wger
wger copied to clipboard
wger-project
Forbidden: /api/v2/* with the APP
Steps to Reproduce
Set up a Linux System
#uname -a
Linux wger 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64 GNU/Linux
Install the Server like documented here: https://wger.readthedocs.io/en/latest/production.html
Add Letsencrypt and RemoteIPProxyProtocol On to /etc/apache2/sites-available/wger-ssl.conf
<Directory /home/wger/src>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
<VirtualHost *:443>
WSGIDaemonProcess wger python-path=/home/wger/src python-home=/home/wger/venv
WSGIProcessGroup wger
WSGIScriptAlias / /home/wger/src/wger/wsgi.py
Alias /static/ /home/wger/static/
<Directory /home/wger/static>
Require all granted
</Directory>
Alias /media/ /home/wger/media/
<Directory /home/wger/media>
Require all granted
</Directory>
RemoteIPProxyProtocol On
ErrorLog ${APACHE_LOG_DIR}/wger-error.log
CustomLog ${APACHE_LOG_DIR}/wger-access.log combined
SSLEngine on
SSLCertificateChainFile /etc/letsencrypt/live/url.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/url.de/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/url.de/cert.pem
</VirtualHost>
HAProxy from the Router routes port 80 and 443 to the local Server. My settings.py:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# wger
from wger.settings_global import *
# Use 'DEBUG = True' to get more details for server errors
DEBUG = True
# List of administrations
ADMINS = (('aa', '[email protected]'), )
MANAGERS = ADMINS
# SERVER_EMAIL = '[email protected]'
# The email address that error messages (and only error messages, such as
# internal server errors) come from, such as those sent to ADMINS and MANAGERS.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': '/home/wger/db/database.sqlite',
'USER': '',
'PASSWORD': '',
'HOST': '',
'PORT': '',
}
} # yapf: disable
# Timezone for this installation. Consult settings_global.py for more information
TIME_ZONE = 'Europe/Berlin'
# Make this unique, and don't share it with anybody.
SECRET_KEY = 'xxx'
# Your reCaptcha keys
RECAPTCHA_PUBLIC_KEY = ''
RECAPTCHA_PRIVATE_KEY = ''
NOCAPTCHA = True
# The site's URL (e.g. http://www.my-local-gym.com or http://localhost:8000)
# This is needed for uploaded files and images (exercise images, etc.) to be
# properly served.
SITE_URL = 'https://url.de'
# Path to uploaded files
# Absolute filesystem path to the directory that will hold user-uploaded files.
MEDIA_ROOT = '/home/wger/media'
MEDIA_URL = '/media/'
# Staische Route
STATIC_ROOT = '/home/wger/static'
STATIC_URL = '/static/'
# Allow all hosts to access the application. Change if used in production.
ALLOWED_HOSTS = '*'
# This might be a good idea if you setup redis
#SESSION_ENGINE = "django.contrib.sessions.backends.cache"
# Configure a real backend in production
# See: https://docs.djangoproject.com/en/dev/topics/email/#email-backends
#if DEBUG:
# EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Sender address used for sent emails
WGER_SETTINGS['EMAIL_FROM'] = 'wger Workout Manager <[email protected]>'
DEFAULT_FROM_EMAIL = WGER_SETTINGS['EMAIL_FROM']
# Your twitter handle, if you have one for this instance.
#WGER_SETTINGS['TWITTER'] = ''
# Email
Email_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
ENABLE_EMAIL = True
EMAIL_HOST = 'url'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'user'
EMAIL_HOST_PASSWORD = 'xxx'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = False
DEFAULT_FROM_EMAIL = 'wger Workout Manager <[email protected]>'
Everything works fine except:
If DEBUG = False then the Frontpage shows:
Ein Fehler ist passiert
Etwas hat einen Fehler verursacht.
- If you uncomment
#if DEBUG:
# EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
then no email was send (but it shows a If you're reading this, it was successful. anyway if you test it with a python manage.py sendtestemail [email protected]
But in any case you cant use the APP (F-Droid nor Playstore). You can log in but you receive no data or can send any data. wger-error.log :
[Mon Jan 03 17:43:31.334900 2022] [wsgi:error] [pid 462:tid 139935950305024] [remote x.x.x.x:46920] Forbidden: /api/v2/workout/
[Mon Jan 03 17:43:31.470620 2022] [wsgi:error] [pid 462:tid 139935967090432] [remote x.x.x.x:46928] Forbidden: /api/v2/nutritionplan/
[Mon Jan 03 17:43:31.570707 2022] [wsgi:error] [pid 462:tid 139935992268544] [remote x.x.x.x:46924] Forbidden: /api/v2/measurement-category/
[Mon Jan 03 17:43:31.679204 2022] [wsgi:error] [pid 462:tid 139935941912320] [remote x.x.x.x:46922] Forbidden: /api/v2/gallery/
[Mon Jan 03 17:43:31.837308 2022] [wsgi:error] [pid 462:tid 139935958697728] [remote x.x.x.x:46926] Forbidden: /api/v2/weightentry/
[Mon Jan 03 17:43:31.995692 2022] [wsgi:error] [pid 462:tid 139935983875840] [remote x.x.x.x:46920] Forbidden: /api/v2/workoutsession/
Just found something! https://stackoverflow.com/questions/26906630/django-rest-framework-authentication-credentials-were-not-provided
You need to set WSGIPassAuthorization On in the apache config, I have updated the docs already.
Thanks a lot. But sadly that didn't fixed the issue for me. I changed my wger-ssl.conf like the hint and in my /etc/apache2/apache2.conf I added the line.
damn! Somebody else had the same problem and that was the setting that was missing. Did you add it within the <VirtualHost *:443> directive?
and I was so hopeful we could solve this. But if that wasn't the issue, how many different things can cause this? 😖
😞
I mean, this bug really sounds like somewhere some headers or something get missing so the webserver seems like a prime candidate. If I find something else to try I'll post it here