web ui auth

[tombi...@gmail.com]

I have been trying stack storm today, I have auth from the command line on the stack storm box working fine.  Web UI auth is not working.  I get the error: Unable to reach auth service. [auth:true].

I have noticed that port 9100 and 9101 are both bound to 127.0.0.1 instead of 0.0.0.0 as defined in /etc/st2/st2.conf.  Does auth happen on the backend or do these 2 ports need to be accessible from the browser ?  I did not update /opt/stackstorm/static/webui/config.js since it did not say to in the quick start guide but i did notice that it is all blank.  If i uncomment the hosts array and set url to https://:9101 and auth to https://:9100 i get the same results but error is then: Unable to reach auth service.  [auth:https://:9100].

Either way I am not able to reach the ports becasue they are binding to 127.0.0.1 but do not see where in the config files this is happening since they are defined as 0.0.0.0.  I have also tried changing this to the public ip, but I get the same results.  

I am running on cents with selinux disabled.

Any help would be much appreciated.

Thanks!

[Google Group Messages]

Winson Chan Tombin, Please review our KB @ http://stackstorm.reamaze.com/kb/webui/unable-to-reach-auth-service for this error. If you're still having trouble, please join our community channel on Slack (http://stackstorm.com/community-signup) and one of our staffs or an active community member will be able to assist you further. W Appreciate this response · View thread history

[tombi...@gmail.com]

Thank you for the fast response, Winson.  I did read through the help page on reamaze.com but that didn't help.  I went through the sign up for your slack page to try to get help there, but haven't received an invite to that slack group yet.

[Dmitri Zimine]

Hi Tombin, 

sorry for your compound troubles: our Slack registration automation broke over Slack revoking the API token… 

Before we get into details of troubleshooting your AIO installation, please consider using the new packages.

Go here https://docs.stackstorm.com/latest/install/rhel7.html take step-by-step, or just run a script referenced there. 

This is our way going forward; and based on your questions you know what you’re doing, so you’ll get more 

power and understanding on how things work. See this, too https://docs.stackstorm.com/latest/install/overview.html

Now, to your questions: 

> I have been trying stack storm today, I have auth from the command line on 
> the stack storm box working fine. Web UI auth is not working. I get the 
> error: Unable to reach auth service. [auth:true].

> I have noticed that port 9100 and 9101 are both bound to 127.0.0.1 instead 
> of 0.0.0.0 as defined in /etc/st2/st2.conf. Does auth happen on the 

/etc/st2/st2.conf doesn’t apply here, it only works when st2auth is run in standalone mode. In your case it’s run by uwsgi or gunicorn (depending on version) and nginx is forwarding it via socket or http, see /etc/nginx configuration

> backend or do these 2 ports need to be accessible from the browser ? 

From the browser. 

do you have a firewall on by a chance? 

> I did 
> not update /opt/stackstorm/static/webui/config.js since it did not say to 
> in the quick start guide but i did notice that it is all blank. If i 
> uncomment the hosts array and set url to https://:9101 and auth to 
> https://:9100 i get the same results but error is then: Unable to reach 
> auth service. [auth:https://:9100].

Which version do you use? st2 —version? Can you check that nginx is serving the api and auth endpoints

by proxying them to https://<>:443/auth and /api? This would be v1.3 behavior. In earlier versions they were served off https://<>:9100/9101

In 1.3 version, the config.js should have https://:443/auth https://:443/api 

It looks as if your service configurations and st2web configurations in /config.js are from different versions. 

> Either way I am not able to reach the ports becasue they are binding to 
> 127.0.0.1 but do not see where in the config files this is happening since 
> they are defined as 0.0.0.0. I have also tried changing this to the public 
> ip, but I get the same results. 

> I am running on cents with selinux disabled.

Any help would be much appreciated. 
Thanks!

--
You received this message because you are subscribed to the Google Groups "StackStorm" group.
To unsubscribe from this group and stop receiving emails from it, send an email to stackstorm+...@googlegroups.com.
To post to this group, send email to stack...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/stackstorm/ff9590a6-54ad-415b-9987-97a6855c8b3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[didier ernotte]

I have justed installed StackStorm in container using the docker-compose instruction. Everything is up, except when I tried to login on the UI, I have a "Unable to reach the auth service"

When I look at the debug console, it looks like it is an SSL issue (SSL_INTERNAL_ERROR_ALERT). Is it due to an imcompatibility with the certificat on the embedded https service ?

Didier

[didier ernotte]

Depending on the environment, I have different result:

- If I spin the docker stack with docker-toolbox, on an environment where native docker is not supported, I have an SSLissue

- If I spin the docker stack with a native docker environment, at home it work well,

- If I spin the docker on an hosted environment (play-with-docker.com for instance), I have an SSL issue

Didier

[Google Group Messages]

Lindsay Hill Try connecting to https://<IP>/ first, not http://. That should give you a chance to accept the self-signed certificate. I have seen certain scenarios where if you connect to http://<IP>, it does not give you a chance to accept the self-signed certificate, and it blocks connecting to the authentication service.

Appreciate this response · View thread history