We cannot log you in. Permission denied.
/label Type: Bug Status: Need triage
Steps to reproduce
Hi, just installed funkwhale on local server. I created an admin user using manage createsuperuser
What happens?
I can't login using these credentials. I changed password multiple times to rule out typing error.
After setting up certbot,etc for SSL, I still get the permission denied issue accessing using https://mydomain.com
What is expected?
Expected to be able to log in
Context
Funkwhale version(s) affected: V1.0.1 mono container
output of docker-compose run --rm funkwhale nginx -T
:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-users: executing...
usermod: no changes
[cont-init.d] 10-users: exited 0.
[cont-init.d] 20-directories: executing...
[cont-init.d] 20-directories: exited 0.
[cont-init.d] 30-database: executing...
[cont-init.d] 30-database: exited 0.
[cont-init.d] 40-funkwhale: executing...
collecting static files
2021-03-10 17:27:29,541 funkwhale_api.config INFO Running with the following plugins enabled: funkwhale_api.contrib.scrobbler, funkwhale_api.contrib.listenbrainz
169 static files copied to '/app/api/staticfiles'.
running data migration
pg_ctl: another server might be running; trying to start server anyway
waiting for server to start....2021-03-10 17:27:32.125 UTC [282] LOG: listening on IPv4 address "127.0.0.1", port 5432
2021-03-10 17:27:32.125 UTC [282] LOG: could not bind IPv6 address "::1": Address not available
2021-03-10 17:27:32.125 UTC [282] HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
2021-03-10 17:27:32.214 UTC [282] LOG: listening on Unix socket "/run/postgresql/.s.PGSQL.5432"
2021-03-10 17:27:32.304 UTC [282] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2021-03-10 17:27:32.417 UTC [283] LOG: database system was interrupted; last known up at 2021-03-10 17:25:57 UTC
2021-03-10 17:27:32.615 UTC [283] LOG: database system was not properly shut down; automatic recovery in progress
2021-03-10 17:27:32.674 UTC [283] LOG: redo starts at 0/1A13BD8
2021-03-10 17:27:32.674 UTC [283] LOG: invalid record length at 0/1A13C10: wanted 24, got 0
2021-03-10 17:27:32.674 UTC [283] LOG: redo done at 0/1A13BD8
2021-03-10 17:27:32.965 UTC [282] LOG: database system is ready to accept connections
done
server started
2021-03-10 17:27:33,540 funkwhale_api.config INFO Running with the following plugins enabled: funkwhale_api.contrib.scrobbler, funkwhale_api.contrib.listenbrainz
[36;1mOperations to perform:[0m
[1m Apply all migrations: [0maccount, admin, audio, auth, authtoken, common, contenttypes, dynamic_preferences, favorites, federation, history, moderation, music, playlists, radios, requests, sessions, sites, socialaccount, tags, users
[36;1mRunning migrations:[0m
No migrations to apply.
waiting for server to shut down....2021-03-10 17:27:37.281 UTC [282] LOG: received fast shutdown request
2021-03-10 17:27:37.372 UTC [282] LOG: aborting any active transactions
2021-03-10 17:27:37.373 UTC [282] LOG: background worker "logical replication launcher" (PID 289) exited with exit code 1
2021-03-10 17:27:37.373 UTC [284] LOG: shutting down
2021-03-10 17:27:37.701 UTC [282] LOG: database system is shut down
done
server stopped
[cont-init.d] 40-funkwhale: exited 0.
[cont-init.d] 50-webserver: executing...
Setting up nested proxy conf…
[cont-init.d] 50-webserver: exited 0.
[cont-init.d] done.
[services.d] starting services
339:C 10 Mar 2021 17:27:37.798 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
339:C 10 Mar 2021 17:27:37.798 # Redis version=5.0.11, bits=64, commit=23c8f9b2, modified=0, pid=339, just started
339:C 10 Mar 2021 17:27:37.798 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
............NNNNNNNNNN............................NNNNNNNNN.............
............NmmmmmmmmmmmmNN..................NNmmmmmmmmmmmmN............
............NmmmmmmmmmmmmmmmmmNN.......NNNmmmmmmmmmmmmmmmmm.............
.............NmmmmmmmmmmmmmmmmmmmmN.NmmmmmmmmmmmmmmmmmmmmmN.............
_._
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 5.0.11 (23c8f9b2/0) 64 bit
.-`` .-```. ```\/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 339
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
339:M 10 Mar 2021 17:27:37.801 # Server initialized
339:M 10 Mar 2021 17:27:37.801 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
339:M 10 Mar 2021 17:27:37.801 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
339:M 10 Mar 2021 17:27:37.801 * Ready to accept connections
..............NmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmN...............
................NNmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmN.................
...................NNmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmNN...................
........................NNNmmmmmmmmmmmmmmmmmmNNN........................
............................NmmmmmmmmmmmmmNN............................
..............................NmmmmmmmmmmN..............................
...............................Nmmmmmmmm................................
................................mmmmmmmm................................
................................mmmmmmmN................................
................................NmmmmmmN................................
.hsssssm....dsssssh.....ssssss...NNmmN....ssssss.....hsssssd....Nsssssh.
.hsssssd....Nsssssy.....ysssssd..........dssssss.....ysssssm....msssssh.
.dsssssh.....ssssssm....msssssshm......Nhssssssm....Nssssss.....hsssssd.
.Nssssss.....dsssssy.....mssssssssyhhyssssssssm.....ysssssh....NssssssN.
..hsssssh.....ysssssyN....NhsssssssssssssssshN.....ysssssy.....hsssssy..
..Nssssssm....Nsssssssm.....NdhssssssssssydN.....myssssssN....mssssssN..
...dssssssN....NysssssshN.......NmmddmmN.......NhssssssyN....Nssssssd...
....hssssssm.....dsssssssydN................Ndysssssssd.....mssssssh....
.....hssssssd.....NhssssssssshdmN......NmdhssssssssshN.....dssssssh.....
......dssssssym.....NdssssssssssssssssssssssssssssdN.....Nyssssssd......
.......mssssssshN......mdyssssssssssssssssssssydN......Nhsssssssm.......
.........dsssssssym........mmdyyyssssssyyhdmN........mysssssssh.........
..........Nhsssssssshm............................mhsssssssshN..........
............NhsssssssssydmN..................NmdyssssssssshN............
...............mhsssssssssssyyhddmmmmmmddhyyssssssssssshm...............
..................mhyssssssssssssssssssssssssssssssyhm..................
.....................NmdyssssssssssssssssssssssydmN.....................
...........................NmmddhhhyyhhhhdmmN...........................
[services.d] done.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# /etc/nginx/nginx.conf
user nginx;
# Set number of worker processes automatically based on number of CPU cores.
worker_processes auto;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Configures default error logger.
error_log /var/log/nginx/error.log warn;
# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
}
http {
# Includes mapping of file name extensions to MIME types of responses
# and defines the default type.
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 208.67.222.222 208.67.220.220;
# Don't tell nginx version to clients.
server_tokens off;
# Specifies the maximum accepted body size of a client request, as
# indicated by the request header Content-Length. If the stated content
# length is greater than this size, then the client receives the HTTP
# error code 413. Set to 0 to disable.
client_max_body_size 1m;
# Timeout for keep-alive connections. Server will close connections after
# this time.
keepalive_timeout 65;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write().
sendfile on;
# Don't buffer data-sends (disable Nagle algorithm).
# Good for sending frequent small bursts of data in real time.
tcp_nodelay on;
# Causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames.
#tcp_nopush on;
# Path of the file with Diffie-Hellman parameters for EDH ciphers.
#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
# Specifies that our cipher suits should be preferred over client ciphers.
ssl_prefer_server_ciphers on;
# Enables a shared SSL cache with size that can hold around 8000 sessions.
ssl_session_cache shared:SSL:2m;
# Enable gzipping of responses.
#gzip on;
# Set the Vary HTTP header as defined in the RFC 2616.
gzip_vary on;
# Enable checking the existence of precompressed files.
#gzip_static on;
# Specifies the main log format.
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Sets the path, format, and configuration for a buffered log write.
access_log /var/log/nginx/access.log main;
# Includes virtual hosts configs.
include /etc/nginx/conf.d/*.conf;
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/funkwhale.conf:
upstream funkwhale-api {
# depending on your setup, you may want to update this
server 127.0.0.1:8000;
}
# required for websocket support
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
server_name _;
# TLS
# Feel free to use your own configuration for SSL here or simply remove the
# lines and move the configuration to the previous server block if you
# don't want to run funkwhale behind https (this is not recommended)
# have a look here for let's encrypt configuration:
# https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
root /app/front/dist;
# If you are using S3 to host your files, remember to add your S3 URL to the
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
location / {
include /etc/nginx/funkwhale_proxy.conf;
# this is needed if you have file import via upload enabled
client_max_body_size 100M;
proxy_pass http://funkwhale-api/;
}
location /front/ {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Service-Worker-Allowed "/";
add_header X-Frame-Options "ALLOW";
alias /app/front/dist/;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /front/embed.html {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "ALLOW";
alias /app/front/dist/embed.html;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /federation/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/federation/;
}
# You can comment this if you do not plan to use the Subsonic API
location /rest/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/api/subsonic/rest/;
}
location /.well-known/ {
include /etc/nginx/funkwhale_proxy.conf;
proxy_pass http://funkwhale-api/.well-known/;
}
location /media/ {
alias /data/media/;
}
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
location /_protected/media {
internal;
alias /data/media;
}
# Comment the previous location and uncomment this one if you're storing
# media files in a S3 bucket
# location ~ /_protected/media/(.+) {
# internal;
# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
# proxy_set_header Authorization "";
# proxy_pass $1;
# }
location /_protected/music {
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal;
alias /music;
}
location /staticfiles/ {
# django static files
alias /app/api/staticfiles/;
}
}
# configuration file /etc/nginx/funkwhale_proxy.conf:
# when the container is run behind another proxy, we need different X-Forwarded
# instructions, see https://github.com/thetarkus/docker-funkwhale/issues/19 for
# more info
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
[cmd] nginx exited 0
339:signal-handler (1615397257) Received SIGTERM scheduling shutdown...
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
339:M 10 Mar 2021 17:27:37.902 # User requested shutdown...
339:M 10 Mar 2021 17:27:37.902 * Saving the final RDB snapshot before exiting.
339:M 10 Mar 2021 17:27:38.313 * DB saved on disk
339:M 10 Mar 2021 17:27:38.313 # Redis is now ready to exit, bye bye...
[s6-finish] sending all processes the TERM signal.
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[s6-finish] sending all processes the KILL signal and exiting.