Bad request received followed by inability to enable logs

mikedrop · ‎11-29-2018

I am going through the DUO setup process here

Duo Access Gateway for Linux | Duo Security

I came across an issue where upon initial login via https through a web browser, I get a “Bad request received - there is an error in the request to this page”.

From there, I went to enable logs by way of this article and am getting a new error:

ERROR: .FileNotFoundError: [Errno 2] No such file or directory: ‘./access-gateway-1.5.4.yml’

Per the directions in the above linked article, I changed the file name to reflect what the actual version number is. Here is the command I ran that gave the error above:

docker-compose -p access-gateway -f access-gateway-1.5.4.yml logs -f

For references sake, here is the output from the initial setup command that was run to generate the yml file in question

Connecting to dl.duosecurity.com (dl.duosecurity.com)||:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 624 [application/octet-stream]
Saving to: ‘access-gateway-1.5.4.yml’

mikedrop · ‎11-29-2018

So update to this. I had locked down port 80 too much. Opened that up. Also, wrong directory for the log command previously mentioned. Got that squared away.

Now, when going to https::/domain.com/dag I get redirected to /dag/module.php/duosecurity/admin/duo_welcome.php and get a 401 error.

mikedrop · ‎11-29-2018

Attaching log output. Current situation:

I cannot access the gateway admin page to setup the gateway on initial launch
logs tell me to setup an application in the admin console (that I can’t reach)

Attaching to access-gateway
access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/dag-logs-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/logrotate-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:24:02,002 INFO Included extra file “/etc/supervisor/conf.d/nginx-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:24:02,003 INFO Included extra file “/etc/supervisor/conf.d/php-fpm-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:24:02,009 INFO RPC interface ‘supervisor’ initialized
access-gateway | 2018-11-29 14:24:02,009 INFO supervisord started with pid 1
access-gateway | 2018-11-29 14:24:03,012 INFO spawned: ‘nginx’ with pid 8
access-gateway | 2018-11-29 14:24:03,013 INFO spawned: ‘logrotate’ with pid 9
access-gateway | 2018-11-29 14:24:03,015 INFO spawned: ‘php-fpm’ with pid 10
access-gateway | 2018-11-29 14:24:03,016 INFO spawned: ‘dag-logs’ with pid 11
access-gateway | [SSL] Generating one-time use SSL keypair
access-gateway | reading config file /usr/local/etc/logrotate.conf
access-gateway | including /usr/local/etc/logrotate.d
access-gateway | reading config file nginx
access-gateway | reading config file php-fpm
access-gateway | Reading state from file: /tmp/logrotate.status
access-gateway | Allocating hash table for state file, size 64 entries
access-gateway |
access-gateway | Handling 2 logs
access-gateway |
access-gateway | rotating pattern: /data/log/nginx/.log after 1 days (14 rotations)
access-gateway | empty log files are not rotated, old logs are removed
access-gateway | considering log /data/log/nginx/.log
access-gateway | log /data/log/nginx/.log does not exist – skipping
access-gateway | Creating new state
access-gateway | not running postrotate script, since no logs were rotated
access-gateway |
access-gateway | rotating pattern: /data/log/php-fpm/php-fpm.log weekly (12 rotations)
access-gateway | empty log files are not rotated, old logs are removed
access-gateway | considering log /data/log/php-fpm/php-fpm.log
access-gateway | log /data/log/php-fpm/php-fpm.log does not exist – skipping
access-gateway | Creating new state
access-gateway | 2018-11-29 14:24:04,062 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:24:04,062 INFO success: logrotate entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:24:04,062 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:24:04,063 INFO success: dag-logs entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | [SSL] SSL keypair generation successful
access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] Backtrace:
access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:24:53 simplesamlphp ERROR [9f36d566ed] Error report with id 4a26450a generated.
access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] Backtrace:
access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:24:59 simplesamlphp ERROR [9f36d566ed] Error report with id cfe743af generated.
access-gateway | 2018-11-29 14:25:21,607 WARN received SIGTERM indicating exit request
access-gateway | 2018-11-29 14:25:21,608 INFO waiting for nginx, logrotate, php-fpm, dag-logs to die
access-gateway | 2018-11-29 14:25:21,608 INFO stopped: dag-logs (terminated by SIGTERM)
access-gateway | 2018-11-29 14:25:21,611 INFO stopped: php-fpm (exit status 0)
access-gateway | 2018-11-29 14:25:21,613 INFO stopped: logrotate (terminated by SIGTERM)
access-gateway | 2018-11-29 14:25:21,615 INFO stopped: nginx (exit status 0)
access-gateway | 2018-11-29 14:25:50,407 INFO Included extra file “/etc/supervisor/conf.d/dag-logs-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/logrotate-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/nginx-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:25:50,408 INFO Included extra file “/etc/supervisor/conf.d/php-fpm-supervisord.conf” during parsing
access-gateway | 2018-11-29 14:25:50,425 INFO RPC interface ‘supervisor’ initialized
access-gateway | 2018-11-29 14:25:50,426 INFO supervisord started with pid 1
access-gateway | 2018-11-29 14:25:51,429 INFO spawned: ‘nginx’ with pid 8
access-gateway | 2018-11-29 14:25:51,430 INFO spawned: ‘logrotate’ with pid 9
access-gateway | 2018-11-29 14:25:51,432 INFO spawned: ‘php-fpm’ with pid 10
access-gateway | 2018-11-29 14:25:51,437 INFO spawned: ‘dag-logs’ with pid 11
access-gateway | reading config file /usr/local/etc/logrotate.conf
access-gateway | including /usr/local/etc/logrotate.d
access-gateway | reading config file nginx
access-gateway | reading config file php-fpm
access-gateway | Reading state from file: /tmp/logrotate.status
access-gateway | Allocating hash table for state file, size 64 entries
access-gateway | Creating new state
access-gateway | Creating new state
access-gateway |
access-gateway | Handling 2 logs
access-gateway |
access-gateway | rotating pattern: /data/log/nginx/.log after 1 days (14 rotations)
access-gateway | empty log files are not rotated, old logs are removed
access-gateway | considering log /data/log/nginx/access.log
access-gateway | Creating new state
access-gateway | Now: 2018-11-29 14:25
access-gateway | Last rotated at 2018-11-29 14:00
access-gateway | log does not need rotating (log has been already rotated)
access-gateway | considering log /data/log/nginx/error.log
access-gateway | Creating new state
access-gateway | Now: 2018-11-29 14:25
access-gateway | Last rotated at 2018-11-29 14:00
access-gateway | log does not need rotating (log has been already rotated)
access-gateway | not running postrotate script, since no logs were rotated
access-gateway |
access-gateway | rotating pattern: /data/log/php-fpm/php-fpm.log weekly (12 rotations)
access-gateway | empty log files are not rotated, old logs are removed
access-gateway | considering log /data/log/php-fpm/php-fpm.log
access-gateway | Now: 2018-11-29 14:25
access-gateway | Last rotated at 2018-11-29 14:00
access-gateway | log does not need rotating (log has been already rotated)
access-gateway | 2018-11-29 14:25:52,583 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:25:52,583 INFO success: logrotate entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:25:52,583 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | 2018-11-29 14:25:52,583 INFO success: dag-logs entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] Backtrace:
access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:26:10 simplesamlphp ERROR [9f36d566ed] Error report with id 35d81d37 generated.
access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] Backtrace:
access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:26:50 simplesamlphp ERROR [68122ad2e4] Error report with id 0e430499 generated.
access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] Backtrace:
access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:31:06 simplesamlphp ERROR [03506ba266] Error report with id 4d0190cb generated.
access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] Backtrace:
access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 14:32:12 simplesamlphp ERROR [6ba2f94b1a] Error report with id 1725b64e generated.
access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)
access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] Backtrace:
access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] 0 /var/www/html/dag/www/launcher.php:18 (N/A)
access-gateway | Nov 29 15:12:33 simplesamlphp ERROR [e7fae588c6] Error report with id 2f4ae033 generated.

DuoKristina · ‎11-29-2018

Hi @mikedrop,

Does https://URL-OF-ACCESS-GATEWAY:8443 work? The DAG admin console is on port 8443.

Duo, not DUO.

mikedrop · ‎11-29-2018

well that seems entirely too easy. (It did work.)

At some point looking at other posts in the forum and online I started using https://.com/dag which is the cause of the issues. Thank you!

DuoKristina · ‎11-29-2018

Ah, when the DAG is installed on Windows both the admin and user interfaces are on 443, but on Linux they are different. That is probably why seeing other community posts led you to try to admin on 443 (because the other posts were for Windows).

I’m glad you’re working now! Thanks for trying Duo.

Duo, not DUO.

Baseer_Jafri · ‎10-23-2019

Hey there,

I am getting the same issue and I have almost the same logs like yours. I tried https://.com/dag as well but unfortunately couldn’t solve the issue. I am using Linux. Can you please let me know how you fix this issue ?