CommunitySolidServer: Crash when serving from subpath like example.com/css

Environment

  • Server version: 2.0.1
  • Docker container built from source, latest version

Description

I am working on a Helm chart for deployment of the Community Server on Kubernetes (https://github.com/idlab-gent/css-helm-chart). When I tried to serve css from a subpath instead of from root domain, I ran into issues

I deployed two cases, both use k8s v 1.22 and Traefik as an ingress controller, I have redacted the host domain and replaced it with example.com for the issue.

  1. Works as intended: http://example.com/
  2. Fails: http://example.com/css --> [AppRunner] error: Could not start server: NotFoundHttpError is thrown and the container exits (full logs of this case below)

In both cases, the base url was passed to the container using -b|--base-url.

2022-01-04T14:51:28.644Z [Components.js] info: Initiating component discovery from /community-server/
2022-01-04T14:51:29.160Z [Components.js] info: Discovered 131 component packages within 1333 packages
2022-01-04T14:51:29.162Z [Components.js] info: Initiating component loading
2022-01-04T14:51:31.658Z [Components.js] info: Registered 450 components
2022-01-04T14:51:31.658Z [Components.js] info: Loaded configs
2022-01-04T14:51:33.148Z [SingleThreadedResourceLocker] debug: Acquiring lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.read
2022-01-04T14:51:33.148Z [SingleThreadedResourceLocker] debug: Acquired lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.read. 1 locks active.
2022-01-04T14:51:33.149Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/.internal/locks/aHR0cDovL2Rldm9wcy1wcm94eS5hdGxhbnRpcy51Z2VudC5iZS8uaW50ZXJuYWwvc2V0dXAvY205dmRFbHVhWFJwWVd4cGVtVmsuY291bnQ= is not part of http://example.com/css/
2022-01-04T14:51:33.152Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/.internal/locks/aHR0cDovL2Rldm9wcy1wcm94eS5hdGxhbnRpcy51Z2VudC5iZS8uaW50ZXJuYWwvc2V0dXAvY205dmRFbHVhWFJwWVd4cGVtVmsuY291bnQ= is not part of http://example.com/css/
2022-01-04T14:51:33.152Z [SingleThreadedResourceLocker] debug: Released lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.read. 0 active locks remaining.
2022-01-04T14:51:33.153Z [ContainerInitializer] info: Initializing container http://example.com/css/
2022-01-04T14:51:33.155Z [ExtensionBasedMapper] debug: Container filepath /community-server/templates/root/prefilled maps to URL http://example.com/css/
2022-01-04T14:51:33.156Z [ExtensionBasedMapper] debug: Document /community-server/templates/root/prefilled/.acl maps to URL http://example.com/css/.acl
2022-01-04T14:51:33.158Z [ExtensionBasedMapper] debug: Document /community-server/templates/root/prefilled/.meta maps to URL http://example.com/css/.meta
2022-01-04T14:51:33.158Z [ExtensionBasedMapper] debug: Document /community-server/templates/root/prefilled/index.html maps to URL http://example.com/css/index.html
2022-01-04T14:51:33.165Z [SingleThreadedResourceLocker] debug: Acquiring lock for http://example.com/css/.write
2022-01-04T14:51:33.165Z [SingleThreadedResourceLocker] debug: Acquired lock for http://example.com/css/.write. 1 locks active.
2022-01-04T14:51:33.166Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/ is part of http://example.com/css/
2022-01-04T14:51:33.166Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css is not part of http://example.com/css/
2022-01-04T14:51:33.172Z [SingleThreadedResourceLocker] debug: Released lock for http://example.com/css/.write. 0 active locks remaining.
2022-01-04T14:51:33.173Z [SingleThreadedResourceLocker] debug: Acquiring lock for http://example.com/css/.write
2022-01-04T14:51:33.173Z [SingleThreadedResourceLocker] debug: Acquired lock for http://example.com/css/.write. 1 locks active.
2022-01-04T14:51:33.173Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl is part of http://example.com/css/
2022-01-04T14:51:33.173Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl is part of http://example.com/css/
2022-01-04T14:51:33.174Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl/ is part of http://example.com/css/
2022-01-04T14:51:33.174Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl/ is part of http://example.com/css/
2022-01-04T14:51:33.178Z [IfNeededConverter] debug: Conversion needed for http://example.com/css/.acl from text/turtle to satisfy internal/quads;q=1
2022-01-04T14:51:33.180Z [ChainedConverter] debug: Converting text/turtle -> internal/quads.
2022-01-04T14:51:33.185Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl is part of http://example.com/css/
2022-01-04T14:51:33.186Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/.acl is part of http://example.com/css/
2022-01-04T14:51:33.186Z [SingleThreadedResourceLocker] debug: Released lock for http://example.com/css/.write. 0 active locks remaining.
2022-01-04T14:51:33.186Z [SingleThreadedResourceLocker] debug: Acquiring lock for http://example.com/css/index.html.write
2022-01-04T14:51:33.186Z [SingleThreadedResourceLocker] debug: Acquired lock for http://example.com/css/index.html.write. 1 locks active.
2022-01-04T14:51:33.186Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html is part of http://example.com/css/
2022-01-04T14:51:33.186Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html is part of http://example.com/css/
2022-01-04T14:51:33.187Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html/ is part of http://example.com/css/
2022-01-04T14:51:33.187Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html/ is part of http://example.com/css/
2022-01-04T14:51:33.187Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html is part of http://example.com/css/
2022-01-04T14:51:33.187Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/css/index.html is part of http://example.com/css/
2022-01-04T14:51:33.188Z [SingleThreadedResourceLocker] debug: Released lock for http://example.com/css/index.html.write. 0 active locks remaining.
2022-01-04T14:51:33.188Z [ContainerInitializer] info: Initialized container http://example.com/css/ with 3 resources.
2022-01-04T14:51:33.188Z [SingleThreadedResourceLocker] debug: Acquiring lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.write
2022-01-04T14:51:33.188Z [SingleThreadedResourceLocker] debug: Acquired lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.write. 1 locks active.
2022-01-04T14:51:33.188Z [SingleRootIdentifierStrategy] debug: Identifier http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk is not part of http://example.com/css/
2022-01-04T14:51:33.188Z [SingleThreadedResourceLocker] debug: Released lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.write. 0 active locks remaining.
2022-01-04T14:51:33.189Z [AppRunner] error: Could not start server: NotFoundHttpError

Is this intended behavior perhaps? As I see from the logs in some cases the base url gets parsed to the domain, for instance debug: Acquired lock for http://example.com/.internal/setup/cm9vdEluaXRpYWxpemVk.write. 1 locks active.

I can keep working on the chart using root paths and in-cluster communication for now but serving from sub paths on a public URL will be needed in the future for kubernetes deployments.

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Comments: 42 (42 by maintainers)

Most upvoted comments

Did a small test by adding the following code to the OidcHttpHandler and starting the server with -b http://localhost:3000/css/:

    if (request.url!.includes('.well-known')) {
      request.url = '/.well-known/openid-configuration';
    }

after that (and fixing #1246 which I accidentally discovered this way) I was able to log in using the authentication client which would indicate all problems are solved.

The fields in the openid-configuration all have the correct paths.

Had a look in the OIDC provider source code and the well-known path is hardcoded so I don’t think there’s another way to do this unless there is a way to change the base URL of that router. https://github.com/panva/node-oidc-provider/blob/83896dcfc6bc336e9ad770077b6fd80b155aaefe/lib/helpers/initialize_app.js#L23 https://github.com/panva/node-oidc-provider/blob/83896dcfc6bc336e9ad770077b6fd80b155aaefe/lib/helpers/initialize_app.js#L159

The actual solution would have to use a baseUrl parameter of course this was just a quick hack.

+2
joachimvh on Mar 30, 2022

Makes sense. This is one of the few places that still uses the old way to join paths. All instances of new URL(path, baseUrl) should be replaced with the internal joinUrl(baseUrl, path) function that we have which does not have this issue. That one specifically is already being changed in #1232.

+1
joachimvh on Mar 23, 2022
Read more comments on GitHub
← CommunitySolidServer: Authentication with on-disk config creates locks with too long filename
CommunitySolidServer: Migration from v6 to v7 fails: [AppRunner] {Primary} error: Could not start the server: Unexpected end of JSON input →