I’m running the production Mender server on our own host. When I used the self-signed certs created during setup, I was able to log in with an unsecure connection. After I added my own certs, I’m able to get to the login screen with a secure connection. However, no matter what I enter for username and password, clicking on the Log In button does nothing. I can’t get past that screen. Any ideas?
Hi @kdavidson,
thanks for using Mender! Ideally you should see an error message with the response you are getting, however since this apparently isn’t happening…:
Can you open the browser devtools (usually right click on the site and Inspect (Element)) and check the console output + in the network tab of the devtools the login call could provide additional insights into what is happening.
And for context: what version of Mender are you running?
Hej @kdavidson
thanks for using Mender!
I would first try in the incognito window and reload without cache cmd/ctrl+r (depends on your browser a bit).
then I would check the web console from the developer tools from your browser, please send console and network screenshots during login.
best regards,
peter
Oh, and I’m running Mender 2.5.
I would like to see your ALLOWED_HOSTS could you share that?
you can grep -rniH ALLOWED_HOSTS . in the root production directory.
peter
I’ve tried it with and without the port added.
./config/prod.yml:61: ALLOWED_HOSTS: mender.kcdavidson.com:443
./config/prod.yml.template:61: ALLOWED_HOSTS: my-gateway-dns-name
ok, two more things:
- do you have /etc/hosts entry for that host?
- could you run:
docker exec -it Mender-api-gateway-container-id-here /bin/bash -c set
peter
The hosts file contains:
127.0.0.1 localhost
127.0.0.1 docker.mender.io
127.0.0.1 s3.docker.mender.io
That’s left over from running the demo. I hadn’t thought of that.
As for the command:
~/mender-server/production$ docker exec -it menderproduction_mender-api-gateway_1 /bin/bash -c set
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknownsorry, correction:
docker exec -it Mender-api-gateway-container-id-here /bin/sh -c set
and if that fails, please:
docker exec -it Mender-api-gateway-container-id-here cat /proc/1/environ
if you can paste both, even better.
peter
First one:
ALLOWED_HOSTS=‘mender.kcdavidson.com:443’
HOME=‘/root’
HOSTNAME=‘127fa7ed7da6’
IFS=’
’
OPTIND=‘1’
PATH=‘/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin’
PPID=‘0’
PS1=‘\w $ ’
PS2=’> ’
PS4=‘+ ’
PWD=’/’
SHLVL=‘1’
TERM=‘xterm’
failed to resize tty, using default size
Second one:
-gateway_1 cat /proc/1/environ
nresty -g daemon off;failed to resize tty, using default size
ok thanks. can we drop the :443 and restart to rule out that?
pg
I tried logging in using incognito after the change and there is no difference.
ALLOWED_HOSTS=‘mender.kcdavidson.com’
HOME=‘/root’
HOSTNAME=‘f250c1852e0e’
IFS=’
’
OPTIND=‘1’
PATH=‘/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin’
PPID=‘0’
PS1=‘\w $ ’
PS2=’> ’
PS4=‘+ ’
PWD=’/’
SHLVL=‘1’
TERM=‘xterm’
ok the last idea I have is the common name in you certificate. could you change it to mender.kcdavidson.com ?
peter
I screwed up the first set of certs, so it took a little while. I’ve updated the common name, connected using incognito mode, and still get no response to the button click.
I actually got it work once. I was messing with cert files under the covers and I suddenly got in. Now it doesn’t again (after rebooting).
My cert and key files are different sizes than the Mender ones. Do you have information on what algorithm, size, and format are expected by Mender?
ok, I am out of ideas. could you share the configuration yml files?
peter
I am sorry, I am a bit clueless, the key sizes should not matter, are they really exotic?
peter
Well, here’s a good one. If I put the Mender-generated self-signed keys and certs in place and restart the server, Chrome won’t connect because of the self-signed nature. If I then replace all of the certs and keys with my LetsEncrypt ones in the background while the server is running, the login page works fine and I can get in.
Ring any bells?
Thank you, by the way, for the help. I’ve done my share of remote troubleshooting of problems that I’ve never seen, so I know how frustrating it can be.
it is my pleasure btw, I was just wondering the same thing, how often I am on the other side of the “helpdesk” 
could you share the exact machine (as in hardware, os, cpu, ram) this is running on and docker versions?
peter