.100433478Z   },
node-solid-server  | 2024-07-27T08:28:59.100435665Z   statusCode: 502
node-solid-server  | 2024-07-27T08:28:59.100437870Z }
node-solid-server  | 2024-07-27T08:28:59.100597507Z 2024-07-27T08:28:59.100Z solid:authentication Error initializing local RP client:  Error: Error fetching openid configuration: 502 Bad Gateway
node-solid-server  | 2024-07-27T08:28:59.100617306Z     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  | 2024-07-27T08:28:59.100620277Z     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  | 2024-07-27T08:28:59.100622849Z   response: Response {
node-solid-server  | 2024-07-27T08:28:59.100625051Z     size: 0,
node-solid-server  | 2024-07-27T08:28:59.100627373Z     timeout: 0,
node-solid-server  | 2024-07-27T08:28:59.100629555Z     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  | 2024-07-27T08:28:59.100631791Z     [Symbol(Response internals)]: {
node-solid-server  | 2024-07-27T08:28:59.100633972Z       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  | 2024-07-27T08:28:59.100645406Z       status: 502,
node-solid-server  | 2024-07-27T08:28:59.100647407Z       statusText: 'Bad Gateway',
node-solid-server  | 2024-07-27T08:28:59.100649380Z       headers: [Headers],
node-solid-server  | 2024-07-27T08:28:59.100651355Z       counter: 0
node-solid-server  | 2024-07-27T08:28:59.100653357Z     }
node-solid-server  | 2024-07-27T08:28:59.100655306Z   },
node-solid-server  | 2024-07-27T08:28:59.100657238Z   statusCode: 502
node-solid-server  | 2024-07-27T08:28:59.100659176Z }

@JCLengeling
Copy link
Author

JCLengeling commented Jul 27, 2024

I have continued playing around with the configuration, and I either end up with 404, 500, or 502 errors.

No matter which configuration (even with 404 errors), whenever I enter the container shell and wget the openid-configuration it ends up working.

This is the console log with error 404

node-solid-server  | checking preconditions...
node-solid-server  | ✓ /opt/solid/config is accessible by node
node-solid-server  | ✓ /opt/solid/data is accessible by node
node-solid-server  | ✓ /opt/solid/.db is accessible by node
node-solid-server  | ✓ /opt/solid/certs/key.pem is accessible by node
node-solid-server  | ✓ /opt/solid/certs/fullchain.pem is accessible by node
node-solid-server  | Finished: SUCCESS
node-solid-server  | TIP create a config.json: `$ solid init`
node-solid-server  | 2024-07-27T10:26:14.574Z solid:settings Server URI: https://solid.aresthedevil.com
node-solid-server  | 2024-07-27T10:26:14.574Z solid:settings Auth method: oidc
node-solid-server  | 2024-07-27T10:26:14.574Z solid:settings Strict origins: true
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Allowed origins:
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Db path: ./.db
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Config path: ./config
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Suffix Acl: undefined
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Suffix Meta: undefined
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Allow WebID authentication: true
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Live-updates: true
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Multi-user: true
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Suppress default data browser app: undefined
node-solid-server  | 2024-07-27T10:26:14.575Z solid:settings Default data browser app file path: default
node-solid-server  | 2024-07-27T10:26:14.588Z solid:settings Base URL (--mount): /
node-solid-server  | 2024-07-27T10:26:14.588Z solid:settings SSL Private Key path: /opt/solid/certs/key.pem
node-solid-server  | 2024-07-27T10:26:14.588Z solid:settings SSL Certificate path: /opt/solid/certs/fullchain.pem
node-solid-server  | Solid server (5.7.10) running on https://localhost:443/
node-solid-server  | Press <ctrl>+c to stop
node-solid-server  | 2024-07-27T10:26:14.602Z solid:authentication Provider keys loaded from config
node-solid-server  | 2024-07-27T10:26:14.619Z solid:authentication Provider keychain initialized
node-solid-server  | 2024-07-27T10:26:14.620Z solid:authentication Not sleeping before client registration...
node-solid-server  | 2024-07-27T10:26:14.621Z solid:authentication Client not present for issuer https://solid.aresthedevil.com, initializing new client
node-solid-server  | 2024-07-27T10:26:14.621Z solid:authentication Registering new client for issuer  https://solid.aresthedevil.com
node-solid-server  | 2024-07-27T10:26:14.657Z solid:authentication Error registering a new client:  Error: Error fetching openid configuration: 404 Not Found
node-solid-server  |     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  |     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  |   response: Response {
node-solid-server  |     size: 0,
node-solid-server  |     timeout: 0,
node-solid-server  |     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  |     [Symbol(Response internals)]: {
node-solid-server  |       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  |       status: 404,
node-solid-server  |       statusText: 'Not Found',
node-solid-server  |       headers: [Headers],
node-solid-server  |       counter: 0
node-solid-server  |     }
node-solid-server  |   },
node-solid-server  |   statusCode: 404
node-solid-server  | }
node-solid-server  | 2024-07-27T10:26:14.659Z solid:authentication Error initializing local RP client:  Error: Error fetching openid configuration: 404 Not Found
node-solid-server  |     at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server  |     at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server  |   response: Response {
node-solid-server  |     size: 0,
node-solid-server  |     timeout: 0,
node-solid-server  |     [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server  |     [Symbol(Response internals)]: {
node-solid-server  |       url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server  |       status: 404,
node-solid-server  |       statusText: 'Not Found',
node-solid-server  |       headers: [Headers],
node-solid-server  |       counter: 0
node-solid-server  |     }
node-solid-server  |   },
node-solid-server  |   statusCode: 404
node-solid-server  | }

Which is the result of this docker compose:

version: "3.9"

services:
  node-solid-server:
    image: nodesolidserver/node-solid-server:latest
    container_name: node-solid-server
    environment:
      - SOLID_MULTIUSER=true
      #- SOLID_NO_REJECT_UNAUTHORIZED=true
      - SOLID_WEBID=true
      - SOLID_PORT=443
      - SOLID_USE_EMAIL=true
      - SOLID_EMAIL_HOST=menkent.uberspace.de
      - SOLID_EMAIL_PORT=587
      - [email protected]
      - SOLID_EMAIL_AUTH_PASS=REDACTED
      - SOLID_SERVER_NAME="Solid test Server"
      - SOLID_SERVER_DESCRIPTION="A test Solid server"
      - [email protected]
      - SOLID_SERVER_URI=https://solid.aresthedevil.com
      - SOLID_SSL_KEY=/opt/solid/certs/key.pem
      - SOLID_SSL_CERT=/opt/solid/certs/fullchain.pem
      #- NODE_TLS_REJECT_UNAUTHORIZED=0
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
      - "traefik.docker.network=proxynet"
      - "traefik.http.routers.solid.rule=Host(`solid.aresthedevil.com`)"
      - "traefik.http.routers.solid.tls.domains[0].main=solid.aresthedevil.com"
      - "traefik.http.routers.solid.tls.domains[0].sans=*.solid.aresthedevil.com"
      #- "traefik.http.services.solid.loadbalancer.server.port=443"
      - "traefik.http.routers.solid.entrypoints=websecure"
      - "traefik.http.routers.solid.tls.certresolver=mydnsresolver"
      - "traefik.http.services.solid.loadbalancer.server.scheme=https"
      - "traefik.http.routers.solid.tls=true"
    restart: always
    #ports:
    #  - 8443:8443
    #expose:
    #  - 443
    networks:
      - proxynet
    volumes:
      - /home/dockeruser/docker/configs/solid-node-server/data:/opt/solid/data
      - /home/dockeruser/docker/configs/solid-node-server/.db:/opt/solid/.db
      - /home/dockeruser/docker/configs/solid-node-server/config:/opt/solid/config
      - /home/dockeruser/docker/configs/traefik/certs/solid.aresthedevil.com/:/opt/solid/certs/
      #- /home/dockeruser/docker/configs/reverse-proxy/certs/solid.aresthedevil.com/:/opt/solid/certs/

networks:
  proxynet:
    external: true

So basically, I keep commenting in/out and modifying the values listed below, resulting in either 404, 500, or 502 errors. Below are the setup of these values resulting in the 404 error.

version: "3.9"

services:
  node-solid-server:
    .....
    environment:
      .....
      - SOLID_PORT=443
      ....
      - SOLID_SERVER_URI=https://solid.aresthedevil.com
    labels:
      ....
      #- "traefik.http.services.solid.loadbalancer.server.port=443"
      .....
    restart: always
    #ports:
    #  - 8443:8443
    #expose:
    #  - 443
    .....
   

@zg009
Copy link
Contributor

zg009 commented Jul 27, 2024

Thanks for checking. I'm not experienced with Docker but I'll try to get something deployed which is similar and see if I can figure out what the root cause is, but it may take some time as I'm not experienced with the Docker build or Docker itself

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants