Error with ssowat causing nginx error as 500 internal error


#1

Very frequently and almost for all the domains created in my yunohost server, iam getting the following error and thus when we browse the page, its giving 500 internal server error.

2019/01/08 17:57:21 [error] 8523#8523: *7476 lua entry thread aborted: runtime error: /usr/share/ssowat/config.lua:12: Configuration file is missing
stack traceback:
coroutine 0:
	[C]: in function 'assert'
	/usr/share/ssowat/config.lua:12: in function 'get_config'
	/usr/share/ssowat/access.lua:20: in function </usr/share/ssowat/access.lua:1>, client: 10.23.8.4, server: testdomain1.com, request: "GET /ynhpanel.js HTTP/1.1", host: "testdomain1.com", referrer: "https://testdomain1.com/index.php"

Currently iam using this for production… :slight_smile: and due to this issue, i used to restart nginx very often.

Any clue on how this can be resolved please.

Thanks,
Kumar.


#2

Just for info: Iam using the latest yunohost version in dedicated server with Arm processor.


#3

Uh, do you happen to have either /etc/ssowat/conf.json or /etc/ssowat/conf.json.persistent missing ?


#4

No. They are present. I manually added couple of extra entries in “Skipped _urls” section in proper format.


#5

the entries added to “skipped_urls” are related to other domains but not to this domain which has this issue.


#6

So you added these in the .persistent file ?

From what I understand, the error message you copy/pasted really related to “SSOwat cannot read /etc/ssowat/conf.json” for some reason … (unless you changed init.lua somehow but I doubt it)


#7

I didnt changed anything else. i added few entries in skipped_urls section in conf.json file only because that section doesnt exists in conf.persistent file.
but both these files are present in /etc/ssowat folder.

iam also getting the SSO authentication working well… only sometimes in a day, i come across this issue. Then i used to restart nginx. But this happens only when production users updates me about this issue then i can restart, but at the same time, when this issue happens, the users are not happy.


#8

Even a direct domain which doesnt has any login concept also has the same issue in the same server inspite of having those conf.json and conf.persistent files in /etc/ssowat folder.

If i comment the sso related lines in the respective domain.conf file under nginx, then there is no issue at all. I can still live with this commenting approach for 1 domain, but other domains has login concept and i cannot comment those lines.

any help on getting this resolution…badly stuck here and this is in production environment.


#9

Well, okay … Let’s clarify a few things :

  • Basically SSOwat is use in a “global” way, so i’m not too surprised that you get a 500 internal error on every domain, because loading the json file is not domain-dependent ;
  • What I am surprised about is the lack of regularity / rate at which this happens … from what I understand, it should either work all the time, or never, but not “sometimes” ?
  • You should NOT edit /etc/ssowat/conf.json. The existence of /etc/ssowat/conf.json.persistent suggests that conf.json is NOT persistent. Each time you do actions like installing an app or some other action, there’s a chance that a yunohost app ssowatconf will be triggered and therefore overwrite your conf.json file ! If you want persistent changes, you should edit conf.json.persistent. If the adequate section doesn’t exist yet in this file, then you should create it …
  • Also please do not comment line in the nginx conf files just to fix the issue … You are trying to fix the symptoms and not the actual issue, which in turn might just create more issues (if not security risks) …

So what I’d suggest is that :

  • you should move your manual tweaks to /etc/ssowat/conf.json.persistent
  • regenerate the ssowat conf by running yunohost app ssowatconf
  • to be sure, restart nginx with systemctl restart nginx

then let’s work from that point and see if there’s still an issue.