osTicket and NGINX with OAuth2 for Microsoft authentication

mrhobbeys · July 18, 2023, 2:49am

Hello! I’ve made some good progress on my server, but I’m stuck with an odd problem I’m trying to figure out. I’m trying to add OAuth2 to my osTicket install to allow authentication to Microsoft for sending emails since they no longer allow basic authentication. Everything works until the very last part when Microsoft sends the authentication token back to me in the URL.

My YunoHost server

Hardware: VPS bought online IONOS
YunoHost version: 11.1.22
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:
If your request is related to an app, specify its name and version: osticket v1.17.3~ynh1

Description of my issue

what you are trying to achieve, in which context, what you tried and provide detailed error messages and logs if you can.

I added the file auth-oauth2.phar to the /includes/plugins directory in the osticket install location. The plugin enabled just fine, and things moved forward with me adding the Authentication tokens etc. I got all the way to where I could log into my Microsoft account, and on the redirect, I get a 404 error from Nginx

when I cat /var/log/nginx/tickets.mysite.com-error.log

I get the following error which matches my 404 URL:

2023/07/18 00:51:10 [error] 114980#114980: *2220 open() "/usr/share/nginx/htmlapi/http.php/auth/oauth2" failed (2: No such file or directory), client: 12.34.56.78, server: tickets.mysite.com, request: "GET /api/auth/oauth2?code=914CharacterLong
HTTP/2.0", host: "tickets.mysite.com", referrer: "https://tickets.mysite.com/"

Additional context. I posted on osTicket forum and was told that NGINX needs a special setup to work as it is not directly supported.

mrhobbeys · July 18, 2023, 4:58am

So I went through and did several things to see if I could fix things. I learned a little more about the YUNOHOST setup along the way.

First, I changed the permissions of the plugin file I put into the plugins folder to match the other items in the folder osticket:osticket.

Second, I went poking around the nginx config files.

I added, incorrectly, the following to line /etc/nginx/conf.d/tickets.mysite.com.conf:

    try_files $uri $uri/ /var/www/osticket/api/http.php?$query_string;
    }

This line did change my error from 404 to “File not found.” Which after I changed it back I realized my previous error was always “404 Not Found | nginx” and not just 404.

I later found /etc/nginx/conf.d/tickets.mysite.com.d/osticket.conf already has a directive for the API. Which is when I removed the previous change. I poked around some more and found that I’m using PHP8.0 and all the configs look right to me, but just a little different then what I’ve seen before.

I found something interesting. Visiting tickets.mysite.com/api/some.php will always download that file it doesn’t happen with other PHP files and I was able to test 2 other installs one setup with cloudron, and one manually installed and both of them render an error or message of some kind.

The one thing that looked different to me was in the /etc/nginx/conf.d/tickets.mysite.com.d/

  location ~ ^/api/(?!http.php/)(.*) {
     try_files $uri $uri/ /api/http.php/$1;
  }
   location ~ ^/pages/(?!index.php/)(.*) {
      try_files $uri $uri/ /pages/index.php/$1;
  }
  
  location ~ ^(.*[^/]\.php)(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.0-fpm-osticket.sock;

    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
  }

I changed that to:

  location ~ ^/api/(?!http.php/)(.*) {
     try_files $uri $uri/ /api/http.php/$1;
  }
   location ~ ^/pages/(?!index.php/)(.*) {
      try_files $uri $uri/ /pages/index.php/$1;
  }
  
  location ~ ^(.*[^/]\.php)(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.0-fpm-osticket.sock;

    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

Which had no effect on my task or the download of the files from the API directory, which confused me.

Next I just made some further simple edits:

location / {
    try_files $uri $uri/ /index.php;
}

location /api/ {
    try_files $uri $uri/ /api/http.php?$args;
}

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php8.0-fpm-osticket.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

Which allowed me to process the /api/ directory which I placed a file called test.php

<?php
echo "<pre>SERVER: ";
print_r($_SERVER);
echo "REQUEST: ";
print_r($_REQUEST);
echo "</pre>";
?>

I was stuck there since it has been so long since I have worked on the core of PHP stuff. My brain is fried for the day, but I hope someone that knows better might be able to give some insight.

Thank you

edit: adding this note — PS I’m going to copy paste this to osTicket forums to see if anyone there knows.

mrhobbeys · July 18, 2023, 5:07am

I’m only pointing this out as proof my brain is already fried I thought for some reason 404 was not allowed, but I know it is not found…

ericg · July 18, 2023, 10:17am

May not be related to the issue but I added permissions for the API path in manifest.toml https://github.com/YunoHost-Apps/osticket_ynh/blob/be2ace64781dc3f02d81991b54a9850d3914a16e/manifest.toml#L141-L144

mrhobbeys · July 18, 2023, 2:58pm

Thanks, that will be interesting to see if it fixes the issue.

Is there an easy way to make this take effect, or do I need to uninstall and re-install the app?

mrhobbeys · July 18, 2023, 3:29pm

I went ahead and uninstalled it and saw a system update, so I processed that. I’m about to reinstall and see if it is better, and will report back later.

mrhobbeys · July 18, 2023, 6:09pm

Update and reinstall didn’t fix the issue. I’ve been learning about nginx configurations, and later I will load a PHP debugger to work through the issue.

mrhobbeys · July 19, 2023, 2:51am

During a re-install, I noticed this message at the top of the modal that pops up during installation:

The server is processing the action…

Packagers: option language has ‘choices’ but has type ‘string’, use ‘select’ instead to remove this warning.

system · August 3, 2023, 2:52am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.