Accesso a Discourse "errore sconosciuto" con operazione socket

Installazione
1

Ho un problema con il messaggio di errore “errore sconosciuto” durante l’accesso. Dai file di log, sembra un problema di CSRF quando si apre la sessione (l’operazione POST causa una risposta 403), ma non capisco la vera causa principale.

Screenshot_20220329_200736
Screenshot_20220329_2007361079×303 13.5 KB

L’errore di accesso all’interno del container web_only (/var/log/nginx/access.log):

[29/Mar/2022:18:08:30 +0000] "forum.netzwissen.de" 87.154.170.198 "POST /message-bus/e65d4728665448f4a47a8fc74a0a6478/poll HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "-" 200 538 "https://forum.netzwissen.de/" 25.002 25.002 "-" "-" "-" "-" "-" "-" "-"
[29/Mar/2022:18:08:41 +0000] "forum.netzwissen.de" 87.154.170.198 "GET /session/csrf HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "session/csrf" 200 716 "https://forum.netzwissen.de/" 0.029 0.030 "-" "-" "-" "-" "-" "-" "-"
[29/Mar/2022:18:08:41 +0000] "forum.netzwissen.de" 87.154.170.198 "POST /session HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "-" 403 494 "https://forum.netzwissen.de/" 0.007 0.006 "-" "-" "-" "-" "-" "-" "-"
[29/Mar/2022:18:08:56 +0000] "forum.netzwissen.de" 87.154.170.198 "POST /message-bus/e65d4728665448f4a47a8fc74a0a6478/poll HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "-" 200 538 "https://forum.netzwissen.de/" 25.003 25.002 "-" "-" "-" "-" "-" "-" "-"

La configurazione operativa:

  • il load balancer haproxy viene utilizzato per la terminazione SSL
  • apache viene utilizzato come rev proxy sull’host docker locale, che fornisce traffico a un websocket locale (web.socketed.template.yml)
  • Discourse corrente con container separati per data e web_only
  • gli indirizzi IP originali vengono forniti da haproxy (forwardfor) ad apache e da lì tramite RemoteIPHeader X-Forwarded-For al nginx all’interno del container web_only

Avrei bisogno di qualche idea su come eseguire ulteriori debug di questa configurazione. Configurazione per il container web_only:

templates:
  - "templates/web.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.ratelimited.template.yml"
  - "templates/web.socketed.template.yml"

#expose:
##  - "127.0.0.1:84:80"   # http
##  - "443:443" # https

# Usa la chiave 'links' per collegare i container tra loro, ovvero usa il flag Docker --link.
links:
  - link:
      name: data
      alias: data

params:
  ## Quale revisione Git dovrebbe usare questo container? (default: tests-passed)
  #version: tests-passed

env:
  LANG: de_DE.UTF-8
  # DISCOURSE_DEFAULT_LOCALE: en

  UNICORN_WORKERS: 4
  DISCOURSE_HOSTNAME: 'forum.netzwissen.de'
  DOCKER_USE_HOSTNAME: true
  DISCOURSE_DEVELOPER_EMAILS: 'admin@netzwissen.de,support@netzwissen.de'

  DISCOURSE_SMTP_ADDRESS: mail.netzwissen.de
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: discourse@netzwissen.de
  DISCOURSE_SMTP_PASSWORD: xxxxxxxxxxxxxxx
  DISCOURSE_DB_SOCKET: ''
  DISCOURSE_DB_USERNAME: discourse
  DISCOURSE_DB_PASSWORD: xxxxxxxxxxxxxxx
  DISCOURSE_DB_HOST: data
  DISCOURSE_REDIS_HOST: data


volumes:
  - volume:
      host: /var/discourse/shared/web-only
      guest: /shared
  - volume:
      host: /var/discourse/shared/web-only/log/var-log
      guest: /var/log

## I plugin vanno qui
## vedi https://meta.discourse.org/t/19157 per i dettagli
## nel nostro caso i plugin fanno parte del container web
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git
          - git clone https://github.com/discourse/discourse-shared-edits.git
          - git clone https://github.com/discourse/discourse-chat-integration
          - git clone https://github.com/discourse/discourse-feature-voting
          - git clone https://github.com/discourse/wp-discourse
          - git clone https://github.com/discourse/discourse-openid-connect
          - git clone https://github.com/discourse/discourse-calendar
          - git clone https://github.com/discourse/discourse-data-explorer
          - git clone https://github.com/paviliondev/discourse-events
          - git clone https://github.com/paviliondev/discourse-locations

## Ricorda, questa è sintassi YAML - puoi avere solo un blocco con un nome
run:
  - exec: echo "Beginning of custom commands"
  - exec: rails r "SiteSetting.notification_email='discourse@netzwissen.de'"
  - replace:
      filename: /etc/nginx/conf.d/discourse.conf
      from: "types {"
      to: |
        set_real_ip_from 127.0.0.1/24;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;
        proxy_set_header Host $http_host;
        proxy_set_header X-Request-Start “t=${msec}”;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https; # replaced $thescheme;
        types {

  ## Se vuoi configurare il login con password per root, decommenta e cambia:
  ## Usa solo una delle seguenti righe:
  - exec: /usr/sbin/usermod -p 'xxxxxxxxxxxxxxxxxx' root
  
  - exec: echo "End of custom commands"