Difficulty sending reports from old clients to /report endpoint
Closed this issue ยท 6 comments
Hey F43nd1r ๐ - so, the ankidroid server which was older than dinosaurs was running acralyzer, and for unrelated reasons it was hacked so I just wiped it (it had our manual and acralyzer, no big deal), and thought "finally time to update to acrarium".
It's running on a DigitalOcean droplet so docker is a no-go
I installed nginx (SSL endpoint, serves docs, proxies acrarium), mysql8 and acrarium standalone, and I can successfully login and create an app and use the UI.
I had a lot of trouble getting acrarium configured because our old clients are configured to PUT (not POST!) to the URLs /report/<UUID of new report> instead of what acrarium assumes - a POST just to /report
At the start, when I posted to an nginx proxy_pass acrarium config I don't get 401 not authenticated, I get 403 not authorized so it is a security issue, but you just can't see it in the logs at all.
The way to see it in the logs is by starting it like this (with --trace on the end):
java -Xshare:off -XX:+UseSerialGC -XX:-TieredCompilation -Xint -Xmx250m -verbose:gc -jar acrarium/acrarium-1.7.0.jar --trace
debug is not enough, and you can change it in ~/.config/acrarium/application.properties but the above is sufficient.
Now you can see what's going on.
/reports/<UUID> but acrarium doesn't handle that. I can use nginx to remap it though, no problem.
...because it is not report(/.*) or however you would match both
After fixing that with a proxy rewrite in nginx, I got 405 errors in the log
2022-06-13 05:27:16.169 TRACE 3229 --- [nio-8080-exec-7] o.s.web.servlet.DispatcherServlet : PUT "/report", parameters={}, headers={masked} in DispatcherServlet 'dispatcherServlet'
2022-06-13 05:27:16.171 DEBUG 3229 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=qocQeAa1897SdLRN, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null], Granted Authorities=[REPORTER]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@2638df83]
2022-06-13 05:27:16.171 WARN 3229 --- [nio-8080-exec-7] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'PUT' not supported]
2022-06-13 05:27:16.171 TRACE 3229 --- [nio-8080-exec-7] o.s.web.servlet.DispatcherServlet : No view rendering, null ModelAndView returned.
2022-06-13 05:27:16.172 DEBUG 3229 --- [nio-8080-exec-7] o.s.web.servlet.DispatcherServlet : Completed 405 METHOD_NOT_ALLOWED, headers={masked}
what !? Okay, so apparently older ACRA clients can PUT instead of POST...and in fact I check our config and we are set to PUT - I cannot change that in installed clients ๐คฆ - also nginx is touchy about creating redirect loops, and can't override HTTP method in conditionals so here is a working config that just forces PUT to POST and rewrites the report URLs, while proxying the rest with a more normal nginx proxy
location /acra/report {
proxy_pass http://127.0.0.1:8080/report;
rewrite /acra/report/(.*) /acra/report;
proxy_redirect off;
proxy_method POST;
proxy_set_header Authorization "Basic <base64 of user:pass determined by `nc -l 8080` using curl with -u and watching>";
}
location /acra/ {
#rewrite /acra(/.*|$) /$1 break;
proxy_pass http://127.0.0.1:8080/;
}
This issue alone (which is resolved via a working config for me) may be enough to help someone in the future.
I think the security config could maybe be loosened to accept PUT and to accept report/UUID though, that would help without harming anything I think?
This seems like an edge case to me, I'd rather not support it from within the application if it can be solved from outside.
Okay, would you be averse to a doc explaining how to install it this way, and running through the possible issues and how to troubleshoot them (where/how to turn up logging). It can be solved but it's some nginx stuff I don't think most people use. Additionally, there were some very specific java and mysql settings I used in order to shrink memory usage so it fits in the smallest DigitalOcean droplet (cheap hosting, for the win), and how to set it to restart on server reboot
All of that I think would be useful to people that don't want to / cannot do docker, and I'm happy to write it up since I may need it in the future myself
As far as I can tell your nginx config is very specific, I'd keep that just in this issue.
An optimization guide for low resource environments seems more generally applicable, that could go in the wiki
I think it's the "how do I even troubleshoot this thing" that's useful. Knowing where to turn on the logging and how to do so.
Oh - I also noticed a couple minor issues,
- the bug list is showing acra library version (BUILD_CONFIG.VERSION_NAME) for "Version" not APP_VERSION_NAME in many instances - this looks to be a change somehow related to ACRA or to new gradle/android-gradle-plugin I think as the ones that get it right have BUILD_CONFIG.APPLICATION_ID of com.ichi2.anki whereas the ones that get it wrong have BUILD_CONFIG.LIBRARY_PACKAGE_NAME org.acra.dialog
- I cannot seem to load the logo image for acrarium for some reason (it's 404)
- if you delete a bug then reload the page I get a 500 instead of going back to bug list
- it looked in the source code like there was nl, de and en but the language dropdown only shows nl and en
Here you go: https://github.com/F43nd1r/Acrarium/wiki/Acrarium-on-small-servers - edit as you see fit of course
Trying to be helpful, since I may have had some difficulty but in the end I got it all working, and I really appreciate having a very-low-cost ("free" software, cheap hosting) open-source-compliant crash reporting service. Thanks for Acrarium
If I can help on any of the little issues (or if I should log them separately) just let me know. Happy to collaborate and try to make the whole stack better if I can.
Cheers
Thanks for documenting.