TLS Error when deploying to Azure Container App
162 views
Skip to first unread message
Rodrigo Langella
Jun 6, 2023, 4:05:31 AM6/6/23
to pwm-general
Has anyone successfully deployed PWM using a docker container in Azure Container APP?
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, --end current configuration output-- (6ms)
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, no non-default app properties in configuration
2023-06-06T07:38:14Z, DEBUG, stored.StoredConfigurationUtil, initialized new random security key
2023-06-06T07:38:14Z, INFO , event.AuditService, audit event: {"instance":"42DAD09B45586B04","type":"SYSTEM","eventCode":"STARTUP","guid":"2e2a30f5-d0eb-436e-965f-74979e16a49f","timestamp":"2023-06-06T07:38:14Z","narrative":"PWM has started up","xdasTaxonomy":"XDAS_AE_INVOKE_SERVICE","xdasOutcome":"XDAS_OUT_SUCCESS"}
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, application info: {"app_version":"v2.0.6 baaefbe7","app_chaiApiVersion":"0.8.5","app_currentTime":"2023-06-06T07:38:14.865819Z","app_startTime":"2023-06-06T07:38:13.631426Z","app_installTime":"2023-06-06T07:09:40.385Z","app_siteUrl":"","app_instanceID":"42DAD09B45586B04","app_trialMode":"false","app_deployment_type":"War","app_mode_manageHttps":"true","app_applicationPath":"/config","app_environmentFlags":"ManageHttps","app_wordlistSize":"0","app_seedlistSize":"0","app_sharedHistorySize":"0","app_sharedHistoryOldestTime":"n/a","app_emailQueueSize":"0","app_smsQueueSize":"0","app_syslogQueueSize":"0","app_localDbLogSize":"21","app_localDbLogOldestTime":"2023-06-06T07:09:40Z","app_localDbStorageSize":"23,398 bytes","app_localDbFreeSpace":"5,497.56 GB","app_configurationRestartCounter":"0","app_secureBlockAlgorithm":"AES128+GCM","app_secureHashAlgorithm":"SHA512","app_ldapProfileCount":"1","app_ldapConnectionCount":"0","app_activeSessionCount":"0","app_activeRequestCount":"0","build_Time":"2023-05-05T22:47:06Z","build_Number":"aaefbe7","build_Revision":"aaefbe76248735dabacc6c88ad6b184a16aeef88","build_JavaVendor":"0","build_JavaVersion":"11","build_Version":"2.0.6","java_memoryFree":"746811904","java_memoryAllocated":"1073741824","java_memoryMax":"1073741824","java_processors":"2","java_threadCount":"38","java_runtimeVersion":"11.0.19+7","java_vmName":"OpenJDK 64-Bit Server VM","java_vmVendor":"Eclipse Adoptium","java_vmLocation":"/opt/java/openjdk","java_vmVersion":"11.0.19+7","java_vmCommandLine":"-Xmx1g,-Xms1g,-Xlog:gc:file=/config/logs/gc.log:time,uptime,level,tags:filecount=10,filesize=10M","java_osName":"Linux","java_osVersion":"5.15.0-1038-azure","java_osArch":"amd64","java_randomAlgorithm":"NativePRNG","java_defaultCharset":"UTF-8","java_appServerInfo":"Apache Tomcat/9.0.74","java_sslVersions":"TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2Hello","database_driverName":"","database_driverVersion":"","database_databaseProductName":"","database_databaseProductVersion":""}
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, attempting to output keystore as configured by environment parameters to /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:14Z, ERROR, pwm.PwmApplication, error retrieving key 'https.selfCert' value from localDB: null
2023-06-06T07:38:15Z, TRACE, macro.MacroMachine, replaced macro @Case:lower:[[PWM]]@ with value: pwm (57ms)
2023-06-06T07:38:15Z, DEBUG, self.SelfCertGenerator, creating self-signed certificate with cn of pwm.example.com
2023-06-06T07:38:15Z, TRACE, pwm.PwmApplication, deleting existing keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:15Z, TRACE, pwm.PwmApplication, deleted existing keystore file: /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:15Z, INFO , pwm.PwmApplication, successfully exported application https key to keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:16Z, TRACE, pwm.PwmApplication, completed post init tasks (1302ms)
2023-06-06T07:38:16Z, TRACE, util.PwmScheduler, completed runtime thread #0 PwmApplication postInit tasks (1303ms)
2023-06-06T07:38:27Z, TRACE, sessiontrack.UserAgentUtils, loaded useragent parser (12s)
2023-06-06T07:38:27Z, TRACE, util.PwmScheduler, completed runtime thread #1 initialize useragent cache (12s)
2023-06-06T07:38:27Z, TRACE, data.SettingDataMaker, generated settingData with 535 settings and 107 categories (12s)
2023-06-06T07:38:27Z, TRACE, util.PwmScheduler, completed runtime thread #2 initialize PwmSetting metadata (12s)
2023-06-06T07:39:14Z, TRACE, localdb.XodusLocalDB, xodus environment stats: xodus.BYTES_WRITTEN=0,xodus.BYTES_READ=0,xodus.BYTES_MOVED_BY_GC=0,xodus.TRANSACTIONS=0,xodus.READONLY_TRANSACTIONS=0,xodus.GC_TRANSACTIONS=0,xodus.ACTIVE_TRANSACTIONS=0,xodus.FLUSHED_TRANSACTIONS=0,xodus.TRANSACTIONS_DURATION=0,xodus.READONLY_TRANSACTIONS_DURATION=0,xodus.GC_TRANSACTIONS_DURATION=0,xodus.DISK_USAGE=0,xodus.UTILIZATION_PERCENT=0,size.PWM_META=4,size.SHAREDHISTORY_META=2,size.SHAREDHISTORY_WORDS=0,size.WORDLIST_WORDS=0,size.SEEDLIST_WORDS=0,size.PWM_STATS=5,size.EVENTLOG_EVENTS=26,size.EMAIL_QUEUE=0,size.SMS_QUEUE=3,size.RESPONSE_STORAGE=0,size.OTP_SECRET=0,size.TOKENS=0,size.INTRUDER=0,size.AUDIT_QUEUE=0,size.AUDIT_EVENTS=5,size.USER_CACHE=0,size.TEMP=0,size.SYSLOG_QUEUE=0,size.CACHE=0,size.REPORT_QUEUE=3
I have already PWM working in a docker container in an Ubuntu VM in Azure but I want to move it to a container APP in Azure as part a of a new experiment. I'm also writing a HOW TO so other people can do it as well.
I have upload the image, Persistent file share is setup and its working cause I can see the logs and everything being written. I have mapped port 8443 and everything but I can't get past the error below when trying to open the initial page.
Bad Request
This combination of host and port requires TLS.
This is a fresh install and I got very minimal logs and they don't really show anything. Logs below.
This combination of host and port requires TLS.
This is a fresh install and I got very minimal logs and they don't really show anything. Logs below.
Please note Container APPs in Azure doens't let me open the website using port 8443. only works on port 443 but the port 443 is redirected to 8443 and I believe this is causing the issue.
I have other deployments such as Grafana and Zabbix all working on different ports and they work just fine so I must be something with Tomcat and TLS requirements.
I have other deployments such as Grafana and Zabbix all working on different ports and they work just fine so I must be something with Tomcat and TLS requirements.
If its there anything I can try on the YAML file to disable or bypass the TLS let me know, I got a certificate installed in this Azure Container as well.
Logs
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, --end current configuration output-- (6ms)
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, no non-default app properties in configuration
2023-06-06T07:38:14Z, DEBUG, stored.StoredConfigurationUtil, initialized new random security key
2023-06-06T07:38:14Z, INFO , event.AuditService, audit event: {"instance":"42DAD09B45586B04","type":"SYSTEM","eventCode":"STARTUP","guid":"2e2a30f5-d0eb-436e-965f-74979e16a49f","timestamp":"2023-06-06T07:38:14Z","narrative":"PWM has started up","xdasTaxonomy":"XDAS_AE_INVOKE_SERVICE","xdasOutcome":"XDAS_OUT_SUCCESS"}
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, application info: {"app_version":"v2.0.6 baaefbe7","app_chaiApiVersion":"0.8.5","app_currentTime":"2023-06-06T07:38:14.865819Z","app_startTime":"2023-06-06T07:38:13.631426Z","app_installTime":"2023-06-06T07:09:40.385Z","app_siteUrl":"","app_instanceID":"42DAD09B45586B04","app_trialMode":"false","app_deployment_type":"War","app_mode_manageHttps":"true","app_applicationPath":"/config","app_environmentFlags":"ManageHttps","app_wordlistSize":"0","app_seedlistSize":"0","app_sharedHistorySize":"0","app_sharedHistoryOldestTime":"n/a","app_emailQueueSize":"0","app_smsQueueSize":"0","app_syslogQueueSize":"0","app_localDbLogSize":"21","app_localDbLogOldestTime":"2023-06-06T07:09:40Z","app_localDbStorageSize":"23,398 bytes","app_localDbFreeSpace":"5,497.56 GB","app_configurationRestartCounter":"0","app_secureBlockAlgorithm":"AES128+GCM","app_secureHashAlgorithm":"SHA512","app_ldapProfileCount":"1","app_ldapConnectionCount":"0","app_activeSessionCount":"0","app_activeRequestCount":"0","build_Time":"2023-05-05T22:47:06Z","build_Number":"aaefbe7","build_Revision":"aaefbe76248735dabacc6c88ad6b184a16aeef88","build_JavaVendor":"0","build_JavaVersion":"11","build_Version":"2.0.6","java_memoryFree":"746811904","java_memoryAllocated":"1073741824","java_memoryMax":"1073741824","java_processors":"2","java_threadCount":"38","java_runtimeVersion":"11.0.19+7","java_vmName":"OpenJDK 64-Bit Server VM","java_vmVendor":"Eclipse Adoptium","java_vmLocation":"/opt/java/openjdk","java_vmVersion":"11.0.19+7","java_vmCommandLine":"-Xmx1g,-Xms1g,-Xlog:gc:file=/config/logs/gc.log:time,uptime,level,tags:filecount=10,filesize=10M","java_osName":"Linux","java_osVersion":"5.15.0-1038-azure","java_osArch":"amd64","java_randomAlgorithm":"NativePRNG","java_defaultCharset":"UTF-8","java_appServerInfo":"Apache Tomcat/9.0.74","java_sslVersions":"TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2Hello","database_driverName":"","database_driverVersion":"","database_databaseProductName":"","database_databaseProductVersion":""}
2023-06-06T07:38:14Z, TRACE, pwm.PwmApplication, attempting to output keystore as configured by environment parameters to /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:14Z, ERROR, pwm.PwmApplication, error retrieving key 'https.selfCert' value from localDB: null
2023-06-06T07:38:15Z, TRACE, macro.MacroMachine, replaced macro @Case:lower:[[PWM]]@ with value: pwm (57ms)
2023-06-06T07:38:15Z, DEBUG, self.SelfCertGenerator, creating self-signed certificate with cn of pwm.example.com
2023-06-06T07:38:15Z, TRACE, pwm.PwmApplication, deleting existing keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:15Z, TRACE, pwm.PwmApplication, deleted existing keystore file: /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:15Z, INFO , pwm.PwmApplication, successfully exported application https key to keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2023-06-06T07:38:16Z, TRACE, pwm.PwmApplication, completed post init tasks (1302ms)
2023-06-06T07:38:16Z, TRACE, util.PwmScheduler, completed runtime thread #0 PwmApplication postInit tasks (1303ms)
2023-06-06T07:38:27Z, TRACE, sessiontrack.UserAgentUtils, loaded useragent parser (12s)
2023-06-06T07:38:27Z, TRACE, util.PwmScheduler, completed runtime thread #1 initialize useragent cache (12s)
2023-06-06T07:38:27Z, TRACE, data.SettingDataMaker, generated settingData with 535 settings and 107 categories (12s)
2023-06-06T07:38:27Z, TRACE, util.PwmScheduler, completed runtime thread #2 initialize PwmSetting metadata (12s)
2023-06-06T07:39:14Z, TRACE, localdb.XodusLocalDB, xodus environment stats: xodus.BYTES_WRITTEN=0,xodus.BYTES_READ=0,xodus.BYTES_MOVED_BY_GC=0,xodus.TRANSACTIONS=0,xodus.READONLY_TRANSACTIONS=0,xodus.GC_TRANSACTIONS=0,xodus.ACTIVE_TRANSACTIONS=0,xodus.FLUSHED_TRANSACTIONS=0,xodus.TRANSACTIONS_DURATION=0,xodus.READONLY_TRANSACTIONS_DURATION=0,xodus.GC_TRANSACTIONS_DURATION=0,xodus.DISK_USAGE=0,xodus.UTILIZATION_PERCENT=0,size.PWM_META=4,size.SHAREDHISTORY_META=2,size.SHAREDHISTORY_WORDS=0,size.WORDLIST_WORDS=0,size.SEEDLIST_WORDS=0,size.PWM_STATS=5,size.EVENTLOG_EVENTS=26,size.EMAIL_QUEUE=0,size.SMS_QUEUE=3,size.RESPONSE_STORAGE=0,size.OTP_SECRET=0,size.TOKENS=0,size.INTRUDER=0,size.AUDIT_QUEUE=0,size.AUDIT_EVENTS=5,size.USER_CACHE=0,size.TEMP=0,size.SYSLOG_QUEUE=0,size.CACHE=0,size.REPORT_QUEUE=3
Jason Rivard
Jun 7, 2023, 7:26:17 AM6/7/23
to pwm-general
I don't know about Azure Container App, but on plain old docker you could just use a port mapping of 443:8443 instead of 8443:8443.... Can you do that in your azure environment?
Reply all
Reply to author
Forward
0 new messages