Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • funkwhale funkwhale
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 385
    • Issues 385
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 16
    • Merge requests 16
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • funkwhale
  • funkwhalefunkwhale
  • Issues
  • #1358

Closed
Open
Created Mar 10, 2021 by Lokananda Hari@gimmelemons1

We cannot log you in. Permission denied.

/label Type: Bug Status: Need triage

Steps to reproduce

Hi, just installed funkwhale on local server. I created an admin user using manage createsuperuser

What happens?

I can't login using these credentials. I changed password multiple times to rule out typing error.

http://ip:5000/:

image

http://ip:5000/api/admin:

image

After setting up certbot,etc for SSL, I still get the permission denied issue accessing using https://mydomain.com

What is expected?

Expected to be able to log in

Context

Funkwhale version(s) affected: V1.0.1 mono container

output of docker-compose run --rm funkwhale nginx -T :

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-users: executing... 
usermod: no changes
[cont-init.d] 10-users: exited 0.
[cont-init.d] 20-directories: executing... 
[cont-init.d] 20-directories: exited 0.
[cont-init.d] 30-database: executing... 
[cont-init.d] 30-database: exited 0.
[cont-init.d] 40-funkwhale: executing... 
collecting static files
2021-03-10 17:27:29,541 funkwhale_api.config INFO     Running with the following plugins enabled: funkwhale_api.contrib.scrobbler, funkwhale_api.contrib.listenbrainz

169 static files copied to '/app/api/staticfiles'.
running data migration
pg_ctl: another server might be running; trying to start server anyway
waiting for server to start....2021-03-10 17:27:32.125 UTC [282] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2021-03-10 17:27:32.125 UTC [282] LOG:  could not bind IPv6 address "::1": Address not available
2021-03-10 17:27:32.125 UTC [282] HINT:  Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
2021-03-10 17:27:32.214 UTC [282] LOG:  listening on Unix socket "/run/postgresql/.s.PGSQL.5432"
2021-03-10 17:27:32.304 UTC [282] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2021-03-10 17:27:32.417 UTC [283] LOG:  database system was interrupted; last known up at 2021-03-10 17:25:57 UTC
2021-03-10 17:27:32.615 UTC [283] LOG:  database system was not properly shut down; automatic recovery in progress
2021-03-10 17:27:32.674 UTC [283] LOG:  redo starts at 0/1A13BD8
2021-03-10 17:27:32.674 UTC [283] LOG:  invalid record length at 0/1A13C10: wanted 24, got 0
2021-03-10 17:27:32.674 UTC [283] LOG:  redo done at 0/1A13BD8
2021-03-10 17:27:32.965 UTC [282] LOG:  database system is ready to accept connections
 done
server started
2021-03-10 17:27:33,540 funkwhale_api.config INFO     Running with the following plugins enabled: funkwhale_api.contrib.scrobbler, funkwhale_api.contrib.listenbrainz
[36;1mOperations to perform:[0m
[1m  Apply all migrations: [0maccount, admin, audio, auth, authtoken, common, contenttypes, dynamic_preferences, favorites, federation, history, moderation, music, playlists, radios, requests, sessions, sites, socialaccount, tags, users
[36;1mRunning migrations:[0m
  No migrations to apply.
waiting for server to shut down....2021-03-10 17:27:37.281 UTC [282] LOG:  received fast shutdown request
2021-03-10 17:27:37.372 UTC [282] LOG:  aborting any active transactions
2021-03-10 17:27:37.373 UTC [282] LOG:  background worker "logical replication launcher" (PID 289) exited with exit code 1
2021-03-10 17:27:37.373 UTC [284] LOG:  shutting down
2021-03-10 17:27:37.701 UTC [282] LOG:  database system is shut down
 done
server stopped
[cont-init.d] 40-funkwhale: exited 0.
[cont-init.d] 50-webserver: executing... 
Setting up nested proxy conf…
[cont-init.d] 50-webserver: exited 0.
[cont-init.d] done.
[services.d] starting services
339:C 10 Mar 2021 17:27:37.798 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
339:C 10 Mar 2021 17:27:37.798 # Redis version=5.0.11, bits=64, commit=23c8f9b2, modified=0, pid=339, just started
339:C 10 Mar 2021 17:27:37.798 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf

............NNNNNNNNNN............................NNNNNNNNN.............
............NmmmmmmmmmmmmNN..................NNmmmmmmmmmmmmN............
............NmmmmmmmmmmmmmmmmmNN.......NNNmmmmmmmmmmmmmmmmm.............
.............NmmmmmmmmmmmmmmmmmmmmN.NmmmmmmmmmmmmmmmmmmmmmN.............
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 5.0.11 (23c8f9b2/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 339
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'                                               

339:M 10 Mar 2021 17:27:37.801 # Server initialized
339:M 10 Mar 2021 17:27:37.801 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
339:M 10 Mar 2021 17:27:37.801 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
339:M 10 Mar 2021 17:27:37.801 * Ready to accept connections
..............NmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmN...............
................NNmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmN.................
...................NNmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmNN...................
........................NNNmmmmmmmmmmmmmmmmmmNNN........................
............................NmmmmmmmmmmmmmNN............................
..............................NmmmmmmmmmmN..............................
...............................Nmmmmmmmm................................
................................mmmmmmmm................................
................................mmmmmmmN................................
................................NmmmmmmN................................
.hsssssm....dsssssh.....ssssss...NNmmN....ssssss.....hsssssd....Nsssssh.
.hsssssd....Nsssssy.....ysssssd..........dssssss.....ysssssm....msssssh.
.dsssssh.....ssssssm....msssssshm......Nhssssssm....Nssssss.....hsssssd.
.Nssssss.....dsssssy.....mssssssssyhhyssssssssm.....ysssssh....NssssssN.
..hsssssh.....ysssssyN....NhsssssssssssssssshN.....ysssssy.....hsssssy..
..Nssssssm....Nsssssssm.....NdhssssssssssydN.....myssssssN....mssssssN..
...dssssssN....NysssssshN.......NmmddmmN.......NhssssssyN....Nssssssd...
....hssssssm.....dsssssssydN................Ndysssssssd.....mssssssh....
.....hssssssd.....NhssssssssshdmN......NmdhssssssssshN.....dssssssh.....
......dssssssym.....NdssssssssssssssssssssssssssssdN.....Nyssssssd......
.......mssssssshN......mdyssssssssssssssssssssydN......Nhsssssssm.......
.........dsssssssym........mmdyyyssssssyyhdmN........mysssssssh.........
..........Nhsssssssshm............................mhsssssssshN..........
............NhsssssssssydmN..................NmdyssssssssshN............
...............mhsssssssssssyyhddmmmmmmddhyyssssssssssshm...............
..................mhyssssssssssssssssssssssssssssssyhm..................
.....................NmdyssssssssssssssssssssssydmN.....................
...........................NmmddhhhyyhhhhdmmN...........................

[services.d] done.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# /etc/nginx/nginx.conf

user nginx;

# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

# Configures default error logger.
error_log /var/log/nginx/error.log warn;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;


events {
	# The maximum number of simultaneous connections that can be opened by
	# a worker process.
	worker_connections 1024;
}

http {
	# Includes mapping of file name extensions to MIME types of responses
	# and defines the default type.
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Name servers used to resolve names of upstream servers into addresses.
	# It's also needed when using tcpsocket and udpsocket in Lua modules.
	#resolver 208.67.222.222 208.67.220.220;

	# Don't tell nginx version to clients.
	server_tokens off;

	# Specifies the maximum accepted body size of a client request, as
	# indicated by the request header Content-Length. If the stated content
	# length is greater than this size, then the client receives the HTTP
	# error code 413. Set to 0 to disable.
	client_max_body_size 1m;

	# Timeout for keep-alive connections. Server will close connections after
	# this time.
	keepalive_timeout 65;

	# Sendfile copies data between one FD and other from within the kernel,
	# which is more efficient than read() + write().
	sendfile on;

	# Don't buffer data-sends (disable Nagle algorithm).
	# Good for sending frequent small bursts of data in real time.
	tcp_nodelay on;

	# Causes nginx to attempt to send its HTTP response head in one packet,
	# instead of using partial frames.
	#tcp_nopush on;


	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;

	# Specifies that our cipher suits should be preferred over client ciphers.
	ssl_prefer_server_ciphers on;

	# Enables a shared SSL cache with size that can hold around 8000 sessions.
	ssl_session_cache shared:SSL:2m;


	# Enable gzipping of responses.
	#gzip on;

	# Set the Vary HTTP header as defined in the RFC 2616.
	gzip_vary on;

	# Enable checking the existence of precompressed files.
	#gzip_static on;


	# Specifies the main log format.
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
			'$status $body_bytes_sent "$http_referer" '
			'"$http_user_agent" "$http_x_forwarded_for"';

	# Sets the path, format, and configuration for a buffered log write.
	access_log /var/log/nginx/access.log main;


	# Includes virtual hosts configs.
	include /etc/nginx/conf.d/*.conf;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/funkwhale.conf:
upstream funkwhale-api {
    # depending on your setup, you may want to update this
    server 127.0.0.1:8000;
}


# required for websocket support
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80 default_server;
    server_name _;

    # TLS
    # Feel free to use your own configuration for SSL here or simply remove the
    # lines and move the configuration to the previous server block if you
    # don't want to run funkwhale behind https (this is not recommended)
    # have a look here for let's encrypt configuration:
    # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx

    root /app/front/dist;

    # If you are using S3 to host your files, remember to add your S3 URL to the
    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)

    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
    add_header Referrer-Policy "strict-origin-when-cross-origin";


    location / {
        include /etc/nginx/funkwhale_proxy.conf;
        # this is needed if you have file import via upload enabled
        client_max_body_size 100M;
        proxy_pass   http://funkwhale-api/;
    }

    location /front/ {
        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
        add_header Referrer-Policy "strict-origin-when-cross-origin";
        add_header Service-Worker-Allowed "/";
        add_header X-Frame-Options "ALLOW";
        alias /app/front/dist/;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    location /front/embed.html {
        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
        add_header Referrer-Policy "strict-origin-when-cross-origin";

        add_header X-Frame-Options "ALLOW";
        alias /app/front/dist/embed.html;
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }

    location /federation/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/federation/;
    }

    # You can comment this if you do not plan to use the Subsonic API
    location /rest/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/api/subsonic/rest/;
    }

    location /.well-known/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/.well-known/;
    }

    location /media/ {
        alias /data/media/;
    }

    # this is an internal location that is used to serve
    # audio files once correct permission / authentication
    # has been checked on API side
    location /_protected/media {
        internal;
        alias   /data/media;

    }
    # Comment the previous location and uncomment this one if you're storing
    # media files in a S3 bucket
    # location ~ /_protected/media/(.+) {
    #     internal;
    #     # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
    #     proxy_set_header Authorization "";
    #     proxy_pass $1;
    # }

    location /_protected/music {
        # this is an internal location that is used to serve
        # audio files once correct permission / authentication
        # has been checked on API side
        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
        internal;
        alias   /music;
    }

    location /staticfiles/ {
        # django static files
        alias /app/api/staticfiles/;
    }
}

# configuration file /etc/nginx/funkwhale_proxy.conf:
# when the container is run behind another proxy, we need different X-Forwarded
# instructions, see https://github.com/thetarkus/docker-funkwhale/issues/19 for
# more info
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

[cmd] nginx exited 0
339:signal-handler (1615397257) Received SIGTERM scheduling shutdown...
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
339:M 10 Mar 2021 17:27:37.902 # User requested shutdown...
339:M 10 Mar 2021 17:27:37.902 * Saving the final RDB snapshot before exiting.
339:M 10 Mar 2021 17:27:38.313 * DB saved on disk
339:M 10 Mar 2021 17:27:38.313 # Redis is now ready to exit, bye bye...
[s6-finish] sending all processes the TERM signal.
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[s6-finish] sending all processes the KILL signal and exiting.
Assignee
Assign to
Time tracking