Installation : 403 Forbidden nginx/1.18.0

glemen · September 11, 2024, 9:51am

Bonjour,

Je rencontre un problème d’installation, ma configuration hyperviseur proxmox avec une VM debian 11, la carte reseau ns18.

J’ai suivi : https://wazo-platform.org/uc-doc/installation/install-system

je me connect en HTTPS : et une page nginx :

403 Forbidden

nginx/1.18.0

TASK [uc-engine : Setup engine] ********************************************************************************************fatal: [localhost]: FAILED! => {“access_control_allow_origin”: “*”, “changed”: false, “connection”: “close”, “content_length”: “37”, “content_type”: “application/json”, “date”: “Wed, 11 Sep 2024 00:06:20 GMT”, “elapsed”: 0, “json”: {“message”: “Internal Server Error”}, “msg”: “Status code was 500 and not [201]: HTTP Error 500: INTERNAL SERVER ERROR”, “redirected”: false, “server”: “nginx/1.18.0”, “status”: 500, “url”: “https://localhost:443/api/setupd/1.0/setup”}

RUNNING HANDLER [wazo-certs : Restart nginx] *******************************************************************************
PLAY RECAP *****************************************************************************************************************localhost : ok=122 changed=62 unreachable=0 failed=1 skipped=54 rescued=0 ignored=0

Avez vous une idée ?

glemen · September 11, 2024, 10:12am

root@wazo:/etc/nginx/locations# wazo-service status
Checking database…
OK
Checking services…
Checking database…
OK
Checking services…
running wazo-plugind
running wazo-webhookd
running wazo-sysconfd
running wazo-confgend
running wazo-confd
running wazo-auth
running wazo-call-logd
running wazo-dxtora
running wazo-provd
running wazo-agid
running asterisk
running wazo-amid
running wazo-agentd
running wazo-dird
running wazo-phoned
running wazo-calld
running wazo-websocketd
running wazo-chatd

root@wazo:/etc/nginx/sites-enabled# cat wazo
log_format main
'$remote_addr - $remote_user [$time_local] “$customrequest” ’
'$status $body_bytes_sent “$http_referer” “$http_user_agent” “$sent_http_x_powered_by” ’
'$request_length $msec $request_time $upstream_addr ’
‘$upstream_response_length $upstream_response_time $upstream_status’;

map $request $customrequest {
“~^(.)token=([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4})([a-fA-F0-9]{8})(.)” “$1token=XXXXXXXX-XXXX-XXXX-XXXX-XXXX$3$4”;
“~^(.)/token/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4})([a-fA-F0-9]{8})(.)” “$1/token/XXXXXXXX-XXXX-XXXX-XXXX-XXXX$3$4”;
default $request;
}

The noauth zone is meant to be applied to ressources that are unauthenticated

Limits are applied to each individual IP addresses. Be careful with this limit

a single IP address could be used by many users.

limit_req_zone $binary_remote_addr zone=noauth:10m rate=25r/s;

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name $domain;

access_log /var/log/nginx/wazo.access.log main;
error_log /var/log/nginx/wazo.error.log;
root /var/www/html;

return 301 https://$host$request_uri;

}

server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name $domain;
access_log /var/log/nginx/wazo.access.log main;
error_log /var/log/nginx/wazo.error.log;
root /var/www/html;

include /etc/nginx/locations/https-enabled/*;

gzip off; # gzipping SSL encripted data is a waste of time
fastcgi_param HTTPS on;
ssl_certificate /usr/share/wazo-certs/server.crt;
ssl_certificate_key /usr/share/wazo-certs/server.key;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:!SEED:+HIGH:+MEDIUM;
ssl_protocols TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000";

}

glemen · September 11, 2024, 10:16am

journalctl -u wazo-xivoctl

– Journal begins at Tue 2024-09-10 17:51:11 EDT, ends at Wed 2024-09-11 06:15:02 EDT. –
– No entries –
root@wazo:/etc/nginx/sites-enabled# systemctl restart wazo-xivoctl
Failed to restart wazo-xivoctl.service: Unit wazo-xivoctl.service not found.
root@wazo:/etc/nginx/sites-enabled# ^C
root@wazo:/etc/nginx/sites-enabled# journalctl -u wazo-sysconfd
– Journal begins at Tue 2024-09-10 17:51:11 EDT, ends at Wed 2024-09-11 06:15:41 EDT. –
Sep 10 19:47:27 wazo systemd[1]: Started wazo-sysconfd server.
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: 2024-09-10 19:47:28,420 [12930] (ERROR) (wazo_sysconfd.main): undefined environment variable XIVO_UUID
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: 2024-09-10 19:47:28,420 [12930] (CRITICAL) (root): XIVO_UUID environment variable is not set
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: Traceback (most recent call last):
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: File “/usr/bin/wazo-sysconfd”, line 33, in
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: sys.exit(load_entry_point(‘wazo-sysconfd==2.0’, ‘console_scripts’, ‘wazo-sysconfd’)())
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: File “/usr/lib/python3/dist-packages/wazo_sysconfd/main.py”, line 24, in main
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: set_xivo_uuid(config, logger)
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: File “/usr/lib/python3/dist-packages/xivo/config_helper.py”, line 168, in set_xivo_uuid
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: config[‘uuid’] = get_xivo_uuid(logger)
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: File “/usr/lib/python3/dist-packages/xivo/config_helper.py”, line 163, in get_xivo_uuid
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: raise UUIDNotFound()
Sep 10 19:47:28 wazo wazo-sysconfd[12930]: xivo.config_helper.UUIDNotFound: XIVO_UUID environment variable is not set
Sep 10 19:47:28 wazo systemd[1]: wazo-sysconfd.service: Main process exited, code=exited, status=1/FAILURE
Sep 10 19:47:28 wazo systemd[1]: wazo-sysconfd.service: Failed with result ‘exit-code’.
Sep 10 19:47:33 wazo systemd[1]: wazo-sysconfd.service: Scheduled restart job, restart counter is at 1.
Sep 10 19:47:33 wazo systemd[1]: Stopped wazo-sysconfd server.
Sep 10 19:47:33 wazo systemd[1]: Started wazo-sysconfd server.
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: 2024-09-10 19:47:33,987 [13232] (ERROR) (wazo_sysconfd.main): undefined environment variable XIVO_UUID
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: 2024-09-10 19:47:33,987 [13232] (CRITICAL) (root): XIVO_UUID environment variable is not set
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: Traceback (most recent call last):
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: File “/usr/bin/wazo-sysconfd”, line 33, in
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: sys.exit(load_entry_point(‘wazo-sysconfd==2.0’, ‘console_scripts’, ‘wazo-sysconfd’)())
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: File “/usr/lib/python3/dist-packages/wazo_sysconfd/main.py”, line 24, in main
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: set_xivo_uuid(config, logger)
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: File “/usr/lib/python3/dist-packages/xivo/config_helper.py”, line 168, in set_xivo_uuid
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: config[‘uuid’] = get_xivo_uuid(logger)
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: File “/usr/lib/python3/dist-packages/xivo/config_helper.py”, line 163, in get_xivo_uuid
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: raise UUIDNotFound()
Sep 10 19:47:33 wazo wazo-sysconfd[13232]: xivo.config_helper.UUIDNotFound: XIVO_UUID environment variable is not set
Sep 10 19:47:34 wazo systemd[1]: wazo-sysconfd.service: Main process exited, code=exited, status=1/FAILURE
Sep 10 19:47:34 wazo systemd[1]: wazo-sysconfd.service: Failed with result ‘exit-code’.
Sep 10 19:47:39 wazo systemd[1]: wazo-sysconfd.service: Scheduled restart job, restart counter is at 2.
Sep 10 19:47:39 wazo systemd[1]: Stopped wazo-sysconfd server.

quintana · September 11, 2024, 11:28am

Il faudrait nous donner les logs de ton service wazo-setupd, il a fait une erreur 500. Je pense qu’il y a un truc qu’il n’a pas aimé sur la finalisation de la configuration réseau et il a planté.

glemen · September 11, 2024, 11:42am

2024-09-11 07:42:34,977 [135142] (ERROR) (wazo_setupd.main): undefined environment variable XIVO_UUID
2024-09-11 07:42:35,053 [135142] (INFO) (wazo_setupd.controller): wazo-setupd starting…
2024-09-11 07:42:35,431 [135142] (INFO) (wazo_setupd.controller): wazo-setupd stopping…
2024-09-11 07:42:35,432 [135142] (CRITICAL) (root): ‘Controller’ object has no attribute ‘_stopper_http_thread’
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/wazo_setupd/controller.py”, line 63, in run
self.rest_api.run()
File “/usr/lib/python3/dist-packages/wazo_setupd/http_server.py”, line 60, in run
self.server.start()
File “/usr/lib/python3/dist-packages/cheroot/server.py”, line 1836, in start
self.prepare()
File “/usr/lib/python3/dist-packages/cheroot/server.py”, line 1791, in prepare
raise socket.error(msg)
OSError: No socket could be created – ((‘127.0.0.1’, 9302): [Errno 98] Address already in use)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/bin/wazo-setupd”, line 33, in
sys.exit(load_entry_point(‘wazo-setupd==1.0’, ‘console_scripts’, ‘wazo-setupd’)())
File “/usr/lib/python3/dist-packages/wazo_setupd/main.py”, line 35, in main
controller.run()
File “/usr/lib/python3/dist-packages/wazo_setupd/controller.py”, line 69, in run
if self._stopper_http_thread:
AttributeError: ‘Controller’ object has no attribute ‘_stopper_http_thread’

glemen · September 11, 2024, 11:43am

root@wazo:/etc/default# wazo-confd
2024-09-11 07:43:26,165 [135195] (ERROR) (wazo_confd.main): undefined environment variable XIVO_UUID
2024-09-11 07:43:26,168 [135195] (CRITICAL) (root): ‘uuid’
Traceback (most recent call last):
File “/usr/bin/wazo-confd”, line 33, in
sys.exit(load_entry_point(‘wazo-confd==0.1’, ‘console_scripts’, ‘wazo-confd’)())
File “/usr/lib/python3/dist-packages/wazo_confd/main.py”, line 38, in main
controller = Controller(config)
File “/usr/lib/python3/dist-packages/wazo_confd/controller.py”, line 33, in init
self._bus_publisher = BusPublisher.from_config(config[‘uuid’], config[‘bus’])
File “/usr/lib/python3.9/collections/init.py”, line 1058, in getitem
raise KeyError(key)
KeyError: ‘uuid’

julienfr · September 11, 2024, 12:11pm

yop,

On est d’accord que c’est au moment de l’installation via ansible que tu as ces messages !?

J’ai eux ce type de soucis, que j’ai résolu ainsi:
. ajouter localhost à mon fichier /etc/host

. dans le fichier, la partie:

[uc_engine:vars]
engine_api_configure_wizard = true
engine_api_root_password = <YOUR_ROOT_PASSWORD>
api_client_name = <YOUR_API_USERNAME>
api_client_password = <YOUR_API_PASSWORD>

api_client_name NE doit PAS être “root”

Et il me semble, que je n’avais pas:

[uc_engine:vars]
wazo_distribution = pelican-bullseye
wazo_distribution_upgrade = pelican-bullseye

mais il y avait la version dev … penses donc à bien vérifier ce point

cheers

glemen · September 11, 2024, 12:41pm

Je confirme à la fin de installation j’ai ce message au premier post !
Voila la config actuel

comment assign uid peux etre c’est cela … ?

etc/hots

127.0.0.1 localhost
127.0.1.1 wazo.home.arpa wazo

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

UC ENGINE

[all:vars]
ansible_python_interpreter = /usr/bin/python3

[uc_engine_host]
localhost ansible_connection=local

[database:children]
uc_engine_host

[engine_api:children]
uc_engine_host

[b2bua:children]
uc_engine_host

[uc_engine:children]
b2bua
database
engine_api

[uc_ui:children]
uc_engine_host

[uc_engine:vars]
engine_api_configure_wizard = true
engine_api_root_password = MDP
api_client_name = USER
api_client_password = MDP

“en commentaire” Variables are defined in …/roles/wazo-vars/defaults/main.yml
“en commentaire” wazo_distribution = wazo-dev-bullseye
“en commentaire” wazo_distribution_upgrade = wazo-dev-bullseye

glemen · September 11, 2024, 12:45pm

systemctl status wazo-setupd
● wazo-setupd.service - wazo-setupd daemon
Loaded: loaded (/lib/systemd/system/wazo-setupd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-09-11 06:22:11 EDT; 2h 32min ago
Main PID: 122444 (wazo-setupd)
Tasks: 13 (limit: 4660)
Memory: 35.3M
CPU: 26.354s
CGroup: /system.slice/wazo-setupd.service
└─122444 /usr/bin/python3 /usr/bin/wazo-setupd

Sep 11 06:22:19 wazo wazo-setupd[122444]: raise HTTPError(http_error_msg, response=self)
Sep 11 06:22:19 wazo wazo-setupd[122444]: requests.exceptions.HTTPError: 500 Server Error: Unexpected error: (raised as a result of Query-invoked autoflush; consider using a session.no_autoflush block if this flush is occurring prematur>Sep 11 06:22:19 wazo wazo-setupd[122444]: (psycopg2.errors.UniqueViolation) duplicate key value violates unique constraint “netiface_ifname_key”
Sep 11 06:22:19 wazo wazo-setupd[122444]: DETAIL: Key (ifname)=(ens18) already exists.
Sep 11 06:22:19 wazo wazo-setupd[122444]: [SQL: INSERT INTO netiface (ifname, hwtypeid, networktype, type, family, method, address, netmask, broadcast, gateway, mtu, vlanrawdevice, vlanid, options, description) VALUES (%(ifname)s, %(hwt>Sep 11 06:22:19 wazo wazo-setupd[122444]: [parameters: {‘ifname’: ‘ens18’, ‘hwtypeid’: 1, ‘networktype’: ‘voip’, ‘type’: ‘iface’, ‘family’: ‘inet’, ‘method’: ‘static’, ‘address’: ‘192.168.0.106’, ‘netmask’: ‘255.255.255.0’, ‘broadcast’:>Sep 11 06:22:19 wazo wazo-setupd[122444]: (Background on this error at: Error Messages — SQLAlchemy 1.3 Documentation) for url: http://localhost:9486/1.1/wizard
Sep 11 06:22:19 wazo wazo-setupd[122444]: 2024-09-11 06:22:19,308 [122444] (INFO) (wazo-setupd): response to 127.0.0.1 in 0.48s: POST http://localhost:443/1.0/setup 500
Sep 11 06:41:14 wazo wazo-setupd[122444]: 2024-09-11 06:41:14,491 [122444] (INFO) (wazo-setupd): request: GET http://localhost/1.0/setup {‘Host’: ‘localhost’, ‘X-Script-Name’: ‘/api/setupd’, ‘X-Forwarded-For’: ‘::1’, ‘X-Forwarded-Proto’>Sep 11 06:41:14 wazo wazo-setupd[122444]: 2024-09-11 06:41:14,492 [122444] (INFO) (wazo-setupd): response to 127.0.0.1 in 0.00s: GET http://localhost/1.0/setup 405

glemen · September 11, 2024, 12:52pm

quand je tape dans mon url : https://ip-wazo:443/api

j’ai bien interface web api de wazo :

Available APIs

mais impossible davoir acces à wazo-ui … sur le 443

et wazo-service status …

Checking services…
running wazo-plugind
running wazo-webhookd
running wazo-sysconfd
running wazo-confgend
running wazo-confd
running wazo-auth
running wazo-call-logd
running wazo-dxtora
running wazo-provd
running wazo-agid
running asterisk
running wazo-amid
running wazo-agentd
running wazo-dird
running wazo-phoned
running wazo-calld
running wazo-websocketd
running wazo-chatd

julienfr · September 11, 2024, 1:46pm

décomente
et modifie pour avoir:

wazo_distribution = pelican-bullseye
wazo_distribution_upgrade = pelican-bullseye

dans la doc, c’est bien marqué:
activate the following settings in inventories/uc-engine

une fois la modification faite, tu peux tester de relancer le script, mais avant, il faudrait faire un reload ou reset, pas sûr de moi, et j’ai déjà relancé l’installation sans le faire sans soucis.

wazo-reload
wazo reload
wazo-reset
wazo reset
pas sûr de la commande ^^

et ensuite, relancé l’installation:

ansible-playbook -i inventories/uc-engine uc-engine.yml

cheers

glemen · September 11, 2024, 3:59pm

julienfr · September 11, 2024, 4:37pm

Pour moi, c’est tes valeurs suivantes qui ne sont pas bonnes.

engine_api_root_password = MDP
api_client_name = USER
api_client_password = MDP

Mets bien ton compte root de la machine.
Suivant comment tu as installé debian, ton compte root n’est pas configuré.

Api_client_name ne peut pas être root.
Cheers

Topic		Replies	Views
Upgrade 18 to 20 - '403 Forbidden' Error Installation/Configuration	10	1415	May 8, 2021
Patch security nginx CVE-2021-23017 Français	1	366	June 16, 2021
Help softphone acces denied 403 Installation/Configuration	1	609	April 27, 2021
Nouvelle installation wazo platform 20 Installation/Configuration	12	1760	April 23, 2020
Installation Error Installation/Configuration	1	374	March 6, 2023