Hi, I’m attempting to setup ocis on a mac, with nginx as a reverse proxy however it appears as though the request to /api/v0/settings/values-list
fails with 401 Unauthorized.
ocis appears to be running normally, and I am able to sign in. It looks like I’m getting a bearer token, but when making a request using the token (a POST request to /api/v0/settings/values-list
), it fails with 401.
When running ocis on it’s own without nginx in front it appears to work correctly.
ocis version: 4.0.3 binary
operating system: MacOS Catalina
nginx installed through brew brew install nginx
I’m getting a few errors in ocis logs:
{"level":"error","service":"gateway","pkg":"rgrpc","traceid":"00000000000000000000000000000000","error":"internal error: gateway: error finding an auth provider for type: bearer","type":"bearer","time":"2023-12-04T09:59:03.494301-05:00","message":"error getting auth provider client"}
{"level":"error","service":"proxy","error":"failed to verify access token: Get \"https://ocis.mywebsite.com/.well-known/openid-configuration\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","authenticator":"oidc","path":"/ocs/v1.php/cloud/user","time":"2023-12-04T10:09:01.12275-05:00","message":"failed to authenticate the request"}
and the access logs from nginx:
[04/Dec/2023:10:16:47 -0500] "POST /api/v0/settings/values-list HTTP/2.0" 401 0 "https://ocis.mywebsitecom/oidc-callback?code=wYsOICzQZTHYcQkD8om_wD-WrR_zktA-&scope=email%20openid%20profile&session_state=d33e88c72aff80ee0c9782cbe39264ba55728f14004a55f0e7ae4632018fadae.p2EsQJ-YhxulqgQGfXA3FyI95yxjUWx6sCAevvGnQhE&state=d65d98edd4bf49149f68a835918b5303" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0"
I’m running ocis through launchctl as a launch agent, here is the plist file in ~/Library/LaunchAgents/
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ocis.server</string>
<key>EnvironmentVariables</key>
<dict>
<key>OCIS_URL</key>
<string>https://ocis.mywebsite.com</string>
<key>OCIS_LOG_FILE</key>
<string>/usr/local/var/log/ocis.log</string>
<key>OCIS_LOG_LEVEL</key>
<string>error</string>
<key>PROXY_HTTP_ADDR</key>
<string>0.0.0.0:9200</string>
<key>PROXY_TLS</key>
<false/>
<key>OCIS_INSECURE</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/ocis</string>
<string>server</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
and the nginx configuration file
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# gzip on;
server {
listen 80;
listen [::]:80;
http2 on;
server_name ocis.mywebsite.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name ocis.mywebsite.com;
# certificates managed by Certbot
ssl_certificate /etc/letsencrypt/live/ocis.mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ocis.mywebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
# Disable checking of client request body size
client_max_body_size 0;
proxy_set_header Host $host;
proxy_pass https://localhost:9200/;
}
}
}
Any ideas on how to fix or debug this is much appreciated. Thanks!!