Bad request received followed by inability to enable logs


#1

I am going through the DUO setup process here

I came across an issue where upon initial login via https through a web browser, I get a “Bad request received - there is an error in the request to this page”.

From there, I went to enable logs by way of this article and am getting a new error:

  • ERROR: .FileNotFoundError: [Errno 2] No such file or directory: ‘./access-gateway-1.5.4.yml’

Per the directions in the above linked article, I changed the file name to reflect what the actual version number is. Here is the command I ran that gave the error above:

  • docker-compose -p access-gateway -f access-gateway-1.5.4.yml logs -f

For references sake, here is the output from the initial setup command that was run to generate the yml file in question

Connecting to dl.duosecurity.com (dl.duosecurity.com)||:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 624 [application/octet-stream]
Saving to: ‘access-gateway-1.5.4.yml’


#2

So update to this. I had locked down port 80 too much. Opened that up. Also, wrong directory for the log command previously mentioned. Got that squared away.

Now, when going to https::/domain.com/dag I get redirected to /dag/module.php/duosecurity/admin/duo_welcome.php and get a 401 error.


#3

Attaching log output. Current situation:

  • I cannot access the gateway admin page to setup the gateway on initial launch

  • logs tell me to setup an application in the admin console (that I can’t reach)

    Attaching to access-gateway
    access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/dag-logs-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/logrotate-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/nginx-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:24:02,003 INFO Included extra file “/etc/supervisor/conf.d/php-fpm-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:24:02,009 INFO RPC interface ‘supervisor’ initialized
    access-gateway | 2018-11-29 14:24:02,009 INFO supervisord started with pid 1
    access-gateway | 2018-11-29 14:24:03,012 INFO spawned: ‘nginx’ with pid 8
    access-gateway | 2018-11-29 14:24:03,013 INFO spawned: ‘logrotate’ with pid 9
    access-gateway | 2018-11-29 14:24:03,015 INFO spawned: ‘php-fpm’ with pid 10
    access-gateway | 2018-11-29 14:24:03,016 INFO spawned: ‘dag-logs’ with pid 11
    access-gateway | [SSL] Generating one-time use SSL keypair
    access-gateway | reading config file /usr/local/etc/logrotate.conf
    access-gateway | including /usr/local/etc/logrotate.d
    access-gateway | reading config file nginx
    access-gateway | reading config file php-fpm
    access-gateway | Reading state from file: /tmp/logrotate.status
    access-gateway | Allocating hash table for state file, size 64 entries
    access-gateway |
    access-gateway | Handling 2 logs
    access-gateway |
    access-gateway | rotating pattern: /data/log/nginx/.log after 1 days (14 rotations)
    access-gateway | empty log files are not rotated, old logs are removed
    access-gateway | considering log /data/log/nginx/
    .log
    access-gateway | log /data/log/nginx/.log does not exist – skipping
    access-gateway | Creating new state
    access-gateway | not running postrotate script, since no logs were rotated
    access-gateway |
    access-gateway | rotating pattern: /data/log/php-fpm/php-fpm.log weekly (12 rotations)
    access-gateway | empty log files are not rotated, old logs are removed
    access-gateway | considering log /data/log/php-fpm/php-fpm.log
    access-gateway | log /data/log/php-fpm/php-fpm.log does not exist – skipping
    access-gateway | Creating new state
    access-gateway | 2018-11-29 14:24:04,062 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:24:04,062 INFO success: logrotate entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:24:04,062 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:24:04,063 INFO success: dag-logs entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | [SSL] SSL keypair generation successful
    access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] Backtrace:
    access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] Error report with id 4a26450a generated.
    access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] Backtrace:
    access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] Error report with id cfe743af generated.
    access-gateway | 2018-11-29 14:25:21,607 WARN received SIGTERM indicating exit request
    access-gateway | 2018-11-29 14:25:21,608 INFO waiting for nginx, logrotate, php-fpm, dag-logs to die
    access-gateway | 2018-11-29 14:25:21,608 INFO stopped: dag-logs (terminated by SIGTERM)
    access-gateway | 2018-11-29 14:25:21,611 INFO stopped: php-fpm (exit status 0)
    access-gateway | 2018-11-29 14:25:21,613 INFO stopped: logrotate (terminated by SIGTERM)
    access-gateway | 2018-11-29 14:25:21,615 INFO stopped: nginx (exit status 0)
    access-gateway | 2018-11-29 14:25:50,407 INFO Included extra file “/etc/supervisor/conf.d/dag-logs-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/logrotate-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/nginx-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/php-fpm-supervisord.conf” during parsing
    access-gateway | 2018-11-29 14:25:50,425 INFO RPC interface ‘supervisor’ initialized
    access-gateway | 2018-11-29 14:25:50,426 INFO supervisord started with pid 1
    access-gateway | 2018-11-29 14:25:51,429 INFO spawned: ‘nginx’ with pid 8
    access-gateway | 2018-11-29 14:25:51,430 INFO spawned: ‘logrotate’ with pid 9
    access-gateway | 2018-11-29 14:25:51,432 INFO spawned: ‘php-fpm’ with pid 10
    access-gateway | 2018-11-29 14:25:51,437 INFO spawned: ‘dag-logs’ with pid 11
    access-gateway | reading config file /usr/local/etc/logrotate.conf
    access-gateway | including /usr/local/etc/logrotate.d
    access-gateway | reading config file nginx
    access-gateway | reading config file php-fpm
    access-gateway | Reading state from file: /tmp/logrotate.status
    access-gateway | Allocating hash table for state file, size 64 entries
    access-gateway | Creating new state
    access-gateway | Creating new state
    access-gateway |
    access-gateway | Handling 2 logs
    access-gateway |
    access-gateway | rotating pattern: /data/log/nginx/
    .log after 1 days (14 rotations)
    access-gateway | empty log files are not rotated, old logs are removed
    access-gateway | considering log /data/log/nginx/access.log
    access-gateway | Creating new state
    access-gateway | Now: 2018-11-29 14:25
    access-gateway | Last rotated at 2018-11-29 14:00
    access-gateway | log does not need rotating (log has been already rotated)
    access-gateway | considering log /data/log/nginx/error.log
    access-gateway | Creating new state
    access-gateway | Now: 2018-11-29 14:25
    access-gateway | Last rotated at 2018-11-29 14:00
    access-gateway | log does not need rotating (log has been already rotated)
    access-gateway | not running postrotate script, since no logs were rotated
    access-gateway |
    access-gateway | rotating pattern: /data/log/php-fpm/php-fpm.log weekly (12 rotations)
    access-gateway | empty log files are not rotated, old logs are removed
    access-gateway | considering log /data/log/php-fpm/php-fpm.log
    access-gateway | Now: 2018-11-29 14:25
    access-gateway | Last rotated at 2018-11-29 14:00
    access-gateway | log does not need rotating (log has been already rotated)
    access-gateway | 2018-11-29 14:25:52,583 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:25:52,583 INFO success: logrotate entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:25:52,583 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | 2018-11-29 14:25:52,583 INFO success: dag-logs entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
    access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] Backtrace:
    access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] Error report with id 35d81d37 generated.
    access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] Backtrace:
    access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] Error report with id 0e430499 generated.
    access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] Backtrace:
    access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] Error report with id 4d0190cb generated.
    access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] Backtrace:
    access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] Error report with id 1725b64e generated.
    access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
    access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] Backtrace:
    access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
    access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] Error report with id 2f4ae033 generated.


#4

Hi @mikedrop,

Does https://URL-OF-ACCESS-GATEWAY:8443 work? The DAG admin console is on port 8443.


#5

well that seems entirely too easy. (It did work.)

At some point looking at other posts in the forum and online I started using https://.com/dag which is the cause of the issues. Thank you!


#6

Ah, when the DAG is installed on Windows both the admin and user interfaces are on 443, but on Linux they are different. That is probably why seeing other community posts led you to try to admin on 443 (because the other posts were for Windows).

I’m glad you’re working now! Thanks for trying Duo.