Local file server issues
Hello,
Could you help me debug my issue as i can't find anything useful from docker logs ?
My issue is following, upon testing local file storage output is:
Success: PRIVATE_KEY configuration found.
Success: PUBLIC_KEY configuration found.
Success: SERVER_URL configuration found.
Success: SERVER_PUBLIC_KEY configuration found.
Success: CLUSTER_ID configuration found.
Success: CLUSTER_PRIVATE_KEY configuration found.
Success: HOST_URL configuration found.
Success: SHARDS configuration found.
- Success: SERVER_URL format seems to be correct
- Success: Your SERVER_URL port is an integer.
- Success: Your SERVER_URL port is in the correct range.
- Success: Host resolved
- Success: Host and port exist and firewall seems to allow connections.
Testing shard 424bdadc-0463-4b9c-b4e8-edd38c8ed678:
- Success: Required property read present
- Success: Required property write present
- Success: Required property delete present
- Success: Required property engine present
- Success: property engine has the right type
- Success: Required property class present
- Success: Required property kwargs present
- Success: Required property location in your engine's kwargs present.
- Success: Required property location in your engine's kwargs present.
- Success: Test file successfully created with user unknown.
- Success: Stored test file successfully deleted with user unknown.
- Error: Connection to server was refused by the server with a Status 500 and the following message: <h1>Server Error (500)</h1>
Inspecting docker containers logs psono-server i have noticed following:
[pid: 21|app: 0|req: 4/44] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:18:56 2019] PUT /fileserver/alive/ => generated 27 bytes in 45 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
[pid: 21|app: 0|req: 5/45] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:19:06 2019] PUT /fileserver/alive/ => generated 27 bytes in 43 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
[pid: 21|app: 0|req: 6/46] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:19:16 2019] PUT /fileserver/alive/ => generated 27 bytes in 41 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
[pid: 27|app: 0|req: 8/47] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:19:26 2019] PUT /fileserver/alive/ => generated 27 bytes in 40 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
[pid: 28|app: 0|req: 4/48] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:19:36 2019] PUT /fileserver/alive/ => generated 27 bytes in 47 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
[pid: 28|app: 0|req: 5/49] 172.17.0.1 () {42 vars in 2220 bytes} [Wed Nov 6 17:19:46 2019] PUT /fileserver/alive/ => generated 27 bytes in 43 msecs (HTTP/1.0 500) 4 headers in 134 bytes (1 switches on core 0)
Turning on debug on both file server, and on psono-server config doesn't show any errors, just outputs No fileserver available
upon trying to upload file via web interface. I have checked browser's console too.
I do not have custom domain/subdomain for file server, but i have tweaked nginx to serve /fileserver path as other endpoints, what is weird is visiting IP:10200/info works, but IP:10200/fileserver/alive
or IP:10200/alive
doesn't work.
If it helps, here is the nginx conf (replaced URL only):
server {
listen 80;
server_name psono.example.com;
return 301 https://psono.example.com$request_uri;
}
server {
listen 80;
server_name www.psono.example.com;
return 301 https://psono.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name psono.example.com;
return 301 https://www.psono.example.com$request_uri;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy same-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# If you have the admin fileserver installed too behind this reverse proxy domain, add your fileserver URL e.g. https://fs01.psono.example.com as connect-src too:
add_header Content-Security-Policy "default-src 'none'; manifest-src 'self'; connect-src 'self' https://static.psono.com https://api.pwnedpasswords.com https://storage.googleapis.com https://*.digitaloceanspaces.com https://*.s3.amazonaws.com https://www.psono.example.com/*; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'";
ssl_certificate /etc/ssl/psono.crt;
ssl_certificate_key /etc/ssl/psono.key;
}
server {
listen 443 ssl http2;
server_name www.psono.example.com;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Comment this in if you know what you are doing
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy same-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# If you have the admin fileserver installed too behind this reverse proxy domain, add your fileserver URL e.g. https://fs01.psono.example.com as connect-src too:
add_header Content-Security-Policy "default-src 'none'; manifest-src 'self'; connect-src 'self' https://static.psono.com https://api.pwnedpasswords.com https://storage.googleapis.com https://*.digitaloceanspaces.com https://*.s3.amazonaws.com https://www.psono.example.com/*; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'";
ssl_certificate /etc/ssl/psono.crt;
ssl_certificate_key /etc/ssl/psono.key;
client_max_body_size 10m;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
root /var/www/html;
location /server {
rewrite ^/server/(.*) /$1 break;
proxy_set_header Host psono.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Last-Modified $date_gmt;
add_header Pragma "no-cache";
add_header Cache-Control "private, max-age=0, no-cache, no-store";
if_modified_since off;
expires off;
etag off;
proxy_pass http://127.0.0.1:10100;
}
location ~* ^/portal.*\.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
# Comment in the following lines if you have the admin webclient running in a docker container
proxy_set_header Host psono.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:10102;
proxy_redirect http://127.0.0.1:10102 https://psono.example.com;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
# Comment in the following lines if you have the webclient running in a docker container
proxy_set_header Host psono.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:10101;
proxy_redirect http://127.0.0.1:10101 https://psono.example.com;
}
# Comment in the following lines if you have the admin webclient running in a docker container
location /portal {
proxy_set_header Host psono.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#
proxy_read_timeout 90;
#
proxy_pass http://127.0.0.1:10102;
proxy_redirect http://127.0.0.1:10102 https://psono.example.com;
}
# Comment in the following lines if you have the webclient running in a docker container
location / {
proxy_set_header Host psono.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#
proxy_pass http://127.0.0.1:10101;
proxy_read_timeout 90;
#
proxy_redirect http://127.0.0.1:10101 https://psono.example.com;
}
location /fileserver {
rewrite ^/fileserver/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Last-Modified $date_gmt;
add_header Pragma "no-cache";
add_header Cache-Control "private, max-age=0, no-cache, no-store";
if_modified_since off;
expires off;
etag off;
proxy_pass http://127.0.0.1:10200;
# The big traffic will be encrypted chunks, so using gzip here causes only server load
gzip off;
# To allow the 128 MB chunks
client_max_body_size 256m;
}
}
Here is the psono file-server settings.yaml (removed sensitive data) :
# Adjust this according to Django Documentation https://docs.djangoproject.com/en/1.10/ref/settings/
ALLOWED_HOSTS: ['*']
# Should be the full path to your fileserver
HOST_URL: 'https://www.psono.example.com/fileserver'
Any help or pointers on how to debug this would be appreciated, thank you in advance !