could not update site: Error: Request failed with status code 400, when disabling Automatic SSL (ACME)

[FarisZR]

hello, first of all thanks for awesome project!

i have deployed meli on meli.domain.com(couldn't get sub directory to work, is it supported?) and i want the site to be at domain.com

both domain.com and meli.domain.com are set to reverse proxy for 127.0.0.1:9999
however when adding domain.com to meli org it shows:
Could not update site: Error: Request failed with status code 400

and when visiting domain.com apache2 shows : Requested URL not served on this server

this is not mentioned in the docs, and i don't want the site to be a subdomain

[pimartin]

At first glance, I'm guessing that Meli being deployed on a subdomain of the domain you're trying to add to a site is causing an issue in the Caddy configuration we generate. Up to now, we've always expected sites to be on different domains for security. I'll try to reproduce and see if we can find a fix.

Just in case: Make sure the "Expose branches" option is disabled for the domain in Meli, as this could definitely cause problems.

I confirm that sub directories for Meli are currently not supported.

[FarisZR]

At first glance, I'm guessing that Meli being deployed on a subdomain of the domain you're trying to add to a site is causing an issue in the Caddy configuration we generate. Up to now, we've always expected sites to be on different domains for security. I'll try to reproduce and see if we can find a fix.

Just in case: Make sure the "Expose branches" option is disabled for the domain in Meli, as this could definitely cause problems.

I confirm that sub directories for Meli are currently not supported.

disabling Automatic SSL (ACME) was the issue
i have my own ssl cert so i disabled it since i don't need it
and left the PEM/rsa keys empty since webmin handles my ssl certificates

however enabling it, fixed the issue, now it shows not found which is probably because the site currently has nothing in it.

[gempain]

@fareszr thanks for the kind words ! Just curious, could you try to reproduce the 400 and inspect the response from the server ? I'd be curious to see what you're getting. Chrom inspect should be enough, just the JSON response would help already. Also, if you can enable debug logs in Meli with DEBUG=meli*, reproduce the call and check the logs server side, that'd be great.

[FarisZR]

@fareszr thanks for the kind words ! Just curious, could you try to reproduce the 400 and inspect the response from the server ? I'd be curious to see what you're getting. Chrom inspect should be enough, just the JSON response would help already. Also, if you can enable debug logs in Meli with DEBUG=meli*, reproduce the call and check the logs server side, that'd be great.

can you clarify a bit?
how can i enable DEBUG=meli? is it in the environment section in docker compose ?
also the http response code is 523

[gempain]

The 523 is normal, it's returned (by Caddy) when you are trying to get a URL which is not served by Caddy. This happens when you've recently created a site manually in the UI and haven't chose a main branch yet.

What I'm trying to debug is the Could not update site: Error: Request failed with status code 400 which you mentioned in your first post. I'd like to get client side logs and server side logs. For client side logs, all I need is the JSON response returned by the server (you can view this by inspecting the page in Chrome). For the server logs, you'll need to enable debug in Meli. In your docker-compose.yml, set DEBUG: meli* in the environment variables of your meli service.

If you can reproduce the error (perhaps on a new site in Meli, to avoid disturbing your current setup) and post the logs here, it would be really helpful. Make sure to remove sensitive info like your domain if you don't want it visible here.

[FarisZR]

The 523 is normal, it's returned (by Caddy) when you are trying to get a URL which is not served by Caddy. This happens when you've recently created a site manually in the UI and haven't chose a main branch yet.

What I'm trying to debug is the Could not update site: Error: Request failed with status code 400 which you mentioned in your first post. I'd like to get client side logs and server side logs. For client side logs, all I need is the JSON response returned by the server (you can view this by inspecting the page in Chrome). For the server logs, you'll need to enable debug in Meli. In your docker-compose.yml, set DEBUG: meli* in the environment variables of your meli service.

If you can reproduce the error (perhaps on a new site in Meli, to avoid disturbing your current setup) and post the logs here, it would be really helpful. Make sure to remove sensitive info like your domain if you don't want it visible here.

got it!

note: things between `` have been replaced with placeholders

server logs

meli_1   | 2021-01-25T12:18:01.475Z meli.api:authorizeReq found token in request eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NjczOTU2My1mNWM4LTQwZmEtYjlkYy0yZDU1OGU2NzhkZDgiLCJpc3N1ZWRBdCI6MTYxMTU3NzAwMzk4OSwiaWF0IjoxNjExNTc3MDAzfQ.d3bSeeeAZ3foC_TIUm9ZUey5pqMAfEis-xpMZ8OXLls
meli_1   | 2021-01-25T12:18:01.479Z meli.api:authorizeReq setting req.user with {
meli_1   |   _id: '86739563-f5c8-40fa-b9dc-2d558e678dd8',
meli_1   |   createdAt: 2021-01-25T12:16:43.974Z,
meli_1   |   updatedAt: 2021-01-25T12:16:43.974Z,
meli_1   |   name: 'fareszr',
meli_1   |   email: 'me@domain.com',
meli_1   |   authProvider: 'gitea',
meli_1   |   externalUserId: 1,
meli_1   |   hooks: []
meli_1   | }
meli_1   | 2021-01-25T12:18:01.479Z meli.api:authorizeApiReq req.user already defined, skipping api authorization
meli_1   | 2021-01-25T12:18:01.506Z meli.api:handleError Error: Invalid body
meli_1   |     at /app/src/commons/express-joi/body.ts:17:14
meli_1   |     at processTicksAndRejections (internal/process/task_queues.js:97:5)
meli_1   | 2021-01-25T12:18:01.506Z meli.api:handleError {
meli_1   |   statusCode: 400,
meli_1   |   path: '/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822',
meli_1   |   message: 'Invalid body',
meli_1   |   error: [
meli_1   |     {
meli_1   |       message: '"domains[0].sslConfiguration" does not match any of the allowed types',
meli_1   |       path: [Array],
meli_1   |       type: 'alternatives.match',
meli_1   |       context: [Object]
meli_1   |     }
meli_1   |   ]
meli_1   | }
meli_1   | {"level":"debug","ts":1611577081.515629,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:3001","request":{"remote_addr":"192.168.80.1:52654","proto":"HTTP/1.1","method":"PUT","host":"meli.domain.com","uri":"/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822","headers":{"Accept":["application/json, text/plain, */*"],"Referer":["https://meli.domain.com/sites/4af349cf-f06c-4b78-b4a4-0343b719c822/settings"],"X-Forwarded-Server":["meli.domain.com"],"Sec-Fetch-Mode":["cors"],"Accept-Language":["en-US,en;q=0.9"],"Origin":["https://meli.domain.com"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["auth=``cookie auth``"],"X-Forwarded-For":["``external ip``, 192.168.80.1"],"Content-Length":["169"],"X-Forwarded-Proto":["http"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36"],"X-Forwarded-Host":["meli.domain.com"],"Content-Type":["application/json;charset=UTF-8"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["empty"]}},"duration":0.044404477,"headers":{"X-Ratelimit-Remaining":["93"],"X-Ratelimit-Reset":["1611577098"],"X-Frame-Options":["SAMEORIGIN"],"Content-Type":["application/json; charset=utf-8"],"Etag":["W/\"401-BkGFeoagCH8iDELawhaF5CqBuK0\""],"Content-Encoding":["gzip"],"Date":["Mon, 25 Jan 2021 12:18:01 GMT"],"Vary":["Origin, Accept-Encoding"],"Keep-Alive":["timeout=5"],"X-Ratelimit-Limit":["100"],"Expect-Ct":["max-age=0"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Xss-Protection":["0"],"Access-Control-Allow-Credentials":["true"],"Connection":["keep-alive"],"Content-Security-Policy":["default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests"],"X-Dns-Prefetch-Control":["off"],"X-Download-Options":["noopen"],"X-Content-Type-Options":["nosniff"],"Referrer-Policy":["no-referrer"],"Access-Control-Allow-Origin":["https://meli.domain.com"]},"status":400}
meli_1   | PUT /api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822 400 - - 39.933 ms

client

statusCode: 400, path: "/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822", message: "Invalid body",…}
error: [{message: ""domains[0].sslConfiguration" does not match any of the allowed types",…}]
message: "Invalid body"
path: "/api/v1/sites/4af349cf-f06c-4b78-b4a4-0343b719c822"
statusCode: 400

[gempain]

That's awesome, thanks so much ! Very helpful 😄

[FarisZR]

That's awesome, thanks so much ! Very helpful smile

no problem! , and again thanks for the awesome project!

[gempain]

This was released on beta. I'm closing, but feel free to comment and we'll reopen if needed.