Nginx errors over ssl for Tryton

smoothsg · July 2, 2020, 1:42pm

I was setting up ssl on nginx for tryton. But nginx throws “Application error” “Not found” error when tried to login to tryton on port 9080 in the browser (just before the password page). And nginx has the following error in the /var/log/nginx/error.log

[error] 16637#16637: *5 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *5 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *5 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.js” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.js HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/custom.css” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /custom.css HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en_GB.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en_GB.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en_GB.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en_GB.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en_GB.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en_GB.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
[error] 16637#16637: *6 open() “/opt/sao/locale/en.json” failed (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “GET /locale/en.json HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”

Tryton is still accessible on port 8000.

Other than I need to be on nginx support site, could someone please advise on where I got it wrong and how to fix it.

Thanks.

ced · July 2, 2020, 2:00pm

I see nothing really wrong here.
The web client tries to fetch the custom js and css files in case you want to customize. If you do not want to see those not found errors, you can still create empty files.
For the en_GB.json and en.json, it is because the language of the use is English so the web client tries to fetch the translations. But we do not provide translations for English because the terms are already in English. So you can just ignore those not found errors.

smoothsg · July 2, 2020, 2:37pm

Thanks for your response.
I had created empty files for all the files it was missing. It then complained about missing index file in /opt/sao/trytondb/ which doesn’t exit. see log error below.

2020/07/02 15:04:44 [notice] 18252#18252: start worker processes
2020/07/02 15:04:44 [notice] 18252#18252: start worker processes
2020/07/02 15:04:44 [notice] 18252#18252: start worker process 18253
2020/07/02 15:04:44 [notice] 18252#18252: start worker process 18253
2020/07/02 15:05:20 [error] 18253#18253: *2 “/opt/sao/trytondb/index.html” is not found (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “POST /trytondb/ HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
2020/07/02 15:05:20 [error] 18253#18253: *2 “/opt/sao/trytondb/index.html” is not found (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “POST /trytondb/ HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
2020/07/02 15:05:20 [error] 18253#18253: *2 “/opt/sao/trytondb/index.html” is not found (2: No such file or directory), client: 192.168.1.1, server: mysite.com, request: “POST /trytondb/ HTTP/1.1”, host: “mysite.com:9080”, referrer: “https://mysite.com:9080/”
2020/07/02 15:11:51 [info] 18253#18253: *3 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.1.107, server: 0.0.0.0:9080
2020/07/02 15:11:51 [info] 18253#18253: *4 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.1.107, server: 0.0.0.0:9080
2020/07/02 15:11:51 [info] 18253#18253: *5 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.1.107, server: 0.0.0.0:9080
2020/07/02 15:11:51 [info] 18253#18253: *6 SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, client: 192.168.1.107, server: 0.0.0.0:9080
2020/07/02 15:12:18 [info] 18253#18253: *8 client closed connection while waiting for request, client: 192.168.1.1, server: 0.0.0.0:9080
2020/07/02 16:07:48 [info] 18253#18253: *9 client sent plain HTTP request to HTTPS port while reading client request headers, client: 82.221.105.7, server: mysite.com, request: “GET / HTTP/1.1”, host: “myipaddress”
2020/07/02 16:07:49 [info] 18253#18253: *10 client sent plain HTTP request to HTTPS port while reading client request headers, client: 82.221.105.7, server: mysite.com, request: “GET /robots.txt HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:49 [info] 18253#18253: *11 client sent plain HTTP request to HTTPS port while reading client request headers, client: 82.221.105.7, server: mysite.com, request: “GET /sitemap.xml HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:49 [info] 18253#18253: *12 client sent plain HTTP request to HTTPS port while reading client request headers, client: 82.221.105.7, server: mysite.com, request: “GET /.well-known/security.txt HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:49 [info] 18253#18253: *13 client sent plain HTTP request to HTTPS port while reading client request headers, client: 82.221.105.7, server: mysite.com, request: “GET /favicon.ico HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:50 [error] 18253#18253: *14 open() “/opt/sao/favicon.ico” failed (2: No such file or directory), client: 82.221.105.7, server: mysite.com, request: “GET /favicon.ico HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:50 [error] 18253#18253: *14 open() “/opt/sao/favicon.ico” failed (2: No such file or directory), client: 82.221.105.7, server: mysite.com, request: “GET /favicon.ico HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:50 [error] 18253#18253: *14 open() “/opt/sao/favicon.ico” failed (2: No such file or directory), client: 82.221.105.7, server: mysite.com, request: “GET /favicon.ico HTTP/1.1”, host: “myipaddress:9080”
2020/07/02 16:07:51 [info] 18253#18253: *14 client 82.221.105.7 closed keepalive connection
2020/07/02 16:07:54 [info] 18253#18253: *15 client sent plain HTTP request to HTTPS port while reading client request headers, client: 35.187.98.101, server: mysite.com, request: “GET / HTTP/1.1”, host: “myipaddress:9080”

Apart from that tryton is still not accessible on https://mysite.com:9080 with this error:

smoothsg · July 8, 2020, 1:10pm

OK but there is obviously something wrong, tryton is still not accessible (not loading) on ssl port 9080. In nginx log there is “…/opt/sao/trytondb/index.html” is not found.

Tryton is configured to port 8000 and Nginx is configured to port 9080. Is this configured right?

Could someone please give some direction or point me to a documentation to give me an idea how to sort this out as I could not find anything anywhere about this Tryton ssl via Nginx from?

edbo · July 8, 2020, 1:26pm

On what OS are you?
Have NginX access rights to the directory? Check the user / group permissions.
Have you checked AppArmor on Ubuntu or SELinux on RHEL? It is possible that they block because /opt is not a directory where www data can be served from.

Can you share your NginX configuration?

smoothsg · July 9, 2020, 4:07pm

I’m on Opensuse 15.1 Leap.
I believe it has access. I added user Nginx to the tryton group and since tryton group should by right have access to /opt/sao, nginx should too. Hope I’m right about that.
I have dived into audit.log where AppArmor and SELinux log but I could not find anything there about either AppArmor and SELinux stopping Nginx access to the directory. Anywhere else I could look up?

Nginx configuration

user nginx;
worker_processes 1;

load_module lib64/nginx/modules/ngx_http_fancyindex_module.so;
#load_module lib64/nginx/modules/ngx_http_geoip_module.so;
load_module lib64/nginx/modules/ngx_http_geoip2_module.so;
load_module lib64/nginx/modules/ngx_http_headers_more_filter_module.so;
load_module lib64/nginx/modules/ngx_http_image_filter_module.so;
load_module lib64/nginx/modules/ngx_http_perl_module.so;
load_module lib64/nginx/modules/ngx_http_xslt_filter_module.so;
load_module lib64/nginx/modules/ngx_mail_module.so;
load_module lib64/nginx/modules/ngx_rtmp_module.so;
#load_module lib64/nginx/modules/ngx_stream_geoip2_module.so;
load_module lib64/nginx/modules/ngx_stream_module.so;

error_log /var/log/nginx/error.log;
error_log /var/log/nginx/error.log notice;
error_log /var/log/nginx/error.log info;

pid /run/nginx.pid;

events {
worker_connections 1024;
use epoll;
}

http {
include mime.types;
default_type application/octet-stream;
access_log  /var/log/nginx/access.log;

sendfile        on;

include conf.d/*.conf;

server {
    listen       9080 ssl;
    listen       mysite.com:9080 ssl;		
    server_name  mysite.mysite.com;
	error_page 497 https://$host:$server_port$request_uri;		

    ssl_certificate      /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key  /etc/nginx/ssl/privkey.pem;

    ssl_protocols        TLSv1.2;		

    location / {
        root   /opt/sao;
        index  index.html index.htm index.php;
    }
}		

include vhosts.d/*.conf;
}

Thank you.

ced · July 9, 2020, 4:14pm

You must set nginx to reverse proxy the requests to the trytond server. See https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/