Docker error on start: Error fetching openid configuration 500 Internal Server Error #1790
Description
I am currently trying to set up NSS with docker compose. However, whenever I launch the container, I end up with 500 Internal Server Error. Whenever I visit the server through my browser, I also get 500 Internal Server Error. I am not sure what causes the error.
This is my current docker compose:
version: "3.9"
services:
node-solid-server:
image: nodesolidserver/node-solid-server:latest
container_name: node-solid-server
environment:
- SOLID_MULTIUSER=true
#- SOLID_NO_REJECT_UNAUTHORIZED
- SOLID_WEBID=true
- SOLID_USE_EMAIL=true
- SOLID_EMAIL_HOST=menkent.uberspace.de
- SOLID_EMAIL_PORT=587
- [email protected]
- SOLID_EMAIL_AUTH_PASS=REDACTED
- SOLID_SERVER_NAME="Solid test Server"
- SOLID_SERVER_DESCRIPTION="A test Solid server"
- [email protected]
- SOLID_SERVER_URI=https://solid.aresthedevil.com
- SOLID_SSL_KEY=/opt/solid/certs/key.pem
- SOLID_SSL_CERT=/opt/solid/certs/fullchain.pem
#- NODE_TLS_REJECT_UNAUTHORIZED=0
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.docker.network=proxynet"
- "traefik.http.routers.solid.rule=Host(`solid.aresthedevil.com`)"
- "traefik.http.routers.solid.tls.domains[0].main=solid.aresthedevil.com"
- "traefik.http.routers.solid.tls.domains[0].sans=*.solid.aresthedevil.com"
- "traefik.http.services.solid.loadbalancer.server.port=8443"
- "traefik.http.routers.solid.entrypoints=websecure"
- "traefik.http.routers.solid.tls.certresolver=mydnsresolver"
- "traefik.http.services.solid.loadbalancer.server.scheme=https"
- "traefik.http.routers.solid.tls=true"
restart: always
ports:
- 8443:8443
expose:
- 8443
networks:
- proxynet
volumes:
- /home/dockeruser/docker/configs/solid-node-server/data:/opt/solid/data
- /home/dockeruser/docker/configs/solid-node-server/.db:/opt/solid/.db
- /home/dockeruser/docker/configs/solid-node-server/config:/opt/solid/config
- /home/dockeruser/docker/configs/traefik/certs/solid.aresthedevil.com/:/opt/solid/certs/
#- /home/dockeruser/docker/configs/reverse-proxy/certs/solid.aresthedevil.com/:/opt/solid/certs/
networks:
proxynet:
external: true
This is the log when I start it with docker:
node-solid-server | 2024-07-22T11:23:16.760105699Z checking preconditions...
node-solid-server | 2024-07-22T11:23:16.760677437Z ✓ /opt/solid/config is accessible by node
node-solid-server | 2024-07-22T11:23:16.761114832Z ✓ /opt/solid/data is accessible by node
node-solid-server | 2024-07-22T11:23:16.761555882Z ✓ /opt/solid/.db is accessible by node
node-solid-server | 2024-07-22T11:23:16.762056802Z ✓ /opt/solid/certs/key.pem is accessible by node
node-solid-server | 2024-07-22T11:23:16.762533923Z ✓ /opt/solid/certs/fullchain.pem is accessible by node
node-solid-server | 2024-07-22T11:23:16.762570027Z Finished: SUCCESS
node-solid-server | 2024-07-22T11:23:17.462385025Z TIP create a config.json: `$ solid init`
node-solid-server | 2024-07-22T11:23:17.705589455Z 2024-07-22T11:23:17.705Z solid:settings Server URI: https://solid.aresthedevil.com
node-solid-server | 2024-07-22T11:23:17.705639714Z 2024-07-22T11:23:17.705Z solid:settings Auth method: oidc
node-solid-server | 2024-07-22T11:23:17.705652562Z 2024-07-22T11:23:17.705Z solid:settings Strict origins: true
node-solid-server | 2024-07-22T11:23:17.705657300Z 2024-07-22T11:23:17.705Z solid:settings Allowed origins:
node-solid-server | 2024-07-22T11:23:17.705670992Z 2024-07-22T11:23:17.705Z solid:settings Db path: ./.db
node-solid-server | 2024-07-22T11:23:17.705736454Z 2024-07-22T11:23:17.705Z solid:settings Config path: ./config
node-solid-server | 2024-07-22T11:23:17.705742871Z 2024-07-22T11:23:17.705Z solid:settings Suffix Acl: undefined
node-solid-server | 2024-07-22T11:23:17.705745490Z 2024-07-22T11:23:17.705Z solid:settings Suffix Meta: undefined
node-solid-server | 2024-07-22T11:23:17.705941079Z 2024-07-22T11:23:17.705Z solid:settings Allow WebID authentication: true
node-solid-server | 2024-07-22T11:23:17.706061162Z 2024-07-22T11:23:17.705Z solid:settings Live-updates: true
node-solid-server | 2024-07-22T11:23:17.706069921Z 2024-07-22T11:23:17.706Z solid:settings Multi-user: true
node-solid-server | 2024-07-22T11:23:17.706080421Z 2024-07-22T11:23:17.706Z solid:settings Suppress default data browser app: undefined
node-solid-server | 2024-07-22T11:23:17.706101655Z 2024-07-22T11:23:17.706Z solid:settings Default data browser app file path: default
node-solid-server | 2024-07-22T11:23:17.718423426Z 2024-07-22T11:23:17.718Z solid:settings Base URL (--mount): /
node-solid-server | 2024-07-22T11:23:17.718434348Z 2024-07-22T11:23:17.718Z solid:settings SSL Private Key path: /opt/solid/certs/key.pem
node-solid-server | 2024-07-22T11:23:17.718437150Z 2024-07-22T11:23:17.718Z solid:settings SSL Certificate path: /opt/solid/certs/fullchain.pem
node-solid-server | 2024-07-22T11:23:17.730810769Z Solid server (5.7.10) running on https://localhost:8443/
node-solid-server | 2024-07-22T11:23:17.730872615Z Press <ctrl>+c to stop
node-solid-server | 2024-07-22T11:23:17.732107114Z 2024-07-22T11:23:17.732Z solid:authentication Provider keys loaded from config
node-solid-server | 2024-07-22T11:23:17.749048488Z 2024-07-22T11:23:17.748Z solid:authentication Provider keychain initialized
node-solid-server | 2024-07-22T11:23:17.749851456Z 2024-07-22T11:23:17.749Z solid:authentication Not sleeping before client registration...
node-solid-server | 2024-07-22T11:23:17.750809834Z 2024-07-22T11:23:17.750Z solid:authentication Client not present for issuer https://solid.aresthedevil.com, initializing new client
node-solid-server | 2024-07-22T11:23:17.751049297Z 2024-07-22T11:23:17.750Z solid:authentication Registering new client for issuer https://solid.aresthedevil.com
node-solid-server | 2024-07-22T11:23:17.823651019Z 2024-07-22T11:23:17.821Z solid:authentication Error registering a new client: Error: Error fetching openid configuration: 500 Internal Server Error
node-solid-server | 2024-07-22T11:23:17.823674325Z at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server | 2024-07-22T11:23:17.823677535Z at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server | 2024-07-22T11:23:17.823680177Z response: Response {
node-solid-server | 2024-07-22T11:23:17.823682638Z size: 0,
node-solid-server | 2024-07-22T11:23:17.823685135Z timeout: 0,
node-solid-server | 2024-07-22T11:23:17.823687897Z [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server | 2024-07-22T11:23:17.823690509Z [Symbol(Response internals)]: {
node-solid-server | 2024-07-22T11:23:17.823692955Z url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server | 2024-07-22T11:23:17.823704627Z status: 500,
node-solid-server | 2024-07-22T11:23:17.823708010Z statusText: 'Internal Server Error',
node-solid-server | 2024-07-22T11:23:17.823711552Z headers: [Headers],
node-solid-server | 2024-07-22T11:23:17.823715132Z counter: 0
node-solid-server | 2024-07-22T11:23:17.823719121Z }
node-solid-server | 2024-07-22T11:23:17.823721346Z },
node-solid-server | 2024-07-22T11:23:17.823723509Z statusCode: 500
node-solid-server | 2024-07-22T11:23:17.823725719Z }
node-solid-server | 2024-07-22T11:23:17.823942368Z 2024-07-22T11:23:17.823Z solid:authentication Error initializing local RP client: Error: Error fetching openid configuration: 500 Internal Server Error
node-solid-server | 2024-07-22T11:23:17.823952270Z at /usr/local/lib/node_modules/solid-server/node_modules/@solid/oidc-rp/src/onHttpError.js:32:17
node-solid-server | 2024-07-22T11:23:17.823955437Z at processTicksAndRejections (node:internal/process/task_queues:96:5) {
node-solid-server | 2024-07-22T11:23:17.823958017Z response: Response {
node-solid-server | 2024-07-22T11:23:17.823960428Z size: 0,
node-solid-server | 2024-07-22T11:23:17.823962801Z timeout: 0,
node-solid-server | 2024-07-22T11:23:17.823965217Z [Symbol(Body internals)]: { body: [PassThrough], disturbed: false, error: null },
node-solid-server | 2024-07-22T11:23:17.823967806Z [Symbol(Response internals)]: {
node-solid-server | 2024-07-22T11:23:17.823970335Z url: 'https://solid.aresthedevil.com/.well-known/openid-configuration',
node-solid-server | 2024-07-22T11:23:17.823972830Z status: 500,
node-solid-server | 2024-07-22T11:23:17.823975224Z statusText: 'Internal Server Error',
node-solid-server | 2024-07-22T11:23:17.823977650Z headers: [Headers],
node-solid-server | 2024-07-22T11:23:17.823989140Z counter: 0
node-solid-server | 2024-07-22T11:23:17.823998272Z }
node-solid-server | 2024-07-22T11:23:17.824000672Z },
node-solid-server | 2024-07-22T11:23:17.824002872Z statusCode: 500
node-solid-server | 2024-07-22T11:23:17.824005134Z }
When I try wget https://solid.aresthedevil.com/.well-known/openid-configuration I ended up with:
--2024-07-22 12:55:56-- https://solid.aresthedevil.com/.well-known/openid-configuration
Resolving solid.aresthedevil.com (solid.aresthedevil.com)... 84.130.233.142
Connecting to solid.aresthedevil.com (solid.aresthedevil.com)|84.130.233.142|:443... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2024-07-22 12:55:57 ERROR 500: Internal Server Error.
When I enter the container while running docker exec -it node-solid-server sh and I run wget --no-check-certificate https://localhost:8443/.well-known/openid-configuration , I end up with:
Connecting to localhost:8443 ([::1]:8443)
saving to 'openid-configuration'
openid-configuration 100% |***************************************************************************************************************************************************************************************| 1294 0:00:00 ETA
'openid-configuration' saved
That file contains:
{"issuer":"https://solid.aresthedevil.com","jwks_uri":"https://solid.aresthedevil.com/jwks","scopes_supported":["openid","offline_access"],"response_types_supported":["code","code token","code id_token","id_token code","id_token","id_token token","code id_token token","none"],"token_types_supported":["legacyPop","dpop"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":[],"claims_parameter_supported":false,"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_request_uri_registration":false,"check_session_iframe":"https://solid.aresthedevil.com/session","end_session_endpoint":"https://solid.aresthedevil.com/logout","authorization_endpoint":"https://solid.aresthedevil.com/authorize","token_endpoint":"https://solid.aresthedevil.com/token","userinfo_endpoint":"https://solid.aresthedevil.com/userinfo","registration_endpoint":"https://solid.aresthedevil.com/register"}
Looking for existing issues related to fetching openid configuration, I found some issues discussing 502 error and not 500. It seemed that in that situation, there was/is an error with the SSL certificate. If I run the docker server with - SOLID_NO_REJECT_UNAUTHORIZED and - NODE_TLS_REJECT_UNAUTHORIZED=0 I still get the error. However, my certificate seems fine, see the attached screenshot: 
This is the content of the config folder on my base system:
dockeruser@Station:~/docker/node-solid-server$ tree -a /home/dockeruser/docker/configs/solid-node-server/
/home/dockeruser/docker/configs/solid-node-server/
├── config
│ ├── templates
│ │ ├── emails
│ │ │ ├── delete-account.js
│ │ │ ├── invalid-username.js
│ │ │ ├── reset-password.js
│ │ │ └── welcome.js
│ │ ├── new-account
│ │ │ ├── .acl
│ │ │ ├── favicon.ico
│ │ │ ├── favicon.ico.acl
│ │ │ ├── inbox
│ │ │ │ └── .acl
│ │ │ ├── .meta
│ │ │ ├── .meta.acl
│ │ │ ├── private
│ │ │ │ └── .acl
│ │ │ ├── profile
│ │ │ │ ├── .acl
│ │ │ │ └── card$.ttl
│ │ │ ├── public
│ │ │ │ └── .acl
│ │ │ ├── robots.txt
│ │ │ ├── robots.txt.acl
│ │ │ ├── settings
│ │ │ │ ├── .acl
│ │ │ │ ├── prefs.ttl
│ │ │ │ ├── privateTypeIndex.ttl
│ │ │ │ ├── publicTypeIndex.ttl
│ │ │ │ ├── publicTypeIndex.ttl.acl
│ │ │ │ ├── serverSide.ttl.acl
│ │ │ │ └── serverSide.ttl.inactive
│ │ │ └── .well-known
│ │ │ └── .acl
│ │ └── server
│ │ ├── .acl
│ │ ├── favicon.ico
│ │ ├── favicon.ico.acl
│ │ ├── index.html
│ │ ├── robots.txt
│ │ ├── robots.txt.acl
│ │ └── .well-known
│ │ └── .acl
│ └── views
│ ├── account
│ │ ├── account-deleted.hbs
│ │ ├── delete-confirm.hbs
│ │ ├── delete.hbs
│ │ ├── delete-link-sent.hbs
│ │ ├── invalid-username.hbs
│ │ ├── register-disabled.hbs
│ │ ├── register-form.hbs
│ │ └── register.hbs
│ ├── auth
│ │ ├── auth-hidden-fields.hbs
│ │ ├── change-password.hbs
│ │ ├── goodbye.hbs
│ │ ├── login.hbs
│ │ ├── login-required.hbs
│ │ ├── login-tls.hbs
│ │ ├── login-username-password.hbs
│ │ ├── no-permission.hbs
│ │ ├── password-changed.hbs
│ │ ├── reset-link-sent.hbs
│ │ ├── reset-password.hbs
│ │ └── sharing.hbs
│ └── shared
│ ├── create-account.hbs
│ └── error.hbs
├── data
│ └── solid.aresthedevil.com
│ ├── .acl
│ ├── favicon.ico
│ ├── favicon.ico.acl
│ ├── index.html
│ ├── robots.txt
│ ├── robots.txt.acl
│ └── .well-known
│ └── .acl
└── .db
└── oidc
├── op
│ ├── clients
│ ├── codes
│ ├── provider.json
│ ├── refresh
│ └── tokens
├── rp
│ └── clients
└── users
├── users
└── users-by-email
31 directories, 61 files