Related
I have looked through past answers since this is a common question but no solution seems to work for me.
I have a Springboot Java app and a postgresql database, each in their own container. Both containers run on a remote headless server on a local network. My remote server's physical IP address is 192.168.1.200. When I enter: 'http://192.168.1.200:8080' in my browser from another machine I get a 'unable to connect' response.
Here is my Docker-compose file:
version: "3.3"
services:
db:
image: postgres
environment:
POSTGRES_PASSWORD: aaa
volumes:
- /var/lib/postgresql/data
ports:
- "5432:5432"
networks:
- nat
web:
image: email-viewer
ports:
- "192.168.1.200:8080:80"
depends_on:
- db
networks:
- nat
networks:
nat:
external:
name: nat
Here is the output when I run docker-compose up:
Recreating email-viewer_db_1 ... done
Recreating email-viewer_web_1 ... done
Attaching to email-viewer_db_1, email-viewer_web_1
db_1 |
db_1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
db_1 |
db_1 | 2022-05-06 16:13:24.300 UTC [1] LOG: starting PostgreSQL 14.2 (Debian 14.2-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
db_1 | 2022-05-06 16:13:24.300 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
db_1 | 2022-05-06 16:13:24.300 UTC [1] LOG: listening on IPv6 address "::", port 5432
db_1 | 2022-05-06 16:13:24.305 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1 | 2022-05-06 16:13:24.311 UTC [27] LOG: database system was shut down at 2022-05-06 13:54:07 UTC
db_1 | 2022-05-06 16:13:24.319 UTC [1] LOG: database system is ready to accept connections
web_1 |
web_1 | . ____ _ __ _ _
web_1 | /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
web_1 | ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
web_1 | \\/ ___)| |_)| | | | | || (_| | ) ) ) )
web_1 | ' |____| .__|_| |_|_| |_\__, | / / / /
web_1 | =========|_|==============|___/=/_/_/_/
web_1 | :: Spring Boot :: (v2.6.5)
web_1 |
web_1 | 2022-05-06 16:13:25.487 INFO 1 --- [ main] c.a.emailviewer.EmailViewerApplication : Starting EmailViewerApplication v0.0.1-SNAPSHOT using Java 17.0.2 on 1a13d69d117d with PID 1 (/app/email-viewer-0.0.1-SNAPSHOT.jar started by root in /app)
web_1 | 2022-05-06 16:13:25.490 INFO 1 --- [ main] c.a.emailviewer.EmailViewerApplication : No active profile set, falling back to 1 default profile: "default"
web_1 | 2022-05-06 16:13:26.137 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
web_1 | 2022-05-06 16:13:26.184 INFO 1 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 38 ms. Found 1 JPA repository interfaces.
web_1 | 2022-05-06 16:13:26.764 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
web_1 | 2022-05-06 16:13:26.774 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
web_1 | 2022-05-06 16:13:26.775 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.60]
web_1 | 2022-05-06 16:13:26.843 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
web_1 | 2022-05-06 16:13:26.843 INFO 1 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1297 ms
web_1 | 2022-05-06 16:13:27.031 INFO 1 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
web_1 | 2022-05-06 16:13:27.077 INFO 1 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.6.7.Final
web_1 | 2022-05-06 16:13:27.222 INFO 1 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
web_1 | 2022-05-06 16:13:27.313 INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
web_1 | 2022-05-06 16:13:27.506 INFO 1 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
web_1 | 2022-05-06 16:13:27.539 INFO 1 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL10Dialect
web_1 | 2022-05-06 16:13:28.034 INFO 1 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
web_1 | 2022-05-06 16:13:28.042 INFO 1 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
web_1 | 2022-05-06 16:13:28.330 WARN 1 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
web_1 | 2022-05-06 16:13:28.663 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
web_1 | 2022-05-06 16:13:28.672 INFO 1 --- [ main] c.a.emailviewer.EmailViewerApplication : Started EmailViewerApplication in 3.615 seconds (JVM running for 4.024)
It turns out that the embedded tomcat server in spring boot uses port 8080 by default and would require 192.168.1.200:8080:8080 instead of 192.168.1.200:8080:80
I am using fabric-dev-servers and docker-compose to create a network and install a business card, but when I do ./startFabric.sh I get the following error at the end of starting the network.
2020-05-18 07:29:59.593 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2020-05-18 07:29:59.595 UTC [grpc] Printf -> DEBU 003 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 172.28.0.5:7051: getsockopt: connection refused"; Reconnecting to {peer0.org1.example.com:7051 <nil>}
2020-05-18 07:30:00.596 UTC [grpc] Printf -> DEBU 004 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 172.28.0.5:7051: getsockopt: connection refused"; Reconnecting to {peer0.org1.example.com:7051 <nil>}
2020-05-18 07:30:02.302 UTC [grpc] Printf -> DEBU 005 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 172.28.0.5:7051: getsockopt: connection refused"; Reconnecting to {peer0.org1.example.com:7051 <nil>}
Error: Error getting endorser client channel: endorser client failed to connect to peer0.org1.example.com:7051: failed to create new connection: context deadline exceeded
and when I do docker logs peer0.org1.example.com
I get the following log
2020-05-18 07:29:15.885 UTC [couchdb] handleRequest -> DEBU 023 HTTP Request: GET / HTTP/1.1 | Host: couchdb:5983 | User-Agent: Go-http-client/1.1 | Accept: multipart/related | Accept-Encoding: gzip | |
2020-05-18 07:29:15.886 UTC [couchdb] handleRequest -> WARN 024 Retrying couchdb request in 16s. Attempt:8 Error:Get http://couchdb:5983/: dial tcp 172.28.0.4:5983: getsockopt: connection refused
2020-05-18 07:29:31.887 UTC [couchdb] handleRequest -> DEBU 025 HTTP Request: GET / HTTP/1.1 | Host: couchdb:5983 | User-Agent: Go-http-client/1.1 | Accept: multipart/related | Accept-Encoding: gzip | |
2020-05-18 07:29:31.888 UTC [couchdb] handleRequest -> WARN 026 Retrying couchdb request in 32s. Attempt:9 Error:Get http://couchdb:5983/: dial tcp 172.28.0.4:5983: getsockopt: connection refused
2020-05-18 07:30:03.889 UTC [couchdb] handleRequest -> DEBU 027 HTTP Request: GET / HTTP/1.1 | Host: couchdb:5983 | User-Agent: Go-http-client/1.1 | Accept: multipart/related | Accept-Encoding: gzip | |
2020-05-18 07:30:03.890 UTC [couchdb] handleRequest -> WARN 028 Retrying couchdb request in 1m4s. Attempt:10 Error:Get http://couchdb:5983/: dial tcp 172.28.0.4:5983: getsockopt: connection refused
2020-05-18 07:31:07.891 UTC [couchdb] handleRequest -> DEBU 029 HTTP Request: GET / HTTP/1.1 | Host: couchdb:5983 | User-Agent: Go-http-client/1.1 | Accept: multipart/related | Accept-Encoding: gzip | |
2020-05-18 07:31:07.893 UTC [couchdb] handleRequest -> WARN 02a Retrying couchdb request in 2m8s. Attempt:11 Error:Get http://couchdb:5983/: dial tcp 172.28.0.4:5983: getsockopt: connection refused
this is the docker-compose.yml of hlfv11
version: '2'
services:
ca.org1.example.com:
image: hyperledger/fabric-ca:$ARCH-1.1.0
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/19ab65abbb04807dad12e4c0a9aaa6649e70868e3abd0217a322d89e47e1a6ae_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:$ARCH-1.1.0
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/composer-genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
ports:
- 7050:7050
volumes:
- ./:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/etc/hyperledger/msp/orderer/msp
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer:$ARCH-1.1.0
dns_search: .
environment:
- CORE_LOGGING_LEVEL=debug
- GODEBUG=netdns=go
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_PEER=debug # addition
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=composer_default
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
# - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=hlfv11_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5983
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./:/etc/hyperledger/configtx
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/peer/msp
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
depends_on:
- orderer.example.com
- couchdb
#networks:
# - basic
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb:$ARCH-0.4.6
ports:
- 5983:5983
environment:
DB_URL: http://localhost:5983/member_db
I tried all the solutions possible, but still not working, please help.
you have not defined couchdb username and password in the peer service
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
I'm having issues setting up CORS configuration in a spring cloud gateway app. I've set the following config to allow everything from everything:
spring:
cloud:
gateway:
globalcors:
corsConfigurations:
'[/**]':
allowedOrigins: "*"
allowedMethods: "*"
allowedHeaders: "authorization"
Yet, when I'm calling an endpoint to the gateway I'm getting:
OPTIONS http://localhost:8080/api/spot/spots 403 (Forbidden)
localhost/:1 Access to XMLHttpRequest at 'http://localhost:8080/api/spot/spots' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
When I call one of the services by-passing the gateway via the UI, the requests are going through fine. However, I don't see any options requests being made.
And as soon as I point the UI to the gateway host, the error occurs.
Also in the Network tab, the request shows up as "failed", no other information. Nothing in any of the application logs either.
These are the response headers:
HTTP/1.1 200 OK
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Date: Tue, 10 Mar 2020 21:24:11 GMT
When restarting the Item service (responsible for this endpoint), I'm getting a 500:
timestamp: "2020-03-10T21:28:33.568+0000"
path: "/api/spot/spots"
status: 500
error: "Internal Server Error"
message: "Connection refused: localhost/127.0.0.1:49508"
requestId: "68570bc1"
Which points to the old random port, meaning the gateway can connect to it somehow.
Any ideas what I'm missing?
Thanks.
The app is open-source and available here.
The SpotController can be found here.
The spring-security configuration for that endpoint can be found here.
The gateway config can be found here.
Here are the logs of the api gateway app, when set on debug (full logs here):
2020-03-10 22:24:10.744 DEBUG 57262 --- [ionManagerTimer] h.i.c.PoolingHttpClientConnectionManager : Closing expired connections
2020-03-10 22:24:10.812 DEBUG 57262 --- [er-item-service] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer: PingTask executing [1] servers configured
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Increasing pending responses, now 1
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.http.server.HttpServer : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter#528c0cbe
2020-03-10 22:24:11.464 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [d4a47354] HTTP OPTIONS "/api/spot/spots"
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : Route matched: item-service
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : Mapping [Exchange: OPTIONS http://localhost:8080/api/spot/spots] to Route{id='item-service', uri=lb://item-service, order=0, predicate=Paths: [/api/spot/**], match trailing slash: true, gatewayFilters=[], metadata={}}
2020-03-10 22:24:11.466 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : [d4a47354] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler#14780192
2020-03-10 22:24:11.467 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [d4a47354] Completed 200 OK
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP response frame
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] No sendHeaders() called before complete, sending zero-length header
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Decreasing pending responses, now 0
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP packet was sent, terminating the channel
2020-03-10 22:24:11.468 DEBUG 57262 --- [ctor-http-nio-2] r.n.channel.ChannelOperationsHandler : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] No ChannelOperation attached. Dropping: EmptyLastHttpContent
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Increasing pending responses, now 1
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.http.server.HttpServer : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Handler is being applied: org.springframework.http.server.reactive.ReactorHttpHandlerAdapter#528c0cbe
2020-03-10 22:24:11.486 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [d4a47354] HTTP GET "/api/spot/spots"
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : Route matched: item-service
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : Mapping [Exchange: GET http://localhost:8080/api/spot/spots] to Route{id='item-service', uri=lb://item-service, order=0, predicate=Paths: [/api/spot/**], match trailing slash: true, gatewayFilters=[], metadata={}}
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.h.RoutePredicateHandlerMapping : [d4a47354] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler#14780192
2020-03-10 22:24:11.488 DEBUG 57262 --- [ctor-http-nio-2] o.s.c.g.handler.FilteringWebHandler : Sorted gatewayFilterFactories: [[GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RemoveCachedBodyFilter#22bf9122}, order = -2147483648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.AdaptCachedBodyGlobalFilter#69aa7d76}, order = -2147482648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter#3d88e6b9}, order = -1], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardPathFilter#9687f55}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.GatewayMetricsFilter#671d03bb}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter#208205ed}, order = 10000], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.LoadBalancerClientFilter#36068727}, order = 10100], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter#5700c9db}, order = 2147483646], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter#72543547}, order = 2147483647], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter#73afe2b7}, order = 2147483647]]
2020-03-10 22:24:11.489 DEBUG 57262 --- [ctor-http-nio-2] c.n.loadbalancer.ZoneAwareLoadBalancer : Zone aware logic disabled or there is only one zone
2020-03-10 22:24:11.490 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b] Created new pooled channel, now 1 active connections and 0 inactive connections
2020-03-10 22:24:11.491 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.BootstrapHandlers : [id: 0x687fa33b] Initialized pipeline DefaultChannelPipeline{(BootstrapHandlers$BootstrapInitializerHandler#0 = reactor.netty.channel.BootstrapHandlers$BootstrapInitializerHandler), (reactor.left.httpCodec = io.netty.handler.codec.http.HttpClientCodec), (reactor.right.reactiveBridge = reactor.netty.channel.ChannelOperationsHandler)}
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Channel connected, now 1 active connections and 0 inactive connections
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}, [connected])
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [configured])
2020-03-10 22:24:11.496 DEBUG 57262 --- [ctor-http-nio-2] r.netty.http.client.HttpClientConnect : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Handler is being applied: {uri=http://localhost:49508/api/spot/spots, method=GET}
2020-03-10 22:24:11.497 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.FluxReceive : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: true]
2020-03-10 22:24:11.497 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [request_sent])
2020-03-10 22:24:11.579 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.client.HttpClientOperations : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Received response (auto-read:false) : [Vary=Origin, Vary=Access-Control-Request-Method, Vary=Access-Control-Request-Headers, Access-Control-Allow-Origin=*, X-Content-Type-Options=nosniff, X-XSS-Protection=1; mode=block, Cache-Control=no-cache, no-store, max-age=0, must-revalidate, Pragma=no-cache, Expires=0, X-Frame-Options=DENY, Content-Type=application/json, Transfer-Encoding=chunked, Date=Tue, 10 Mar 2020 21:24:11 GMT]
2020-03-10 22:24:11.579 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [response_received])
2020-03-10 22:24:11.580 DEBUG 57262 --- [ctor-http-nio-2] reactor.netty.channel.FluxReceive : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Subscribing inbound receiver [pending: 0, cancelled:false, inboundDone: false]
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.client.HttpClientOperations : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Received last HTTP packet
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [d4a47354] Completed 200 OK
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP response frame
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Decreasing pending responses, now 0
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.http.server.HttpServerOperations : [id: 0xd4a47354, L:/0:0:0:0:0:0:0:1:8080 - R:/0:0:0:0:0:0:0:1:59021] Last HTTP packet was sent, terminating the channel
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] onStateChange(GET{uri=/api/spot/spots, connection=PooledConnection{channel=[id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508]}}, [disconnecting])
2020-03-10 22:24:11.581 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Releasing channel
2020-03-10 22:24:11.582 DEBUG 57262 --- [ctor-http-nio-2] r.n.resources.PooledConnectionProvider : [id: 0x687fa33b, L:/127.0.0.1:61299 - R:localhost/127.0.0.1:49508] Channel cleaned, now 0 active connections and 1 inactive connections
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer : List of Servers for item-service obtained from Discovery client: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.ZoneAffinityServerListFilter : Determining if zone affinity should be enabled with given server list: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.ZoneAffinityServerListFilter : zoneAffinity is overriden. blackOutServerPercentage: 0.0, activeReqeustsPerServer: 0.0, availableServers: 1
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer : Filtered List of Servers for item-service obtained from Discovery client: [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer [item-service]: clearing server list (SET op)
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer [item-service]: addServer [localhost:49508]
2020-03-10 22:24:11.831 DEBUG 57262 --- [erListUpdater-1] c.n.l.DynamicServerListLoadBalancer : Setting server list for zones: {defaultzone=[localhost:49508]}
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer [item-service_defaultzone]: clearing server list (SET op)
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer [item-service_defaultzone]: addServer [localhost:49508]
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer [item-service]: forceQuickPing invoking
2020-03-10 22:24:11.832 DEBUG 57262 --- [erListUpdater-1] c.netflix.loadbalancer.BaseLoadBalancer : LoadBalancer: PingTask executing [1] servers configured
Did you tried to change the allowedHeaders: "authorization" to allowedHeaders: "*". I had the same issue and was fixed just changing the allowHeaders to the wildcard since I was receiving from the client as header x-requested-with, authorization.
Configuration looks good but it may possible that it is not taking effect. This might happen when both application.properties and application.yml are there under resources, i had same issue.
Keeping only one worked for me. My application.properties file have following cors setting.
spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping=true
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedOrigins=*
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedHeaders=*
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods=*
I'm setting up a internal server for JIRA, Jenkins etc. For simplification i use an Reverse Proxy and docker-compose.
My docker-compose.yml has following configuration:
version: '3.7'
services:
proxy:
container_name: proxy
image: nginx:alpine
init: true
restart: unless-stopped
ports:
- 80:80
- 443:443
networks:
proxynet:
ipv4_address: 172.20.0.2
depends_on:
- jenkins
- nexus
volumes:
- ./reverse-proxy/data/app.conf:/etc/nginx/conf.d
- ./reverse-proxy/logs:/var/logs/nginx/
...
jira:
container_name: jira
image: cptactionhank/atlassian-jira:latest
init: true
restart: unless-stopped
networks:
proxynet:
ipv4_address: 172.20.0.5
volumes:
- ./jira/webapp:/var/atlassian/jira
- ./jira/logs:/opt/atlassian/jira/logs
environment:
- X_PROXY_PORT=8080
- X_PROXY_SCHEME="http"
volumes:
data:
networks:
proxynet:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
reverse-proxy/data/app.conf
server {
listen 80;
server_name 192.123.456.789;
...
location /jira {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.20.0.5:8080/jira;
proxy_ssl_verify off;
proxy_read_timeout 90;
}
}
If i visit the 192.123.456.789/jira, i get an HTTP ERROR 503.
NGINX access log:
[04/Sep/2019:16:49:33 +0000] "GET /jira HTTP/1.1" 503 36 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" "-"
JIRA startup log:
`sMMMMMMMMMMMMMM+
MMMMMMMMMMMMMM
:sdMMMMMMMMMMM
MMMMMM
`sMMMMMMMMMMMMMM+ MMMMMM
MMMMMMMMMMMMMM +MMMMM
:sMMMMMMMMMMM MMMMM
MMMMMM `UOJ
`sMMMMMMMMMMMMM+ MMMMMM
MMMMMMMMMMMMMM +MMMMM
:sdMMMMMMMMMM MMMMM
MMMMMM `UOJ
MMMMMM
+MMMMM
MMMMM
`UOJ
Atlassian Jira
Version : 8.3.3
If you encounter issues starting or stopping JIRA, please see the Troubleshooting guide at https://docs.atlassian.com/jira/jadm-docs-083/Troubleshooting+installation
Using JIRA_HOME: /var/atlassian/jira
Server startup logs are located in /opt/atlassian/jira/logs/catalina.out
04-Sep-2019 17:03:57.136 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.40
04-Sep-2019 17:03:57.141 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Apr 10 2019 14:31:19 UTC
04-Sep-2019 17:03:57.142 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.40.0
04-Sep-2019 17:03:57.142 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
04-Sep-2019 17:03:57.142 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.15.0-54-generic
04-Sep-2019 17:03:57.143 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
04-Sep-2019 17:03:57.143 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-1.8-openjdk/jre
04-Sep-2019 17:03:57.144 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_212-b04
04-Sep-2019 17:03:57.144 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: IcedTea
04-Sep-2019 17:03:57.144 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /opt/atlassian/jira
04-Sep-2019 17:03:57.145 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /opt/atlassian/jira
04-Sep-2019 17:03:57.146 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties
04-Sep-2019 17:03:57.147 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
04-Sep-2019 17:03:57.147 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms384m
04-Sep-2019 17:03:57.148 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx2048m
04-Sep-2019 17:03:57.148 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:InitialCodeCacheSize=32m
04-Sep-2019 17:03:57.148 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:ReservedCodeCacheSize=512m
04-Sep-2019 17:03:57.149 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true
04-Sep-2019 17:03:57.149 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Datlassian.standalone=JIRA
04-Sep-2019 17:03:57.153 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
04-Sep-2019 17:03:57.154 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dmail.mime.decodeparameters=true
04-Sep-2019 17:03:57.154 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory
04-Sep-2019 17:03:57.155 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:-OmitStackTraceInFastThrow
04-Sep-2019 17:03:57.155 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.locale.providers=COMPAT
04-Sep-2019 17:03:57.155 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djira.home=/var/atlassian/jira
04-Sep-2019 17:03:57.156 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Datlassian.plugins.startup.options=-fg
04-Sep-2019 17:03:57.156 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
04-Sep-2019 17:03:57.156 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
04-Sep-2019 17:03:57.157 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
04-Sep-2019 17:03:57.157 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xloggc:/opt/atlassian/jira/logs/atlassian-jira-gc-%t.log
04-Sep-2019 17:03:57.158 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseGCLogFileRotation
04-Sep-2019 17:03:57.158 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:NumberOfGCLogFiles=5
04-Sep-2019 17:03:57.158 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:GCLogFileSize=20M
04-Sep-2019 17:03:57.159 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCDetails
04-Sep-2019 17:03:57.159 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCDateStamps
04-Sep-2019 17:03:57.160 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCTimeStamps
04-Sep-2019 17:03:57.160 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+PrintGCCause
04-Sep-2019 17:03:57.161 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
04-Sep-2019 17:03:57.161 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/opt/atlassian/jira
04-Sep-2019 17:03:57.163 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/atlassian/jira
04-Sep-2019 17:03:57.163 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/opt/atlassian/jira/temp
04-Sep-2019 17:03:57.164 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64:/usr/lib/jvm/java-1.8-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib]
04-Sep-2019 17:03:57.505 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
04-Sep-2019 17:03:57.555 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1377 ms
04-Sep-2019 17:03:57.576 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
04-Sep-2019 17:03:57.578 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.40
2019-09-04 17:04:05,574 localhost-startStop-1 INFO [c.a.jira.startup.JiraHomeStartupCheck] The jira.home directory '/var/atlassian/jira' is validated and locked for exclusive use by this instance.
2019-09-04 17:04:05,783 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger]
****************
JIRA starting...
****************
2019-09-04 17:04:05,923 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger]
___ Environment _____________________________
JIRA Build : 8.3.3#803004-sha1:4d4040e0714d65b7fffa4801569d014c0b16eaa9
Build Date : Wed Aug 28 00:00:00 GMT 2019
JIRA Installation Type : Standalone
Application Server : Apache Tomcat/8.5.40 - Servlet API 3.1
Java Version : 1.8.0_212 - IcedTea
Current Working Directory : /var/atlassian/jira
Maximum Allowable Memory : 1979MB
Total Memory : 371MB
Free Memory : 330MB
Used Memory : 41MB
Memory Pool: Code Cache : Code Cache: init = 33554432(32768K) used = 8746176(8541K) committed = 33554432(32768K) max = 536870912(524288K)
Memory Pool: Metaspace : Metaspace: init = 0(0K) used = 21664984(21157K) committed = 22331392(21808K) max = -1(-1K)
Memory Pool: Compressed Class Space : Compressed Class Space: init = 0(0K) used = 2323808(2269K) committed = 2490368(2432K) max = 1073741824(1048576K)
Memory Pool: Eden Space : Eden Space: init = 107479040(104960K) used = 22147168(21628K) committed = 107544576(105024K) max = 572653568(559232K)
Memory Pool: Survivor Space : Survivor Space: init = 13369344(13056K) used = 0(0K) committed = 13369344(13056K) max = 71565312(69888K)
Memory Pool: Tenured Gen : Tenured Gen: init = 268435456(262144K) used = 21798312(21287K) committed = 268435456(262144K) max = 1431699456(1398144K)
JVM Input Arguments : -Djava.util.logging.config.file=/opt/atlassian/jira/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms384m -Xmx2048m -XX:InitialCodeCacheSize=32m -XX:ReservedCodeCacheSize=512m -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory -XX:-OmitStackTraceInFastThrow -Djava.locale.providers=COMPAT -Djira.home=/var/atlassian/jira -Datlassian.plugins.startup.options=-fg -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Xloggc:/opt/atlassian/jira/logs/atlassian-jira-gc-%t.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=20M -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintGCCause -Dignore.endorsed.dirs= -Dcatalina.base=/opt/atlassian/jira -Dcatalina.home=/opt/atlassian/jira -Djava.io.tmpdir=/opt/atlassian/jira/temp
Java Compatibility Information : JIRA version = 8.3.3, Java Version = 1.8.0_212
___ Java System Properties _________________
atlassian.plugins.startup.options : -fg
atlassian.standalone : JIRA
awt.toolkit : sun.awt.X11.XToolkit
catalina.base : /opt/atlassian/jira
catalina.home : /opt/atlassian/jira
catalina.useNaming : true
common.loader : "${catalina.base}/lib",
"${catalina.base}/lib/*.jar",
"${catalina.home}/lib",
"${catalina.home}/lib/*.jar"
file.encoding : UTF-8
file.encoding.pkg : sun.io
ignore.endorsed.dirs :
java.awt.graphicsenv : sun.awt.X11GraphicsEnvironment
java.awt.headless : true
java.awt.printerjob : sun.print.PSPrinterJob
java.class.version : 52.0
java.home : /usr/lib/jvm/java-1.8-openjdk/jre
java.io.tmpdir : /opt/atlassian/jira/temp
java.locale.providers : COMPAT
java.naming.factory.initial : org.apache.naming.java.javaURLContextFactory
java.naming.factory.url.pkgs : org.apache.naming
java.protocol.handler.pkgs : org.apache.catalina.webresources
java.runtime.name : OpenJDK Runtime Environment
java.runtime.version : 1.8.0_212-b04
java.specification.name : Java Platform API Specification
java.specification.vendor : Oracle Corporation
java.specification.version : 1.8
java.util.concurrent.ForkJoinPool.common.threadFactory : org.apache.catalina.startup.SafeForkJoinWorkerThreadFactory
java.util.logging.config.file : /opt/atlassian/jira/conf/logging.properties
java.util.logging.manager : org.apache.juli.ClassLoaderLogManager
java.vendor : IcedTea
java.vendor.url : https://icedtea.classpath.org
java.vendor.url.bug : https://icedtea.classpath.org/bugzilla
java.version : 1.8.0_212
java.vm.info : mixed mode
java.vm.name : OpenJDK 64-Bit Server VM
java.vm.specification.name : Java Virtual Machine Specification
java.vm.specification.vendor : Oracle Corporation
java.vm.specification.version : 1.8
java.vm.vendor : IcedTea
java.vm.version : 25.212-b04
jdk.tls.ephemeralDHKeySize : 2048
jira.home : /var/atlassian/jira
mail.mime.decodeparameters : true
org.apache.catalina.security.SecurityListener.UMASK : 0027
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER : true
org.dom4j.factory : com.atlassian.core.xml.InterningDocumentFactory
os.arch : amd64
os.name : Linux
os.version : 4.15.0-54-generic
package.access : sun.,
org.apache.catalina.,
org.apache.coyote.,
org.apache.jasper.,
org.apache.tomcat.
package.definition : sun.,
java.,
org.apache.catalina.,
org.apache.coyote.,
org.apache.jasper.,
org.apache.naming.,
org.apache.tomcat.
server.loader :
shared.loader :
sun.arch.data.model : 64
sun.boot.library.path : /usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64
sun.cpu.endian : little
sun.cpu.isalist :
sun.io.unicode.encoding : UnicodeLittle
sun.java.command : org.apache.catalina.startup.Bootstrap start
sun.java.launcher : SUN_STANDARD
sun.jnu.encoding : UTF-8
sun.management.compiler : HotSpot 64-Bit Tiered Compilers
sun.os.patch.level : unknown
tomcat.util.buf.StringCache.byte.enabled : true
tomcat.util.scan.StandardJarScanFilter.jarsToScan : log4j-taglib*.jar,
log4j-web*.jar,
log4javascript*.jar,
slf4j-taglib*.jar
tomcat.util.scan.StandardJarScanFilter.jarsToSkip : annotations-api.jar,
ant-junit*.jar,
ant-launcher.jar,
ant.jar,
asm-*.jar,
aspectj*.jar,
bootstrap.jar,
catalina-ant.jar,
catalina-ha.jar,
catalina-jmx-remote.jar,
catalina-storeconfig.jar,
catalina-tribes.jar,
catalina-ws.jar,
catalina.jar,
cglib-*.jar,
cobertura-*.jar,
commons-beanutils*.jar,
commons-codec*.jar,
commons-collections*.jar,
commons-daemon.jar,
commons-dbcp*.jar,
commons-digester*.jar,
commons-fileupload*.jar,
commons-httpclient*.jar,
commons-io*.jar,
commons-lang*.jar,
commons-logging*.jar,
commons-math*.jar,
commons-pool*.jar,
dom4j-*.jar,
easymock-*.jar,
ecj-*.jar,
el-api.jar,
geronimo-spec-jaxrpc*.jar,
h2*.jar,
hamcrest-*.jar,
hibernate*.jar,
httpclient*.jar,
icu4j-*.jar,
jasper-el.jar,
jasper.jar,
jaspic-api.jar,
jaxb-*.jar,
jaxen-*.jar,
jdom-*.jar,
jetty-*.jar,
jmx-tools.jar,
jmx.jar,
jsp-api.jar,
jstl.jar,
jta*.jar,
junit-*.jar,
junit.jar,
log4j*.jar,
mail*.jar,
objenesis-*.jar,
oraclepki.jar,
oro-*.jar,
servlet-api-*.jar,
servlet-api.jar,
slf4j*.jar,
taglibs-standard-spec-*.jar,
tagsoup-*.jar,
tomcat-api.jar,
tomcat-coyote.jar,
tomcat-dbcp.jar,
tomcat-i18n-*.jar,
tomcat-jdbc.jar,
tomcat-jni.jar,
tomcat-juli-adapters.jar,
tomcat-juli.jar,
tomcat-util-scan.jar,
tomcat-util.jar,
tomcat-websocket.jar,
tools.jar,
websocket-api.jar,
wsdl4j*.jar,
xercesImpl.jar,
xml-apis.jar,
xmlParserAPIs-*.jar,
xmlParserAPIs.jar,
xom-*.jar
user.country : US
user.dir : /var/atlassian/jira
user.home : /sbin
user.language : en
user.name : daemon
user.timezone : GMT
2019-09-04 17:04:06,338 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/jira/dbconfig.xml
2019-09-04 17:04:06,391 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/jira/dbconfig.xml
2019-09-04 17:04:06,392 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/jira/dbconfig.xml
2019-09-04 17:04:08,155 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/jira/dbconfig.xml
2019-09-04 17:04:08,187 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger]
___ Starting the JIRA Plugin System _________________
2019-09-04 17:04:17,775 JIRA-Bootstrap INFO [c.a.j.config.database.SystemDatabaseConfigurationLoader] Reading database configuration from /var/atlassian/jira/dbconfig.xml
2019-09-04 17:04:17,931 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger] Running JIRA startup checks.
2019-09-04 17:04:17,933 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger] JIRA pre-database startup checks completed successfully.
2019-09-04 17:04:18,023 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigurationManagerImpl] The database is not yet configured. Enqueuing Database Checklist Launcher on post-database-configured-but-pre-database-activated queue
2019-09-04 17:04:18,024 JIRA-Bootstrap INFO [c.a.j.config.database.DatabaseConfigurationManagerImpl] The database is not yet configured. Enqueuing Post database-configuration launchers on post-database-activated queue
2019-09-04 17:04:18,045 JIRA-Bootstrap INFO [c.a.jira.startup.LauncherContextListener] Memory Usage:
---------------------------------------------------------------------------------
Heap memory : Used: 73 MiB. Committed: 371 MiB. Max: 1980 MiB
Non-heap memory : Used: 68 MiB. Committed: 86 MiB. Max: 1536 MiB
---------------------------------------------------------------------------------
TOTAL : Used: 141 MiB. Committed: 458 MiB. Max: 3516 MiB
---------------------------------------------------------------------------------
04-Sep-2019 17:05:03.590 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
04-Sep-2019 17:05:03.618 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
04-Sep-2019 17:05:03.701 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 66145 ms
I also started JIRA without the X_PROXY_* environment variables, but still no success.
I'm a bit confused because jira has started successfully, but nginx can't access it apparently. What am i missing?
I think i have found your problem. In the nginx config you have this line
location /jira {
...
Change it to
location ^~ /jira {
add_header Channel-id "JIRA";
...
Using kubernetes deployer, I cannot get login into scdf2 applying uaa service security... using scdf 2.1.2 image version.
I got a loop into /login and /login?code=xxx from uaa service because, I think, scdf2 cannot get "token"..
The process :
1) Initial launching of uaa server .
An uaa service running into a pod k8s, using the following config
[applying https://github.com/making/uaa-on-kubernetes/blob/master/k8s/uaa.yml]
It needs a secret deployed with cert and key.
When i've created the csr, with CN value for certificated is "uaa-service"
as a valid hostname
Then, uaa-service using https and certs:
apiVersion: v1
kind: Service
metadata:
name: uaa-service
labels:
app: uaa
spec:
type: LoadBalancer
ports:
- port: 8443
nodePort: 8443
name: uaa
selector:
app: uaa
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: uaa
spec:
replicas: 1
selector:
matchLabels:
app: uaa
template:
metadata:
labels:
app: uaa
spec:
initContainers:
- image: openjdk:8-jdk-slim
name: pem-to-keystore
volumeMounts:
- name: keystore-volume
mountPath: /keystores
- name: uaa-tls
mountPath: /uaa-tls
command:
- sh
- -c
- |
openssl pkcs12 -export \
-name uaa-tls \
-in /uaa-tls/tls.crt \
-inkey /uaa-tls/tls.key \
-out /keystores/uaa.p12 \
-password pass:foobar
keytool -importkeystore \
-destkeystore /keystores/uaa.jks \
-srckeystore /keystores/uaa.p12 \
-deststoretype pkcs12 \
-srcstoretype pkcs12 \
-alias uaa-tls \
-deststorepass changeme \
-destkeypass changeme \
-srcstorepass foobar \
-srckeypass foobar \
-noprompt
containers:
- name: uaa
image: making/uaa:4.13.0
command:
- sh
- -c
- |
mv /usr/local/tomcat/webapps/uaa.war /usr/local/tomcat/webapps/ROOT.war
catalina.sh run
ports:
- containerPort: 8443
volumeMounts:
- name: uaa-config
mountPath: /uaa
readOnly: true
- name: server-config
mountPath: /usr/local/tomcat/conf/server.xml
subPath: server.xml
readOnly: true
- name: keystore-volume
mountPath: /keystores
readOnly: true
env:
- name: _JAVA_OPTIONS
value: "-Djava.security.policy=unlimited -Djava.security.egd=file:/dev/./urandom"
readinessProbe:
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 90
timeoutSeconds: 30
failureThreshold: 50
periodSeconds: 60
livenessProbe:
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 90
timeoutSeconds: 30
periodSeconds: 60
failureThreshold: 50
volumes:
- name: uaa-config
configMap:
name: uaa-config
items:
- key: uaa.yml
path: uaa.yml
- key: log4j.properties
path: log4j.properties
- name: server-config
configMap:
name: uaa-config
items:
- key: server.xml
path: server.xml
- name: keystore-volume
emptyDir: {}
- name: uaa-tls
secret:
secretName: uaa-tls
# kubectl create secret tls uaa-tls --cert=uaa-service.crt --key=uaa-service.key
---
apiVersion: v1
kind: ConfigMap
metadata:
name: uaa-config
data:
server.xml: |-
<?xml version='1.0' encoding='utf-8'?>
<Server port="-1">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<Service name="Catalina">
<Connector class="org.apache.coyote.http11.Http11NioProtocol" protocol="HTTP/1.1" connectionTimeout="20000"
scheme="https"
port="8443"
SSLEnabled="true"
sslEnabledProtocols="TLSv1.2"
ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/keystores/uaa.jks"
keystoreType="PKCS12"
keyAlias="uaa-tls"
keystorePass="changeme"
bindOnInit="false"/>
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
port="8989"
address="127.0.0.1"
bindOnInit="true"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost"
appBase="webapps"
unpackWARs="true"
autoDeploy="false"
failCtxIfServletStartFails="true">
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto" internalProxies="10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access" suffix=".log" rotatable="false" pattern="%h %l %u %t "%r" %s %b"/>
</Host>
</Engine>
</Service>
</Server>
log4j.properties: |-
PID=????
log4j.rootCategory=INFO, CONSOLE
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=[%d{yyyy-MM-dd HH:mm:ss.SSS}] uaa%X{context} - ${PID} [%t] .... %5p --- %c{1}: %m%n
log4j.category.org.springframework.security=INFO
log4j.category.org.cloudfoundry.identity=INFO
log4j.category.org.springframework.jdbc=INFO
log4j.category.org.apache.http.wire=INFO
uaa.yml: |-
logging:
config: "/uaa/log4j.properties"
require_https: true
scim:
groups:
zones.read: Read identity zones
zones.write: Create and update identity zones
idps.read: Retrieve identity providers
idps.write: Create and update identity providers
clients.admin: Create, modify and delete OAuth clients
clients.write: Create and modify OAuth clients
clients.read: Read information about OAuth clients
clients.secret: Change the password of an OAuth client
scim.write: Create, modify and delete SCIM entities, i.e. users and groups
scim.read: Read all SCIM entities, i.e. users and groups
scim.create: Create users
scim.userids: Read user IDs and retrieve users by ID
scim.zones: Control a user's ability to manage a zone
scim.invite: Send invitations to users
password.write: Change your password
oauth.approval: Manage approved scopes
oauth.login: Authenticate users outside of the UAA
openid: Access profile information, i.e. email, first and last name, and phone number
groups.update: Update group information and memberships
uaa.user: Act as a user in the UAA
uaa.resource: Serve resources protected by the UAA
uaa.admin: Act as an administrator throughout the UAA
uaa.none: Forbid acting as a user
uaa.offline_token: Allow offline access
oauth:
clients:
uaa_admin:
authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write
authorized-grant-types: client_credentials
override: true
scope: 'cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage'
secret: uaa_secret
id: uaa_admin
user:
authorities:
- openid
- scim.me
- cloud_controller.read
- cloud_controller.write
- cloud_controller_service_permissions.read
- password.write
- scim.userids
- uaa.user
- approvals.me
- oauth.approvals
- profile
- roles
- user_attributes
- uaa.offline_token
issuer:
uri: https://uaa-service:8443
login:
url: https://uaa-service:8443
entityBaseURL: https://uaa-service:8443
entityID: cloudfoundry-saml-login
saml:
nameID: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
assertionConsumerIndex: 0
signMetaData: true
signRequest: true
socket:
connectionManagerTimeout: 10000
soTimeout: 10000
authorize:
url: https://uaa-service:8443/oauth/authorize
uaa:
# The hostname of the UAA that this login server will connect to
url: https://uaa-service:8443
token:
url: https://uaa-service:8443/oauth/token
approvals:
url: https://uaa-service:8443/approvals
login:
url: https://uaa-service:8443/authenticate
limitedFunctionality:
enabled: false
whitelist:
endpoints:
- /oauth/authorize/**
- /oauth/token/**
- /check_token/**
- /login/**
- /login.do
- /logout/**
- /logout.do
- /saml/**
- /autologin/**
- /authenticate/**
- /idp_discovery/**
methods:
- GET
- HEAD
- OPTIONS
I think that rhe important values to remember are ( in doubt about saml):
issuer:
uri: https://uaa-service:8443
login:
url: https://uaa-service:8443
entityBaseURL: https://uaa-service:8443
authorize:
url: https://uaa-service:8443/oauth/authorize
uaa:
# The hostname of the UAA that this login server will connect to
url: https://uaa-service:8443
token:
url: https://uaa-service:8443/oauth/token
approvals:
url: https://uaa-service:8443/approvals
login:
url: https://uaa-service:8443/authenticate
Ok, deployed and running the pod. Remember 8443 form uaa_services actions.
2)
Upgrade uaa config for users admin and user and roles mappings.
Because i cannot get install uaac gem ... i run a docker imagen with uaac client:
docker run --rm -it cf-uaac bash
then
>>>> I need add the ip pod uaa-server to the docker image
#echo "10.42.0.1 uaa-service" >> /etc/hosts
#uaac --skip-ssl-validation target https://uaa-service:8443
Unknown key: Max-Age = 86400
Target: http://uaa-service:8443
#uaac token client get uaa_admin -s uaa_secret
Unknown key: Max-Age = 86400
Successfully fetched token via client credentials grant.
Target: http://uaa-service:8443
Context: uaa_admin, from client uaa_admin
>>> Ok i got a uaa_admin token to create admin user, group etc ..
>>> check token again is valid
# uaac token decode
Note: no key given to validate token signature
jti: 8067e0122b20433ab817f684e7335d30
sub: uaa_admin
authorities: clients.read password.write clients.secret clients.write uaa.admin scim.write scim.read
scope: clients.read password.write clients.secret clients.write uaa.admin scim.write scim.read
client_id: uaa_admin
cid: uaa_admin
azp: uaa_admin
grant_type: client_credentials
rev_sig: 7216b9b8
iat: 1565017183
exp: 1565060383
iss: http://uaa-service:8443/oauth/token
zid: uaa
aud: scim uaa_admin password clients uaa**
#uaac user add admin -p password --emails admin#mk.com
root#bf98436ccc82:/# uaac user add admin -p password --emails admin#mk.com
user account successfully added
root#bf98436ccc82:/# uaac user add user -p password --emails user#mk.com
user account successfully added
=========================================================================================================================================
root#bf98436ccc82:/# uaac group add "dataflow.view"
id: 9796f596-e540-4f3b-a32c-90b1bac5d0cc
meta
version: 0
created: 2019-08-05T15:00:01.014Z
lastmodified: 2019-08-05T15:00:01.014Z
members:
schemas: urn:scim:schemas:core:1.0
displayname: dataflow.view
zoneid: uaa
root#bf98436ccc82:/# uaac group add "dataflow.create"
id: c798e762-bcae-4d1f-8eef-2f7083df2d45
meta
version: 0
created: 2019-08-05T15:00:01.495Z
lastmodified: 2019-08-05T15:00:01.495Z
members:
schemas: urn:scim:schemas:core:1.0
displayname: dataflow.create
zoneid: uaa
root#bf98436ccc82:/# uaac group add "dataflow.manage"
id: 47aeba32-db27-456c-aa12-d5492127fe1f
meta
version: 0
created: 2019-08-05T15:00:01.986Z
lastmodified: 2019-08-05T15:00:01.986Z
members:
schemas: urn:scim:schemas:core:1.0
displayname: dataflow.manage
zoneid: uaa
=========================================================================================================================================
root#bf98436ccc82:/# uaac member add dataflow.view admin
success
root#bf98436ccc82:/# uaac member add dataflow.create admin
success
root#bf98436ccc82:/# uaac member add dataflow.manage admin
success
=========================================================================================================================================
root#bf98436ccc82:/# uaac member add dataflow.view user
success
root#bf98436ccc82:/# uaac member add dataflow.create user
success
root#bf98436ccc82:/# uaac member add dataflow.manage user
success
>>> Now, mapping admin to dataflow uua client
>>> Important
>>> The redirect url MUST THE SAME from http original request
>>> scdf2-data-flow-skipper:8844
>>> this is my login uri to dashboard scdf2
>>> i can't get direct connect to pod ... ssh tunnels insteads ..
# uaac client add dataflow \
--name dataflow \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
--authorities uaa.resource \
--redirect_uri http://scdf2-data-flow-server:8844/login\
--autoapprove openid \
--secret dataflow
#uaac client add skipper \
--name skipper \
--scope cloud_controller.read,cloud_controller.write,openid,password.write,scim.userids,dataflow.view,dataflow.create,dataflow.manage \
--authorized_grant_types password,authorization_code,client_credentials,refresh_token \
--authorities uaa.resource \
--redirect_uri http://scdf2-data-flow-skipper:8844/login \
--autoapprove openid \
--secret skipper
>>>> Using curl to get a valid token and check that uri's are ok
curl -k -v -d"username=admin&password=password&client_id=dataflow&grant_type=client_credentials" -u "dataflow:dataflow" https://uaa-service:8443/oauth/token * Expire in 0 ms for 6 (transfer 0x5632e4386dd0)
* Trying 10.42.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5632e4386dd0)
* Connected to uaa-service (10.42.0.1) port 8443 (#0)
* Server auth using Basic with user 'dataflow'
> POST /oauth/token HTTP/1.1
> Host: uaa-service:8443
> Authorization: Basic ZGF0YWZsb3c6ZGF0YWZsb3c=
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Length: 81
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 81 out of 81 bytes
< HTTP/1.1 200
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Mon, 05 Aug 2019 15:02:21 GMT
<
* Connection #0 to host uaa-service left intact
{"access_token":"eyJhbGciOiJIUzI1NiIsImtpZCI6ImxlZ2FjeS10b2tlbi1rZXkiLCJ0eXAiOiJKV1QifQ.eyJqdGkiOiJlNmU3YzNiOWVkMmM0ZmI5ODQ5OWE3MmQ2N2EzMjMyYSIsInN1YiI6ImRhdGFmbG93IiwiYXV0aG9yaXRpZXMiOlsidWFhLnJlc291cmNlIl0sInNjb3BlIjpbInVhYS5yZXNvdXJjZSJdLCJjbGllbnRfaWQiOiJkYXRhZmxvdyIsImNpZCI6ImRhdGFmbG93IiwiYXpwIjoiZGF0YWZsb3ciLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6IjFkMmUwMjVjIiwiaWF0IjoxNTY1MDE3MzQxLCJleHAiOjE1NjUwNjA1NDEsImlzcyI6Imh0dHA6Ly91YWEtc2VydmljZTo4MDgwL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImRhdGFmbG93IiwidWFhIl19.G2f8bIMbUWJOz8kcZYtU37yYhTtMOEJlsrvJFINnUjo","token_type":"bearer","expires_in":43199,"scope":"uaa.resource","jti":"e6e7c3b9ed2c4fb98499a72d67a3232a"}root#bf98436ccc82:/#
At this point, it seems that uaa server it is running ok and i can get from a "docker" process... let's continue using pods ...
3) Deploy skipper and scdf2 using security uaa.
Skipper and scdf2 are deployed using same values (changes into client_ide values of course:
LOGGING_LEVEL_ROOT: DEBUG
KUBERNETES_NAMESPACE: (v1:metadata.namespace)
SERVER_PORT: 8080
SPRING_CLOUD_CONFIG_ENABLED: false
SPRING_CLOUD_DATAFLOW_FEATURES_ANALYTICS_ENABLED: false
SPRING_CLOUD_KUBERNETES_SECRETS_ENABLE_API: true
SPRING_CLOUD_DATAFLOW_FEATURES_SCHEDULES_ENABLED: true
SPRING_CLOUD_KUBERNETES_SECRETS_PATHS: /etc/secrets
SPRING_CLOUD_KUBERNETES_CONFIG_NAME: scdf2-data-flow-server
SPRING_CLOUD_SKIPPER_CLIENT_SERVER_URI: http://${SCDF2_DATA_FLOW_SKIPPER_SERVICE_HOST}/api
SPRING_CLOUD_DATAFLOW_SERVER_URI: http://${SCDF2_DATA_FLOW_SERVER_SERVICE_HOST}:${SCDF2_DATA_FLOW_SERVER_SERVICE_PORT}
SPRING_CLOUD_DATAFLOW_SECURITY_CF_USE_UAA: true
SECURITY_OAUTH2_CLIENT_CLIENT_ID: dataflow
SECURITY_OAUTH2_CLIENT_CLIENT_SECRET: dataflow
SECURITY_OAUTH2_CLIENT_SCOPE: openid
SPRING_CLOUD_DATAFLOW_SECURITY_AUTHORIZATION_MAP_OAUTH_SCOPES: true
SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI: https://uaa-service:8443/oauth/token
SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI: https://uaa-service:8443/oauth/authorize
SECURITY_OAUTH2_RESOURCE_USER_INFO_URI: https://uaa-service:8443/userinfo
SECURITY_OAUTH2_RESOURCE_TOKEN_INFO_URI: https://uaa-service:8443/check_token
SPRING_APPLICATION_JSON: { "com.sun.net.ssl.checkRevocation": "false", "maven": { "local-repository": "myLocalrepoMK", "remote-repositories": { "mk-repository": {"url": "http://${NEXUS_SERVICE_HOST}:${NEXUS_SERVICE_PORT}/repository/maven-releases/","auth": {"username": "admin","password": "admin123"}},"spring-repo": {"url": "https://repo.spring.io/libs-release","auth": {"username": "","password": ""}},"spring-repo-snapshot": {"url": "https://repo.spring.io/libs-snapshot/","auth": {"username": "","password": ""}}}} }
Using 8443 as comunication between pod to pod ...
And skipper and scdf2 config maps:
management:
endpoints:
web:
base-path: /management
security:
roles: MANAGE
spring:
cloud:
dataflow:
security:
authorization:
map-oauth-scopes: true
role-mappings:
ROLE_CREATE: dataflow.create
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destoy
ROLE_MANAGE: dataflow.manage
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
ROLE_VIEW: dataflow.view
enabled: true
rules:
# About
- GET /about => hasRole('ROLE_VIEW')
# Audit
- GET /audit-records => hasRole('ROLE_VIEW')
- GET /audit-records/** => hasRole('ROLE_VIEW')
# Boot Endpoints
- GET /management/** => hasRole('ROLE_MANAGE')
At this point, i think why cannot i see a login mapping defined?
I deploy skipper and scdf2 and the first problem is that all health process is returno 401 .. ok ... let's continue ...
Request not progress after :
http://scdf2-data-flow-server:8844/login?code=ETFX6qfQMw&state=Fudfts
Not bypass /login page from scdf2 and go to dashboard
The request hangs in:
http://scdf2-data-flow-server:8844/login&response_type=code&scope=openid&state=5HST0f
I think that all UAA's process are terminanted and back to redirect to login into scdf security model.
login and loop
But, what is happens?
Login request arrive to scdf2, scdf2 check into uaa that all is correct and back again to process as new request into scdf2, that send again a request to uaa server ...
Then , restart scdf using debug logging ...
request is now :
GET /login?code=W7luipeEGG&state=7yiI9S HTTP/1.1
and logging :
2019-08-12 15:37:58.413 DEBUG 1 --- [nio-8080-exec-5] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#39c5463b:org.apache.tomcat.util.net.NioChannel#6160a9db:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8080 remote=/127.0.0.1:58562]], Read from buffer: [0]
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper#39c5463b:org.apache.tomcat.util.net.NioChannel#6160a9db:java.nio.channels.SocketChannel[connected local=/127.0.0.1:8080 remote=/127.0.0.1:58562]], Read direct from socket: [593]
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] o.a.coyote.http11.Http11InputBuffer : Received [GET /login?code=W7luipeEGG&state=7yiI9S HTTP/1.1
Host: scdf2-data-flow-server:8844
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate
Accept-Language: es-ES,es;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: JSESSIONID=077168452F9CCF4378715DC3FE20D4B2
]
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=077168452F9CCF4378715DC3FE20D4B2
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is 077168452F9CCF4378715DC3FE20D4B2
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /login
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2019-08-12 15:37:58.414 DEBUG 1 --- [nio-8080-exec-5] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2019-08-12 15:37:58.415 DEBUG 1 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2019-08-12 15:37:58.415 DEBUG 1 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters : Decoding query null UTF-8
2019-08-12 15:37:58.416 DEBUG 1 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters : Start processing with input [code=W7luipeEGG&state=7yiI9S]
2019-08-12 15:37:58.425 ERROR 1 --- [nio-8080-exec-5] o.s.c.c.s.OAuthSecurityConfiguration : An error occurred while accessing an authentication REST resource.
but using debug error, now i can see:
019-08-12 15:37:58.416 DEBUG 1 --- [nio-8080-exec-5] org.apache.tomcat.util.http.Parameters : Start processing with input [code=W7luipeEGG&state=7yiI9S]
2019-08-12 15:37:58.425 ERROR 1 --- [nio-8080-exec-5] o.s.c.c.s.OAuthSecurityConfiguration : An error occurred while accessing an authentication REST resource.
org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:107)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at
org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
... 66 common frames omitted
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://uaa-service:8443/oauth/token": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:691)
at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:137)
... 72 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 88 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 94 common frames omitted
2019-08-12 15:37:58.426 DEBUG 1 --- [nio-8080-exec-5] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2019-08-12 15:37:58.427 DEBUG 1 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Disabling the response for further output
Ok, now we got
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It seems that jvm needs more info into cacerts o similars ...
then, how can i add the new cacert from uaa-server to jvm from scdf2?
Is it the new step into get to start working scdf2 uaa ?
what am i doing wrong?
Do I need to add the uaa-service cert to pod jvm from scdf2 running?
please help !!!
And, the problem was,
Into the server-deployment, I've remove the following config:
#- name: SECURITY_OAUTH2_CLIENT_SCOPE
# value: 'openid'
Do not apply any config parametrization about scope in anywhere.
Because, if scope is omitted or null, all scopes will be assigned to the client, and no needed confirmation for third party permission ...
Warning, you can get alot samples using this config into .. tested?
No apply any config about uaa into skipper.... only cacert to uaa into jks