console
console copied to clipboard
Published
20 hours ago •
phasehq
phasehq
Gitlab OAUTH_CALLBACK_ERROR invalid_client
Describe the bug
After successful login to gitlab, redirect to phase results in error=OAuthCallback / invalid_client
To Reproduce
- fresh setup with
docker composeusing https://docs.phase.dev/self-hosting/docker-compose#2-download-the-configurations - gitlab as sso (self-hosted,
v17.2.1) - external loadbalancer (traefik) -> https(ignore self-signed; pass_host_header=true) -> docker:nginx:443
HOST=pass.myacme.corp
HTTP_PROTOCOL=https://
SSO_PROVIDERS=gitlab
GITLAB_CLIENT_ID=e8d0df22dbe15xxxxxxxxxxxxxxxxxxx485aeeec2fcb1bd718ea
GITLAB_CLIENT_SECRET=gloas-2ff8a719c54xxxxxxxxxxxxxxxxxxd86c13b6336a61fd06796e1
GITLAB_AUTH_URL=https://gitlab.myacme.corp
Gitlab (Admin area/instance-wide) Application:
- Redirect URI: https://phase.myacme.corp/api/auth/callback/gitlab
- Trusted [ ✔ ]
- Confidential [ ] (with or without; not working)
- read_user [ ✔ ]
- Open Phase Login page
- Click on 'Login with GitLab'
- Be redirected to GitLab -> Login -> successful
- Be redirected back to Phase -> shows same Login page with URL https://phase.myacme.corp/login?callbackUrl=https%3A%2F%phase.myacme.corp%2F&error=OAuthCallback
docker compose logs -f
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:20:09 +0000] "GET / HTTP/2.0" 307 32 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:20:10 +0000] "GET /api/auth/signin?callbackUrl=%2F HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:20:10 +0000] "GET /login?callbackUrl=https%3A%2F%2Fphase.myacme.corp%2F HTTP/2.0" 200 3647 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
## --- LOGIN HERE -- ##
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:08:58 +0000] "POST /api/auth/signin/gitlab HTTP/2.0" 200 383 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-frontend | [next-auth][error][OAUTH_CALLBACK_ERROR]
phase-frontend | https://next-auth.js.org/errors#oauth_callback_error invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.) {
phase-frontend | error: OPError: invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.)
phase-frontend | at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
phase-frontend | at Client.grant (/app/node_modules/openid-client/lib/client.js:1327:22)
phase-frontend | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
phase-frontend | at async Client.oauthCallback (/app/node_modules/openid-client/lib/client.js:603:24)
phase-frontend | at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:111:16)
phase-frontend | at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
phase-frontend | at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
phase-frontend | at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
phase-frontend | at async K (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16853)
phase-frontend | at async U.render (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:17492) {
phase-frontend | name: 'OAuthCallbackError',
phase-frontend | code: undefined
phase-frontend | },
phase-frontend | providerId: 'gitlab',
phase-frontend | message: 'invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.)'
phase-frontend | }
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:08:59 +0000] "GET /api/auth/callback/gitlab?code=3161d2622ef1f66162089127d940912537feb186e7800c898d4348566874f430&state=LpaRDSWebzSDKQt2_EWU7yB9OWHYLVHr6JZZSnW5fGQ HTTP/2.0" 302 0 "https://gitlab.myacme.corp/" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:18:57 +0000] "GET /api/auth/error?error=OAuthCallback HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:18:57 +0000] "GET /api/auth/signin?error=OAuthCallback HTTP/2.0" 302 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
phase-nginx | 192.168.55.197 - - [31/Jul/2024:16:18:58 +0000] "GET /login?callbackUrl=https%3A%2F%2Fphase.myacme.corp%2F&error=OAuthCallback HTTP/2.0" 200 3647 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" "10.242.2.57"
Expected behavior
Successful Login
Platform you are having the issue on:
docker version 24.0.5
Additional context
I assume this is not an actual bug, but if it's a configuration issue, I don't know what I've done wrong. Documentation might lack an important information
Hey @sgohl , this is usually due to the BACKEND_API_BASE env var being either incorrectly set or unresolvable. This variable should be the internal hostname for the phase-backend container. You may also want to check your traefik setup to make sure that phase-frontend can make requests to phase-backend.
Hi, thanks for your answer!
If I understand correctly, phase-frontend only needs to make requests to phase-backend internally (not from browser) - this works already by default because docker.
traefik is not involved here, since it's only the external loadbalancer for TLS termination for the users to get access to the frontend. I assume this is the case for 99% of all users having a reverse proxy in front of the frontend to provide a real domain with ssl.
so, container to container works:
~/phase > docker compose exec -it frontend bash
4663834a9556:/app$ echo $BACKEND_API_BASE
http://backend:8000
4663834a9556:/app$ curl $BACKEND_API_BASE -I
HTTP/1.1 404 Not Found
Server: gunicorn
Since the service backend has no port definition in docker, I assume it does not need to be accessed by browser; is that right?
@sgohl Sorry for the delay getting back to you. The backend does indeed need to be access by the browser, for client-side api calls. In our standard nginx setup, the /service path is used to direct requests to the backend: https://github.com/phasehq/console/blob/70dae3f13ab4134692ccb9a310910b417a67846a/nginx/default.conf#L8
@rohan-chaturvedi not a problem at all, thanks for responding anyway!
so, BACKEND_API_BASE which is http://backend:8000 is accessible from phase-frontend container - not from any browser obviously.
From Browser-side, NEXT_PUBLIC_BACKEND_API_BASE which is https://pass.myacme.corp/service is accessible:
> curl -I https://pass.myacme.corp/service/
HTTP/2 404
server: nginx/1.27.0
phase-nginx | 192.168.55.197 - - [17/Sep/2024:11:16:38 +0000] "HEAD /service/ HTTP/2.0" 404 0 "-" "curl/7.82.0" "192.168.61.52"
What not works is the login redirect mechanism:
/api/auth/callback/gitlab?code=c1b70cxxx&state=CBQO3xxx(302withlocation: https://pass.myacme.corp/api/auth/error?error=OAuthCallback)- twice:
/api/auth/error?error=OAuthCallback(302withlocation https://pass.myacme.corp/api/auth/signin?error=OAuthCallback)
as far as I see, all environment variables are set correctly:
frontend:
environment:
BACKEND_API_BASE: http://backend:8000
NEXT_PUBLIC_BACKEND_API_BASE: https://pass.myacme.corp/service
NEXTAUTH_URL: https://pass.myacme.corp
backend:
environment:
OAUTH_REDIRECT_URI: https://pass.myacme.corp
SSO_PROVIDERS: gitlab
something else I could check?
Your setup seems to be correct and I don't see any obvious issues. I assume you have GITLAB_CLIENT_ID and GITLAB_CLIENT_SECRET available to the backend container.
Could you verify that the backend is up and healthy by opening https://pass.myacme.corp/service/health/ (note the trailing slash) in the browser or via curl? You should get the JSON response:
{"status": "alive"}
Hi, I have the same issue, but with github... can i help with any additional info?
@Apkahym Could you could share the details of your setup including:
- nginx / traefik config
- environment config
- frontend container logs
- verify that
/service/health/returns a json response as mentioned in the previous comment.
Also you can add the DEBUG=True env var to get more verbose logs. @sgohl you may want to try this as well
I'm running Docker Compose, as the docs say.
When i try to login, screen not change but the url change to
https://localhost/login?callbackUrl=https%3A%2F%2Flocalhost%2F&error=Callback
Docker Version: Docker version 24.0.7, build afdd53b PC: Mac M1 Pro OS: Sonoma Versión 14.2 (23C64)
Health endpoint it is ok
GET https://localhost/service/health/
{"status": "alive"}
Github App Config
I only use the callback URL, I don't configure the other options
Callback URL: https://localhost/api/auth/callback/github
Docker compose file
services:
nginx:
container_name: phase-nginx
build:
context: .
dockerfile: ./nginx/Dockerfile
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- frontend
- backend
networks:
- phase-net
frontend:
container_name: phase-frontend
restart: unless-stopped
depends_on:
- backend
image: phasehq/frontend:latest
env_file: .env
environment:
NEXTAUTH_URL: "${HTTP_PROTOCOL}${HOST}"
BACKEND_API_BASE: "http://backend:8000"
NEXT_PUBLIC_BACKEND_API_BASE: "${HTTP_PROTOCOL}${HOST}/service/"
NEXT_PUBLIC_NEXTAUTH_PROVIDERS: "${SSO_PROVIDERS}"
networks:
- phase-net
backend:
container_name: phase-backend
restart: unless-stopped
depends_on:
- postgres
- redis
image: phasehq/backend:latest
env_file: .env
environment:
OAUTH_REDIRECT_URI: "${HTTP_PROTOCOL}${HOST}"
ALLOWED_HOSTS: "${HOST},backend"
ALLOWED_ORIGINS: "${HTTP_PROTOCOL}${HOST}"
SESSION_COOKIE_DOMAIN: "${HOST}"
networks:
- phase-net
worker:
container_name: phase-worker
restart: unless-stopped
depends_on:
- postgres
- redis
image: phasehq/backend:latest
command: python manage.py rqworker default
env_file: .env
environment:
ALLOWED_HOSTS: "${HOST},backend"
ALLOWED_ORIGINS: "${HTTP_PROTOCOL}${HOST}"
SESSION_COOKIE_DOMAIN: "${HOST}"
networks:
- phase-net
postgres:
container_name: phase-postgres
image: postgres:15.4-alpine3.17
restart: always
env_file:
- .env
environment:
POSTGRES_DB: ${DATABASE_NAME}
POSTGRES_USER: ${DATABASE_USER}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
POSTGRES_HOST_AUTH_METHOD: "trust"
volumes:
- phase-postgres-data:/var/lib/postgresql/data
networks:
- phase-net
redis:
container_name: phase-redis
image: redis:alpine3.19
restart: always
networks:
- phase-net
volumes:
phase-postgres-data:
driver: local
networks:
phase-net:
.env
HOST=localhost
HTTP_PROTOCOL=https://
DEBUG=true
#USER_EMAIL_DOMAIN_WHITELIST=mydomain.com,subdomain.mydomain.com
NEXTAUTH_SECRET=82031b3760ac58352bb2d48fd9f32e9f72a0614343b669038139f18652ed1447
SECRET_KEY=92d44efc4f9a4c0556cc67d2d033d3217829c263d5ab7d1954cf4b5bfd533e58
SERVER_SECRET=9e760539415af07b22249b5878593bd4deb9b8961c7dd0570117549f2c4f32a2
SSO_PROVIDERS=github
#GOOGLE_CLIENT_ID=
#GOOGLE_CLIENT_SECRET=
GITHUB_CLIENT_ID=Iv*****************62M
GITHUB_CLIENT_SECRET=d8d*******************************1de614
#GITLAB_CLIENT_ID=
#GITLAB_CLIENT_SECRET=
#GITHUB_INTEGRATION_CLIENT_ID=
#GITHUB_INTEGRATION_CLIENT_SECRET=
DATABASE_PORT=5432
DATABASE_NAME=postgres-db-name
DATABASE_USER=postgres-user
DATABASE_PASSWORD=a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
NEXT_TELEMETRY_DISABLED=1
Nginx Dockerfile
FROM nginx
RUN apt-get update && \
apt-get install -y openssl && \
mkdir -p /etc/nginx/ssl && \
openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/nginx/ssl/nginx.key && \
openssl req -new -x509 -sha256 -key /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -days 365 \
-subj "/C=SG/ST=Wordwideweb/L=The Cloud/CN=example.com" \
Nginx Conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location /service/ {
rewrite ^/service/(.*) /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://backend:8000;
proxy_redirect off;
proxy_cookie_path / "/; HttpOnly; SameSite=strict";
proxy_buffers 16 32k;
proxy_buffer_size 64k;
proxy_busy_buffers_size 128k;
}
location /kms/ {
rewrite ^/kms/(.*) /kms/$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://backend:8000;
proxy_redirect off;
proxy_cookie_path / "/; HttpOnly; SameSite=strict";
proxy_buffers 16 32k;
proxy_buffer_size 64k;
proxy_busy_buffers_size 128k;
}
location / {
include /etc/nginx/mime.types;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://frontend:3000;
proxy_redirect off;
proxy_buffers 16 32k;
proxy_buffer_size 64k;
proxy_busy_buffers_size 128k;
}
}
Logs
Backend
Operations to perform:
Apply all migrations: account, admin, api, auth, authtoken, contenttypes, django_rq, logs, sessions, sites, socialaccount
Running migrations:
No migrations to apply.
[2024-09-18 13:54:56 +0000] [1] [INFO] Starting gunicorn 22.0.0
[2024-09-18 13:54:56 +0000] [1] [INFO] Listening at: http://0.0.0.0:8000 (1)
[2024-09-18 13:54:56 +0000] [1] [INFO] Using worker: sync
[2024-09-18 13:54:56 +0000] [8] [INFO] Booting worker with pid: 8
[2024-09-18 13:54:56 +0000] [9] [INFO] Booting worker with pid: 9
[2024-09-18 13:54:56 +0000] [10] [INFO] Booting worker with pid: 10
2024-09-18 13:56:11,479 WARNING [django.request:241] log 10 281473466109184 Bad Request: /social/login/github/
Frontend
▲ Next.js 14.2.3
- Local: http://localhost:3000
- Network: http://0.0.0.0:3000
✓ Starting...
✓ Ready in 64ms
AxiosError: Request failed with status code 400
at settle (file:///app/node_modules/axios/lib/core/settle.js:19:12)
at IncomingMessage.handleStreamEnd (file:///app/node_modules/axios/lib/adapters/http.js:599:11)
at IncomingMessage.emit (node:events:530:35)
at endReadableNT (node:internal/streams/readable:1696:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
at Axios.request (file:///app/node_modules/axios/lib/core/Axios.js:45:41)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Object.jwt (/app/.next/server/pages/api/auth/[...nextauth].js:1:2745)
at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:135:25)
at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
at async K (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16853)
at async U.render (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:17492)
at async NextNodeServer.runApi (/app/node_modules/next/dist/server/next-server.js:600:9)
at async NextNodeServer.handleCatchallRenderRequest (/app/node_modules/next/dist/server/next-server.js:269:37) {
code: 'ERR_BAD_REQUEST',
config: {
transitional: {
silentJSONParsing: true,
forcedJSONParsing: true,
clarifyTimeoutError: false
},
adapter: [ 'xhr', 'http', 'fetch' ],
transformRequest: [ [Function: transformRequest] ],
transformResponse: [ [Function: transformResponse] ],
timeout: 0,
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: -1,
maxBodyLength: -1,
env: { FormData: [Function], Blob: [class Blob] },
validateStatus: [Function: validateStatus],
headers: Object [AxiosHeaders] {
Accept: 'application/json, text/plain, */*',
'Content-Type': 'application/json',
'User-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0',
'X-forwarded-for': '192.168.65.1',
'Content-Length': '59',
'Accept-Encoding': 'gzip, compress, deflate, br'
},
withCredentials: true,
method: 'post',
url: 'http://backend:8000/social/login/github/',
data: '{"access_token":"ghu_KSWnVi36YoOWWn10HgTfTVRJ6L0MYO0iGE9I"}'
},
request: <ref *1> ClientRequest {
_events: [Object: null prototype] {
abort: [Function (anonymous)],
aborted: [Function (anonymous)],
connect: [Function (anonymous)],
error: [Function (anonymous)],
socket: [Function (anonymous)],
timeout: [Function (anonymous)],
finish: [Function: requestOnFinish]
},
_eventsCount: 7,
_maxListeners: undefined,
outputData: [],
outputSize: 0,
writable: true,
destroyed: false,
_last: false,
chunkedEncoding: false,
shouldKeepAlive: false,
maxRequestsOnConnectionReached: false,
_defaultKeepAlive: true,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
strictContentLength: false,
[next-auth][error][OAUTH_CALLBACK_HANDLER_ERROR]
https://next-auth.js.org/errors#oauth_callback_handler_error undefined Backend error
_contentLength: '59',
_hasBody: true,
_trailer: '',
finished: true,
_headerSent: true,
_closed: false,
socket: Socket {
connecting: false,
_hadError: false,
_parent: null,
_host: 'backend',
_closeAfterHandlingError: false,
_events: [Object],
_readableState: [ReadableState],
_writableState: [WritableState],
allowHalfOpen: false,
_maxListeners: undefined,
_eventsCount: 7,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: null,
_server: null,
timeout: 5000,
parser: null,
_httpMessage: [Circular *1],
[Symbol(async_id_symbol)]: 7512,
[Symbol(kHandle)]: [TCP],
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: Timeout {
_idleTimeout: 5000,
_idlePrev: [TimersList],
_idleNext: [Timeout],
_idleStart: 75756,
_onTimeout: [Function: bound ],
_timerArgs: undefined,
_repeat: null,
_destroyed: false,
[Symbol(refed)]: false,
[Symbol(kHasPrimitive)]: false,
[Symbol(asyncId)]: 7511,
[Symbol(triggerId)]: 7506,
[Symbol(kResourceStore)]: undefined,
[Symbol(kResourceStore)]: undefined
},
[Symbol(kBuffer)]: null,
[Symbol(kBufferCb)]: null,
[Symbol(kBufferGen)]: null,
[Symbol(shapeMode)]: true,
[Symbol(kCapture)]: false,
[Symbol(kSetNoDelay)]: true,
[Symbol(kSetKeepAlive)]: true,
[Symbol(kSetKeepAliveInitialDelay)]: 60,
[Symbol(kBytesRead)]: 0,
[Symbol(kBytesWritten)]: 0
},
_header: 'POST /social/login/github/ HTTP/1.1\r\n' +
'Accept: application/json, text/plain, */*\r\n' +
'Content-Type: application/json\r\n' +
'User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0\r\n' +
'X-forwarded-for: 192.168.65.1\r\n' +
'Content-Length: 59\r\n' +
'Accept-Encoding: gzip, compress, deflate, br\r\n' +
'Host: backend:8000\r\n' +
'Connection: keep-alive\r\n' +
'\r\n',
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: Agent {
_events: [Object: null prototype],
_eventsCount: 2,
_maxListeners: undefined,
defaultPort: 80,
protocol: 'http:',
options: [Object: null prototype],
requests: [Object: null prototype] {},
sockets: [Object: null prototype],
freeSockets: [Object: null prototype] {},
keepAliveMsecs: 1000,
keepAlive: true,
maxSockets: Infinity,
maxFreeSockets: 256,
scheduling: 'lifo',
maxTotalSockets: Infinity,
totalSocketCount: 1,
[Symbol(shapeMode)]: false,
[Symbol(kCapture)]: false
},
socketPath: undefined,
method: 'POST',
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: '/social/login/github/',
_ended: true,
res: IncomingMessage {
_events: [Object],
_readableState: [ReadableState],
_maxListeners: undefined,
socket: [Socket],
httpVersionMajor: 1,
httpVersionMinor: 1,
httpVersion: '1.1',
complete: true,
rawHeaders: [Array],
rawTrailers: [],
joinDuplicateHeaders: undefined,
aborted: false,
upgrade: false,
url: '',
method: null,
statusCode: 400,
statusMessage: 'Bad Request',
client: [Socket],
_consuming: false,
_dumped: false,
req: [Circular *1],
_eventsCount: 4,
responseUrl: 'http://backend:8000/social/login/github/',
redirects: [],
[Symbol(shapeMode)]: true,
[Symbol(kCapture)]: false,
[Symbol(kHeaders)]: [Object],
[Symbol(kHeadersCount)]: 22,
[Symbol(kTrailers)]: null,
[Symbol(kTrailersCount)]: 0
},
aborted: false,
timeoutCb: [Function: emitRequestTimeout],
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
host: 'backend',
protocol: 'http:',
_redirectable: Writable {
_events: [Object],
_writableState: [WritableState],
_maxListeners: undefined,
_options: [Object],
_ended: true,
_ending: true,
_redirectCount: 0,
_redirects: [],
_requestBodyLength: 59,
_requestBodyBuffers: [],
_eventsCount: 3,
_onNativeResponse: [Function (anonymous)],
_currentRequest: [Circular *1],
_currentUrl: 'http://backend:8000/social/login/github/',
[Symbol(shapeMode)]: true,
[Symbol(kCapture)]: false
},
[Symbol(shapeMode)]: false,
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype] {
accept: [Array],
'content-type': [Array],
'user-agent': [Array],
'x-forwarded-for': [Array],
'content-length': [Array],
'accept-encoding': [Array],
host: [Array]
},
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null
},
response: {
status: 400,
statusText: 'Bad Request',
headers: Object [AxiosHeaders] {
server: 'gunicorn',
date: 'Wed, 18 Sep 2024 13:56:11 GMT',
connection: 'close',
'content-type': 'text/html; charset=utf-8',
vary: 'Accept, Origin',
allow: 'POST, OPTIONS',
'x-frame-options': 'DENY',
'content-length': '0',
'x-content-type-options': 'nosniff',
'referrer-policy': 'same-origin',
'cross-origin-opener-policy': 'same-origin'
},
config: {
transitional: [Object],
adapter: [Array],
transformRequest: [Array],
transformResponse: [Array],
timeout: 0,
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: -1,
maxBodyLength: -1,
env: [Object],
validateStatus: [Function: validateStatus],
headers: [Object [AxiosHeaders]],
withCredentials: true,
method: 'post',
url: 'http://backend:8000/social/login/github/',
data: '{"access_token":"ghu_KSWnVi36YoOWWn10HgTfTVRJ6L0MYO0iGE9I"}'
},
request: <ref *1> ClientRequest {
_events: [Object: null prototype],
_eventsCount: 7,
_maxListeners: undefined,
outputData: [],
outputSize: 0,
writable: true,
destroyed: false,
_last: false,
chunkedEncoding: false,
shouldKeepAlive: false,
maxRequestsOnConnectionReached: false,
_defaultKeepAlive: true,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
strictContentLength: false,
_contentLength: '59',
_hasBody: true,
_trailer: '',
finished: true,
_headerSent: true,
_closed: false,
socket: [Socket],
_header: 'POST /social/login/github/ HTTP/1.1\r\n' +
'Accept: application/json, text/plain, */*\r\n' +
'Content-Type: application/json\r\n' +
'User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0\r\n' +
'X-forwarded-for: 192.168.65.1\r\n' +
'Content-Length: 59\r\n' +
'Accept-Encoding: gzip, compress, deflate, br\r\n' +
'Host: backend:8000\r\n' +
'Connection: keep-alive\r\n' +
'\r\n',
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: [Agent],
socketPath: undefined,
method: 'POST',
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: '/social/login/github/',
_ended: true,
res: [IncomingMessage],
aborted: false,
timeoutCb: [Function: emitRequestTimeout],
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
host: 'backend',
protocol: 'http:',
_redirectable: [Writable],
[Symbol(shapeMode)]: false,
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype],
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null
},
data: ''
}
}
nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/09/18 13:54:55 [notice] 1#1: using the "epoll" event method
2024/09/18 13:54:55 [notice] 1#1: nginx/1.27.1
2024/09/18 13:54:55 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2024/09/18 13:54:55 [notice] 1#1: OS: Linux 6.5.11-linuxkit
2024/09/18 13:54:55 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/09/18 13:54:55 [notice] 1#1: start worker processes
2024/09/18 13:54:55 [notice] 1#1: start worker process 21
2024/09/18 13:54:55 [notice] 1#1: start worker process 22
2024/09/18 13:54:55 [notice] 1#1: start worker process 23
2024/09/18 13:54:55 [notice] 1#1: start worker process 24
2024/09/18 13:54:55 [notice] 1#1: start worker process 25
2024/09/18 13:54:55 [notice] 1#1: start worker process 26
2024/09/18 13:54:55 [notice] 1#1: start worker process 27
2024/09/18 13:54:55 [notice] 1#1: start worker process 28
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET / HTTP/1.1" 307 43 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /api/auth/signin?callbackUrl=%2F HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /login?callbackUrl=https%3A%2F%2Flocalhost%2F HTTP/1.1" 200 3709 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/media/86fdec36ddd9097e-s.p.woff2 HTTP/1.1" 200 39888 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/webpack-c531545a80d3e80c.js HTTP/1.1" 200 1977 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1" 200 48556 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/css/682166ef3a4c391c.css HTTP/1.1" 200 14759 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/css/da05db31bb148efb.css HTTP/1.1" 200 257 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/main-app-55bbd77d79f9187f.js HTTP/1.1" 200 475 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/7023-ec7e08004c95722b.js HTTP/1.1" 200 31730 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/fd9d1056-2cbb1be792c527e1.js HTTP/1.1" 200 53758 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/5853-94dd4a10a18e5fb5.js HTTP/1.1" 200 7340 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/968-ded74ca557f5b7df.js HTTP/1.1" 200 10311 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/9109-e7b336516b46b748.js HTTP/1.1" 200 7186 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/5956-c301210d1a8c0ebc.js HTTP/1.1" 200 6179 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/2477-96a169ec540fd70b.js HTTP/1.1" 200 45540 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/2530-b8f1f23b4c44c05e.js HTTP/1.1" 200 4130 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/app/layout-d0373a9717701ec0.js HTTP/1.1" 200 3381 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/app/error-e311ab13f79b2eca.js HTTP/1.1" 200 2347 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/8e1d74a4-c15d211a4a0c6383.js HTTP/1.1" 200 14159 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/6655-eb4fbbd4b93a818f.js HTTP/1.1" 200 55812 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /_next/static/chunks/app/login/page-4bd093c9b67a3a7f.js HTTP/1.1" 200 6163 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /favicon.svg HTTP/1.1" 200 995 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:55:16 +0000] "GET /api/auth/session HTTP/1.1" 200 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:07 +0000] "GET /api/auth/providers HTTP/1.1" 200 171 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:07 +0000] "GET /api/auth/csrf HTTP/1.1" 200 80 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:07 +0000] "POST /api/auth/signin/github HTTP/1.1" 200 253 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /api/auth/callback/github?code=636a06b3d83b97d38890&state=qM2ryBccnSvhpuPQi8eZVUIdECV6ynPAcVJbD-Ef_xI HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /api/auth/error?error=Callback HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /api/auth/signin?error=Callback HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /login?callbackUrl=https%3A%2F%2Flocalhost%2F&error=Callback HTTP/1.1" 200 3709 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/media/86fdec36ddd9097e-s.p.woff2 HTTP/1.1" 200 39888 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/webpack-c531545a80d3e80c.js HTTP/1.1" 200 1977 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/media/a34f9d1faa5f3315-s.p.woff2 HTTP/1.1" 200 48556 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/main-app-55bbd77d79f9187f.js HTTP/1.1" 200 475 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/968-ded74ca557f5b7df.js HTTP/1.1" 200 10311 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/7023-ec7e08004c95722b.js HTTP/1.1" 200 31730 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/9109-e7b336516b46b748.js HTTP/1.1" 200 7186 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/5853-94dd4a10a18e5fb5.js HTTP/1.1" 200 7340 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/css/da05db31bb148efb.css HTTP/1.1" 200 257 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/css/682166ef3a4c391c.css HTTP/1.1" 200 14759 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/2477-96a169ec540fd70b.js HTTP/1.1" 200 45540 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/5956-c301210d1a8c0ebc.js HTTP/1.1" 200 6179 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/fd9d1056-2cbb1be792c527e1.js HTTP/1.1" 200 53758 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/app/layout-d0373a9717701ec0.js HTTP/1.1" 200 3381 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/2530-b8f1f23b4c44c05e.js HTTP/1.1" 200 4130 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/app/error-e311ab13f79b2eca.js HTTP/1.1" 200 2347 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/6655-eb4fbbd4b93a818f.js HTTP/1.1" 200 55812 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/app/login/page-4bd093c9b67a3a7f.js HTTP/1.1" 200 6163 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /_next/static/chunks/8e1d74a4-c15d211a4a0c6383.js HTTP/1.1" 200 14159 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /favicon.svg HTTP/1.1" 200 995 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
192.168.65.1 - - [18/Sep/2024:13:56:11 +0000] "GET /api/auth/session HTTP/1.1" 200 2 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0" "-"
Worker
2024-09-18 13:54:56,080 INFO [rq.worker:569] worker 1 281473537412352 Worker rq:worker:187deeeee74247fb9458de0bb93505b4 started with PID 1, version 1.15.1
2024-09-18 13:54:56,080 INFO [rq.worker:613] worker 1 281473537412352 Subscribing to channel rq:pubsub:187deeeee74247fb9458de0bb93505b4
2024-09-18 13:54:56,081 INFO [rq.worker:573] worker 1 281473537412352 *** Listening on default...
2024-09-18 13:54:56,082 INFO [rq.worker:315] worker 1 281473537412352 Cleaning registries for queue: default
Postgres
PostgreSQL Database directory appears to contain a database; Skipping initialization
2024-09-18 13:54:54.925 UTC [1] LOG: starting PostgreSQL 15.4 on aarch64-unknown-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r4) 12.2.1 20220924, 64-bit
2024-09-18 13:54:54.925 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
2024-09-18 13:54:54.925 UTC [1] LOG: listening on IPv6 address "::", port 5432
2024-09-18 13:54:54.927 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-09-18 13:54:54.930 UTC [24] LOG: database system was shut down at 2024-09-18 13:54:42 UTC
2024-09-18 13:54:54.934 UTC [1] LOG: database system is ready to accept connections
Redis
This log appears in loop many times
1:M 18 Sep 2024 13:41:47.021 * 1 changes in 3600 seconds. Saving...
1:M 18 Sep 2024 13:41:47.027 * Background saving started by pid 106
106:C 18 Sep 2024 13:41:47.038 * DB saved on disk
106:C 18 Sep 2024 13:41:47.039 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
1:M 18 Sep 2024 13:41:47.128 * Background saving terminated with success
DEBUG=true did not give any additional information
https://docs.phase.dev/self-hosting/configuration/envars#git-lab-sso is inconsistent: It tells to set the callback url to
/api/auth/callback/gitlab/ and /api/auth/callback/gitlab
which one is correct? For me:
with trailing slash: Login process stuck at Gitlab site:
without trailing slash
phase-frontend | [next-auth][error][OAUTH_CALLBACK_ERROR]
phase-frontend | https://next-auth.js.org/errors#oauth_callback_error invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.) {
phase-frontend | error: OPError: invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.)
phase-frontend | at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
phase-frontend | at Client.grant (/app/node_modules/openid-client/lib/client.js:1327:22)
phase-frontend | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
phase-frontend | at async Client.oauthCallback (/app/node_modules/openid-client/lib/client.js:603:24)
phase-frontend | at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:111:16)
phase-frontend | at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
phase-frontend | at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
phase-frontend | at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
phase-frontend | at async K (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16853)
phase-frontend | at async U.render (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:17492) {
phase-frontend | name: 'OAuthCallbackError',
phase-frontend | code: undefined
phase-frontend | },
phase-frontend | providerId: 'gitlab',
phase-frontend | message: 'invalid_client (Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.)'
There is no /service/health/ route in backend:
I know, nginx strips /service/ via rewrite before proxy_pass to backend.
also, I added localhost to ALLOWED_HOSTS via compose.yml
so, within backend container
~/phase > docker compose exec -it backend sh
/app $ curl -i localhost:8000/health/
HTTP/1.1 404 Not Found
Server: gunicorn
Date: Tue, 24 Sep 2024 15:29:37 GMT
Connection: close
Content-Type: text/html; charset=utf-8
X-Frame-Options: DENY
Content-Length: 179
Vary: Origin
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
<!doctype html>
<html lang="en">
<head>
<title>Not Found</title>
</head>
<body>
<h1>Not Found</h1><p>The requested resource was not found on this server.</p>
</body>
</html>
phase-backend | 2024-09-24 15:28:24,878 WARNING [django.request:241] log 8 139626853657352 Not Found: /health/
from outside:
~ > curl -i https://pass.myacme.corp/service/health/
HTTP/2 404
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Tue, 24 Sep 2024 15:28:47 GMT
referrer-policy: same-origin
server: nginx/1.27.0
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY
content-length: 179
<!doctype html>
<html lang="en">
<head>
<title>Not Found</title>
</head>
<body>
<h1>Not Found</h1><p>The requested resource was not found on this server.</p>
</body>
</html>
I also tried setting Gitlab Application to Confidential YES and NO. What is correct? Please also mention this in the docs
Trusted is YES
(after every change I run docker compose down -v & up -d )
my full .env
~/phase > cat .env | grep -v ^$ | grep -v ^#
HOST=pass.myacme.corp
HTTP_PROTOCOL=https://
NEXTAUTH_SECRET=f6974065ba1a5885432945b2d36b22bb642a4b43a3a0448c9b1e4c3d2a7608a8
SECRET_KEY=3cc9ff78f90bddc2329572a97f920ae05882b8df7e02a9269dcbd172fe0fb359
SERVER_SECRET=2ccaad78d3a784a4edcb04302e2f96dd23a1e2ed300dfb9df96601772018df40
SSO_PROVIDERS=gitlab
GITLAB_CLIENT_ID=e8d0df22dbe15208ccbe4cd978ab3a5cfb4317e4bece485aevec2fsb1bd718ea
GITLAB_CLIENT_SECRET=gloas-2ff8a719c54be2cd98066fc01516f6eb9cb065a0d86c13b6336c43fd06796e1
GITLAB_AUTH_URL=https://gitlab.myacme.corp
DATABASE_HOST=postgres # don't change this
DATABASE_PORT=5432
DATABASE_NAME=postgres-db-name
DATABASE_USER=postgres-user
DATABASE_PASSWORD=ed607856f9bcc3eb852385cf078abc8ce90c5f407d14b2af84e92a2a891a97de
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
NEXT_TELEMETRY_DISABLED=1
DEBUG=true
p.s. I am using self-hosted Community Edition of Gitlab.
@sgohl For verbose logs, try DEBUG=True (not DEBUG=true)
https://docs.phase.dev/self-hosting/configuration/envars#git-lab-sso is inconsistent: It tells to set the callback url to /api/auth/callback/gitlab/ and /api/auth/callback/gitlab
Apologies for the inconsistency in the docs. The correct URI is without a trailing slash. I'm making this fix in the docs as well: https://github.com/phasehq/docs/pull/95
There is no /service/health/ route in backend:
I know, nginx strips /service/ via rewrite before proxy_pass to backend. also, I added localhost to ALLOWED_HOSTS via compose.yml
What version of the Console are running? Could you try updating to the latest release, as we added this health endpoint quite recently
I also tried setting Gitlab Application to Confidential YES and NO. What is correct? Please also mention this in the docs
Trusted is YES
These settings should not have any effect on the SSO setup or the ability to login, which is why we left it out of the docs.
I'll try and set up a GitLab instance locally to replicate your setup and see if I can figure out what is wrong, but most of this time this is due to the frontend container not being able to communicate with the backend.
@Apkahym Thanks for providing detailed logs and configs. I have managed to replicate your setup locally, but unfortunately not your error. I was able to log in with GitHub SSO just fine. I even tried setting up Phase on a fresh EC2 instance, but couldn't replicate the issue.
The only couple of differences I see that you have made are:
-
Your
NEXT_PUBLIC_BACKEND_API_BASEin yourdocker-compose.yamlends with a trailing slash:NEXT_PUBLIC_BACKEND_API_BASE: "${HTTP_PROTOCOL}${HOST}/service/". This doesn't seem to be breaking anything: -
You have not enabled http2 in your nginx config:
server {
listen 80;
listen 443 ssl; # http2 here
...
}
This, however, shouldn't cause any issues.
I would suggest you give it another go, perhaps with another SSO provider.
If you would like, I'm happy to get on a call and debug this with you. You can ping me on Slack: https://slack.phase.dev
This issue is also happening to me.
Config is:
- self host gitlab
Couple more things to add:
- behind a reverse proxy
Has there been any updates or headway since Sept 2024?
Thanks!
@atwskris Hey, we were having a hard time replicating this.
Could you please provide logs from the frontend and the backend contains with DEBUG=True flag while attempting login.
Also, could you provide more details about the type of reverse proxy you are using? (Traefik, Cloudflare) I am assuming you still have nginx with the phase config running behind your reverse proxy. What is your GitLab version?
Morning @nimish-ks, thanks for getting back to me.
- Latest version of GitLab
- OPNSense FW with NGINX Reverse Proxy
- The reverse proxy is connecting on SSL with the self-signed certificate
- If easier we can arrange a remote session.
- I'll post the debug results shortly.
Thanks!
Frontend:
▲ Next.js 14.2.3
- Local: http://[::1]:3000
- Network: http://[::]:3000
✓ Starting...
✓ Ready in 238ms
[next-auth][error][OAUTH_CALLBACK_HANDLER_ERROR]
https://next-auth.js.org/errors#oauth_callback_handler_error undefined Error: 500:
Backend:
Checking migration configuration...
EXTERNAL_MIGRATION flag is set to true. Skipping migrations as they will be handled externally.
Starting gunicorn server...
[2025-02-11 18:49:40 +0000] [1] [INFO] Starting gunicorn 22.0.0
[2025-02-11 18:49:40 +0000] [1] [INFO] Listening at: http://[::]:8000 (1)
[2025-02-11 18:49:40 +0000] [1] [INFO] Using worker: sync
[2025-02-11 18:49:40 +0000] [7] [INFO] Booting worker with pid: 7
[2025-02-11 18:49:41 +0000] [8] [INFO] Booting worker with pid: 8
[2025-02-11 18:49:41 +0000] [9] [INFO] Booting worker with pid: 9
2025-02-11 18:50:32,412 ERROR [django.request:241] log 8 136130643098376 Internal Server Error: /social/login/gitlab/
Traceback (most recent call last):
File "/env/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 56, in wrapper_view
return view_func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view
return self.dispatch(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/django/utils/decorators.py", line 46, in _wrapper
return bound_method(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/django/views/decorators/debug.py", line 92, in sensitive_post_parameters_wrapper
return view(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/dj_rest_auth/views.py", line 48, in dispatch
return super().dispatch(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 509, in dispatch
response = self.handle_exception(exc)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 469, in handle_exception
self.raise_uncaught_exception(exc)
File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
raise exc
File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/dj_rest_auth/views.py", line 125, in post
self.serializer.is_valid(raise_exception=True)
File "/env/lib/python3.12/site-packages/rest_framework/serializers.py", line 227, in is_valid
self._validated_data = self.run_validation(self.initial_data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/rest_framework/serializers.py", line 429, in run_validation
value = self.validate(value)
^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/dj_rest_auth/registration/serializers.py", line 153, in validate
login = self.get_social_login(adapter, app, social_token, token)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/env/lib/python3.12/site-packages/dj_rest_auth/registration/serializers.py", line 60, in get_social_login
social_login = adapter.complete_login(request, app, token, response=response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/api/views/auth.py", line 202, in complete_login
data = _check_errors(response)
^^^^^^^^^^^^^^^^^^^^^^^
File "/app/api/views/auth.py", line 84, in _check_errors
raise OAuth2Error("Invalid data from GitLab API: %r" % (msg))
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Invalid data from GitLab API: b'You got banned permanently from this server.'
The Ban from GitLab is new and odd since it is a brand new set of keys/secrets. Additionally, I have also rotated the secrets and produced new applications etc... etc...
Frontend:
▲ Next.js 14.2.3 - Local: http://[::1]:3000 - Network: http://[::]:3000 ✓ Starting... ✓ Ready in 238ms [next-auth][error][OAUTH_CALLBACK_HANDLER_ERROR] https://next-auth.js.org/errors#oauth_callback_handler_error undefined Error: 500:Backend:
Checking migration configuration... EXTERNAL_MIGRATION flag is set to true. Skipping migrations as they will be handled externally. Starting gunicorn server... [2025-02-11 18:49:40 +0000] [1] [INFO] Starting gunicorn 22.0.0 [2025-02-11 18:49:40 +0000] [1] [INFO] Listening at: http://[::]:8000 (1) [2025-02-11 18:49:40 +0000] [1] [INFO] Using worker: sync [2025-02-11 18:49:40 +0000] [7] [INFO] Booting worker with pid: 7 [2025-02-11 18:49:41 +0000] [8] [INFO] Booting worker with pid: 8 [2025-02-11 18:49:41 +0000] [9] [INFO] Booting worker with pid: 9 2025-02-11 18:50:32,412 ERROR [django.request:241] log 8 136130643098376 Internal Server Error: /social/login/gitlab/ Traceback (most recent call last): File "/env/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) ^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 56, in wrapper_view return view_func(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view return self.dispatch(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/django/utils/decorators.py", line 46, in _wrapper return bound_method(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/django/views/decorators/debug.py", line 92, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/dj_rest_auth/views.py", line 48, in dispatch return super().dispatch(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 509, in dispatch response = self.handle_exception(exc) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 469, in handle_exception self.raise_uncaught_exception(exc) File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception raise exc File "/env/lib/python3.12/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/dj_rest_auth/views.py", line 125, in post self.serializer.is_valid(raise_exception=True) File "/env/lib/python3.12/site-packages/rest_framework/serializers.py", line 227, in is_valid self._validated_data = self.run_validation(self.initial_data) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/rest_framework/serializers.py", line 429, in run_validation value = self.validate(value) ^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/dj_rest_auth/registration/serializers.py", line 153, in validate login = self.get_social_login(adapter, app, social_token, token) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/env/lib/python3.12/site-packages/dj_rest_auth/registration/serializers.py", line 60, in get_social_login social_login = adapter.complete_login(request, app, token, response=response) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/app/api/views/auth.py", line 202, in complete_login data = _check_errors(response) ^^^^^^^^^^^^^^^^^^^^^^^ File "/app/api/views/auth.py", line 84, in _check_errors raise OAuth2Error("Invalid data from GitLab API: %r" % (msg)) allauth.socialaccount.providers.oauth2.client.OAuth2Error: Invalid data from GitLab API: b'You got banned permanently from this server.'The Ban from GitLab is new and odd since it is a brand new set of keys/secrets. Additionally, I have also rotated the secrets and produced new applications etc... etc...
This is very strange. This looks like an issue with your GitLab instance. The good news here is that Phase is able to talk to your instance during OAuth authentication to verify the session.
I tried to extensively research the 'You got banned permanently from this server.' error. I have seen threads with mentions of how it be part of some GitLab.com anti spam measure, but it's puzzling why this is happening on a self-hosted instance.
File "/app/api/views/auth.py", line 84, in _check_errors raise OAuth2Error("Invalid data from GitLab API: %r" % (msg)) allauth.socialaccount.providers.oauth2.client.OAuth2Error: Invalid data from GitLab API: b'You got banned permanently from this server.'
The Ban from GitLab is new and odd since it is a brand new set of keys/secrets. Additionally, I have also rotated the secrets and produced new applications etc... etc...
This turned out to be the opnsense nginx reverse proxy banning phase because ... it uses the python-requests library to talk to gitlab. I removed that from the nginx config and then it started throwing an "upstream sent too big header" error, one step later in the SAML handshake. I fixed that by adding:
proxy_buffer_size 64k;
proxy_buffers 4 128k;
To the location in the nginx.conf. I'm not sure if that affects anyone else with this error, but if you're running phase behind an nginx reverse proxy (and talking to gitlab, also behind that proxy) it might be useful info.
Great to hear you managed to fix this @pcoueffin! Thanks a lot for sharing notes about your solution too!
After multiple tries fiddling around I finally managed to get it working, but unfortunately I don't know what made it happen now. Sad, I would have liked to post a resolution here, but guessing, it must have been something related to gitlab oauth setup and NEXTAUTH url
Closing hence problem solved
After multiple tries fiddling around I finally managed to get it working, but unfortunately I don't know what made it happen now. Sad, I would have liked to post a resolution here, but guessing, it must have been something related to gitlab oauth setup and NEXTAUTH url
Closing hence problem solved
Great to hear it. We appreciate you putting effort into fixing this!
We need to make self-hosting a lot simpler.