500 INTERNAL_ERROR Emqx Authentication

Hi,

I get this error after adding some webhook HTTP to our app.

I install the Emqx on Ubuntu 20.04, any step that i missed ?

please help.

Hi, this error should be about Authentication using HTTP Server, not WebHook. The log content should refer to your TLS configuration error. Could you provide your configuration content and EMQX version conveniently?

Thanks for your reply,

I’m new to installing EMQX on my server and there are no special configurations.
I’m using EMQX v 5.0.17.

Should I re-installing the EMQX?

Could you provide the contents of these two files, etc/emqx.conf and data/configs/cluster-override.conf?

here is the etc/emqx.conf and I cannot find the data/configs/cluster-override.conf file

  
node {
  name = "emqx@127.0.0.1"
  cookie = "emqxsecretcookie"
  data_dir = "/var/lib/emqx"
}

log {
  file_handlers.default {
    level = warning
    file = "/var/log/emqx/emqx.log"
  }
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}


listeners.tcp.default {
  bind = "0.0.0.0:1883"
  max_connections = 1024000
}

listeners.ssl.default {
  bind = "0.0.0.0:8883"
  max_connections = 512000
  ssl_options {
    keyfile = "/etc/emqx/certs/key.pem"
    certfile = "/etc/emqx/certs/cert.pem"
    cacertfile = "/etc/emqx/certs/cacert.pem"
  }
}

listeners.ws.default {
  bind = "0.0.0.0:8083"
  max_connections = 1024000
  websocket.mqtt_path = "/mqtt"
}

listeners.wss.default {
  bind = "0.0.0.0:8084"
  max_connections = 512000
  websocket.mqtt_path = "/mqtt"
  ssl_options {
    keyfile = "/etc/emqx/certs/key.pem"
    certfile = "/etc/emqx/certs/cert.pem"
    cacertfile = "/etc/emqx/certs/cacert.pem"
  }
}

# listeners.quic.default {
#  enabled = true
#  bind = "0.0.0.0:14567"
#  max_connections = 1024000
#  keyfile = "/etc/emqx/certs/key.pem"
#  certfile = "/etc/emqx/certs/cert.pem"
#}

dashboard {
    listeners.http {
        bind = 18083
    }
    default_username = "admin"
    default_password = "public"
}

authorization {
  deny_action = ignore
  no_match = allow
  cache = { enable = true }
  sources =  [
    {
      type = file
      enable = true
      # This file is immutable to EMQX.
      # Once new rules are created from dashboard UI or HTTP API,
      # the file 'data/authz/acl.conf' is used instead of this one
      path = "/etc/emqx/acl.conf"
    }
  ]
}

This is really a strange error.

Can you please confirm at what step the error you mentioned first appears?

And can you confirm whether the EMQX instance you are operating is the one you think? I think you may be accessing other EMQX instances

If I check the log in /var/log/emqx/emqx.log.1

The log: That was like the EMQX trying to get the cert file, but not found.

if I’m not mistaken, I used to fill out the form Authentication and check TLS support and I didn’t fill in the fields, then I go back to the list Authentication and showed the error.
The form doesn’t have a validation if the TLS was filled or not.

If you are accessing the same instance, when you encounter that error in the Dashboard, the error log will also be output in the log file. So it looks like you’re accessing different instances.

And this log is a bug, it will be fixed in recent versions.

How about this, here is the latest log when I access the authentication page:

2023-03-01T06:11:38.033632+00:00 [warning] mfa: minirest_handler:apply_callback/3, line: 116, exception: throw, path: /authentication, reason: #{kind => validation_error,reason => integrity_validation_failure,result => false,schema_module => emqx_authn_http,validation_name => check_ssl_opts}, stacktrace: [{emqx_authn,do_check_config_maybe_throw,3,[{file,"emqx_authn.erl"},{line,82}]},{emqx_authn,check_config,2,[{file,"emqx_authn.erl"},{line,45}]},{lists,map,2,[{file,"lists.erl"},{line,1243}]},{emqx_authn_api,get_raw_config_with_defaults,1,[{file,"emqx_authn_api.erl"},{line,1119}]},{emqx_authn_api,list_authenticators,1,[{file,"emqx_authn_api.erl"},{line,832}]},{minirest_handler,apply_callback,3,[{file,"minirest_handler.erl"},{line,111}]},{minirest_handler,handle,2,[{file,"minirest_handler.erl"},{line,44}]},{minirest_handler,init,2,[{file,"minirest_handler.erl"},{line,27}]},{cowboy_handler,execute,2,[{file,"cowboy_handler.erl"},{line,41}]},{cowboy_stream_h,execute,3,[{file,"cowboy_stream_h.erl"},{line,318}]},{cowboy_stream_h,request_process,3,[{file,"cowboy_stream_h.erl"},{line,302}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]

Can you provide a screenshot of the authentication page? As mentioned earlier, this error should only appear if you have configured authentication.

But you did not find the data/configs/cluster-override.conf file. Another question, did you not find the cluster-override.conf file in the data/configs directory, or simply did not find data/configs Directory?

If it is the latter, you can read this document first: Files and directories

Here the screenshoot

Ahh sorry my bad, i find that files in

/var/lib/emqx/configs

Here the result inside cluster-override.conf

authentication = [
  {
    backend = "http"
    body {password = "${password}", username = "${username}"}
    connect_timeout = "5s"
    enable_pipelining = 100
    headers {"content-type" = "application/json"}
    mechanism = "password_based"
    method = "post"
    pool_size = 8
    request_timeout = "5s"
    ssl {enable = false, verify = "verify_peer"}
    url = "https://bfd3-180-252-173-9.ap.ngrok.io/mq/auth"
  },
  {
    backend = "built_in_database"
    mechanism = "password_based"
    password_hash_algorithm {name = "sha256", salt_position = "suffix"}
    user_id_type = "username"
  }
]
log {
  console_handler {
    burst_limit {
      enable = true
      max_count = 10000
      window_time = "1s"
    }
    chars_limit = "unlimited"
    drop_mode_qlen = 3000
    enable = true
    flush_qlen = 8000
    formatter = "text"
    level = "warning"
    max_depth = 100
    overload_kill {
      enable = true
      mem_size = "30MB"
      qlen = 20000
      restart_after = "5s"
    }
    single_line = true
    supervisor_reports = "error"
    sync_mode_qlen = 100
    time_offset = "system"
  }
  file_handlers {
    default {
      burst_limit {
        enable = true
        max_count = 10000
        window_time = "1s"
      }
      chars_limit = "unlimited"
      drop_mode_qlen = 3000
      enable = true
      file = "/var/log/emqx/emqx.log"
      flush_qlen = 8000
      formatter = "text"
      level = "warning"
      max_depth = 100
      max_size = "50MB"
      overload_kill {
        enable = true
        mem_size = "30MB"
        qlen = 20000
        restart_after = "5s"
      }
      rotation {count = 10, enable = true}
      single_line = true
      supervisor_reports = "error"
      sync_mode_qlen = 100
      time_offset = "system"
    }
  }
}

Hello, it should be because your URL prefix is https://, but you have disabled SSL

ssl {enable = false}

You can change it to:

ssl {enable = true, verify = "verify_peer"}
url = "https://bfd3-180-252-173-9.ap.ngrok.io/mq/auth"

At the same time you also need to provide the correct SSL configuration, such as cacertfile

or

ssl {enable = false, verify = "verify_peer"}
url = "http://bfd3-180-252-173-9.ap.ngrok.io/mq/auth"

There is indeed a problem with the readability of the error report here, and I have already reported it to the R&D team.

In addition, if the authentication here is not what you need, you can also directly delete the authentication part of the configuration.

Thanks for the reply.

I change ssl {enable = false} to true

and restart the EMQX,
Now the authentication page is working.

Thanks.