Notify_push with an external mariadb instance and ssl connection

ebiagi · April 15, 2021, 9:58am

Nextcloud version (eg, 20.0.5): 21.0.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.46
PHP version (eg, 7.4): 7.4

The issue you are facing: cannot start the notify_push systemd unit

Is this the first time you’ve seen this error? (Y/N):Y

Hello, I’m facing some problems trying to connect the notify_push app to the mariadb instance which is on another machine in another subnet.

The connection between the nextcloud server and the nextcloud db is encrypted and it’s working fine since a year and a half, here’s my config.php snippet:

 'dbname' => 'nextcloud',
  'dbhost' => 'tsrv01:3306',
  'dbdriveroptions' =>
  array (
    1007 => '/etc/mysql/ssl/client-key.pem',
    1008 => '/etc/mysql/ssl/client-cert.pem',
    1009 => '/etc/mysql/ssl/ca_cert.pem',
    1014 => 'false',
  ),
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'PASSWORD',

Here’s the output of the systemctl status notify_push command :

   notify_push.service - Push daemon for Nextcloud clients
       Loaded: loaded (/lib/systemd/system/notify_push.service; enabled; vendor preset: enabled)
       Active: failed (Result: exit-code) since Thu 2021-04-15 11:32:10 CEST; 9min ago
      Process: 38548 ExecStart=/var/www/html/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/html/nextcloud/config/config.php (code=exited, status=1/FAILURE)
     Main PID: 38548 (code=exited, status=1/FAILURE)

    apr 15 11:32:10 dsrv01 notify_push[38548]:    0: Failed to connect to Nextcloud database
    apr 15 11:32:10 dsrv01 notify_push[38548]:    1: error communicating with the server: invalid certificate: BadDER
    apr 15 11:32:10 dsrv01 notify_push[38548]:    2: invalid certificate: BadDER
    apr 15 11:32:10 dsrv01 notify_push[38548]: Location:
    apr 15 11:32:10 dsrv01 notify_push[38548]:    /tmp/krankerl.PNFmShx8gZmS/notify_push/src/storage_mapping.rs:57
    apr 15 11:32:10 dsrv01 notify_push[38548]: Backtrace omitted.
    apr 15 11:32:10 dsrv01 notify_push[38548]: Run with RUST_BACKTRACE=1 environment variable to display it.
    apr 15 11:32:10 dsrv01 notify_push[38548]: Run with RUST_BACKTRACE=full to include source snippets.
    apr 15 11:32:10 dsrv01 systemd[1]: notify_push.service: Main process exited, code=exited, status=1/FAILURE
    apr 15 11:32:10 dsrv01 systemd[1]: notify_push.service: Failed with result 'exit-code'.

I’ve tried to add some environment variables to my systemd unit file but still no luck:

    [Unit]
    Description = Push daemon for Nextcloud clients

    [Service]
    Environment = PORT=7867 DATABASE_URL=mysql://nextcloud:PASSWORD@tsrv01:3306 DATABASE_PREFIX=oc_
    ExecStart = /var/www/html/nextcloud/apps/notify_push/bin/x86_64/notify_push  /var/www/html/nextcloud/config/config.php
    User=www-data

    [Install]
    WantedBy = multi-user.target

Thanks!

Enrico

j-ed · April 16, 2021, 2:18pm

The same problem has been addressed here a couple of hours ago. You should follow the discussion to participate in the outcome.

github.com/nextcloud/notify_push

Failed to connect to Nextcloud database

opened 04:38AM - 16 Apr 21 UTC

tfvlrue

Hi, I just upgraded to Nextcloud 21 and trying to get notify_push up and runnin…g. Running on FreeBSD 12.2 and built the binary locally. Using HTTPS certificate from Let's Encrypt. However, notify_push fails to connect to my Nextcloud instance when I run it. ``` www@server:~ % /var/www/nextcloud/apps/notify_push/bin/amd64/notify_push /var/www/nextcloud/config/config.php [2021-04-16 00:22:38.494793 -04:00] WARN [rustls::session] /root/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.19.0/src/session.rs:798: Sending fatal alert DecodeError Error: 0: Failed to connect to Nextcloud database 1: error communicating with the server: invalid certificate: BadDER 2: invalid certificate: BadDER Location: /root/nextcloud_notify_push/src/storage_mapping.rs:57 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1: color_eyre::config::EyreHook::into_eyre_hook::{{closure}}::hb303c81a7d5b7c79 at <unknown source file>:<unknown line> 2: <E as eyre::context::ext::StdError>::ext_report::h4685d8b635fbda84 at <unknown source file>:<unknown line> 3: notify_push::main::{{closure}}::he27b08b64116f0f1 at <unknown source file>:<unknown line> 4: notify_push::main::hbcac0d378388707c at <unknown source file>:<unknown line> 5: std::sys_common::backtrace::__rust_begin_short_backtrace::h261dfd1702e70c3e at <unknown source file>:<unknown line> 6: main<unknown> at <unknown source file>:<unknown line> 7: _start<unknown> at /usr/src/lib/csu/amd64/crt1.c:76 ``` I'm just passing in the same config that the Nextcloud instance is using, and it's all pretty bog standard, I think. Here's a snippet of the config with sensitive bits redacted: ``` $CONFIG = array ( ... 'dbtype' => 'mysql', 'version' => '21.0.1.1', 'dbname' => 'xxx', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxx', 'dbpassword' => 'xxx', 'default_phone_region' => 'US', 'logtimezone' => 'UTC', 'installed' => true, 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'redis' => [ 'host' => '/tmp/redis.sock', 'port' => 0, 'dbindex' => 0, 'password' => 'xxx', 'timeout' => 1.5, ], ... ); ``` You can see I'm using a locally hosted instance of MySQL for the database. If I temporarily stop the MySQL service, notify_push hangs on launch, telling me there is at least some database network request reaching it. I'm not sure how to further debug this, so any help would be appreciated. Thanks!

Additionally you might try to disable the certificate verification for testing purposes as described here:

ebiagi · April 16, 2021, 2:37pm

Thank you!
I’ve done some other tests including trying to disable the certificate verification but it didn’t work.
Commenting out the dbdriveroptions array section, which sets the encription certificates used to connect, worked but I do not want to disable ssl encryption.