I can't, for the life of me, figure out why I can't get this to work on Acquia yet can get it to work on my local. Whenever I add in a remote to /relaxed and go to status report, it always comes back:
Client error: `GET http://replicator:password@<domain>.devcloud.acquia-sites.com/relaxed` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org (truncated...)
Client error: `GET http://replicator:password@<domain>.devcloud.acquia-sites.com/relaxed/_all_dbs` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org (truncated...)
I can physically get to that URL fine, however - and when I use Postman, it returns a valid response of {"couchdb":"Welcome","uuid":"7d3b0171-39ca-4dbd-9b7e-eb517dadb047","vendor":{"name":"Drupal","version":"8.1.2"},"version":"8.1.2"}
I can also physically get to /relaxed/_all_dbs, which returns ["live","stage"]
And /relaxed/live returns {"db_name":"live","instance_start_time":"1465997388"}
This does not let me select the remote on Workspaces, though I can on my local.
Comments
Comment #1
Anonymous (not verified) CreditAttribution: Anonymous as a volunteer commentedtoddmbloom created an issue. See original summary.
Comment #2
Aaronwa CreditAttribution: Aaronwa commentedI ran into this issue also and found that I didn't create a replicator user and assign that user to the replicator role. Check the permissions for the role and try again. I created the user on both ends, the sending end and receiving end.
Comment #3
dobrzyns CreditAttribution: dobrzyns commentedI am not using Acquia and am getting this also. I verified that the replicator user exists on both ends and the password is set correctly. If I test this with the Poster add-on in Firefox, it worked when I initially tested. However, when I went back to test several minutes later (no changes in settings), it no longer worked with Poster; I got the message
Cannot process request on GET http://replicator:some_password@staging.profoodtech.com due to: Access to restricted URI denied
GET http://replicator:some_password@staging.profoodtech.com/_all_dbs
results in a 404 Not Found response. Testing this with Poster results inCannot process request on GET http://replicator:some_password@staging.profoodtech.com/_all_dbs due to: Access to restricted URI denied
I'm wondering if it's perhaps related to this comment: https://www.drupal.org/node/2637770#comment-11140013
Comment #4
jeqq@dobrzyns You have 404 errors because the URL is not correct, it should be http://replicator:some_password@staging.profoodtech.com/relaxed/_all_dbs
Comment #5
dobrzyns CreditAttribution: dobrzyns commented@jeqq Ah, indeed. Thanks for catching that.
Comment #6
sanci91 CreditAttribution: sanci91 commentedI'm having this exact problem too.
I'm trying to share contents between two sites in local that i created with acquia dev desktop 2. Let's say
http://mysite-master.dd:8083
and
http://mysite-slave.dd:8083
I created 2 users with role replicator in both sites, set the relaxed remote pointing to /relaxed with correct user/password, but it returns in both cases errror 403.
More specifically, the error in the logs is:
in the caller
GuzzleHttp\Exception\ClientException: Client error: `GET http://replicator:password@mysite-slave.dd:8083/relaxed/_all_dbs` resulted in a `403 Forbidden` response: <!DOCTYPE html> <html lang="en" dir="ltr" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org (truncated...) in GuzzleHttp\Exception\RequestException::create() (line 107 of mysite-master/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php).
In the receiver
As you can see it doesn't manage to access the page returning 403.
I tried even with postfix and indeed it cannot access the page.
Trying with 8.x-1.0-alpha10 version.
Comment #7
deivamagalhaes CreditAttribution: deivamagalhaes for Appnovation commentedI am having the same issue. Does anybody have updates on this by any chance?
Comment #8
vflirt CreditAttribution: vflirt commentedI have tracked the issue to basic_auth as it has flood protection.
Currently for me it is failing at:
$this->flood->isAllowed('basic_auth.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)
It seems that there has been too many login requests for the replicator user and there is not a nice way to clear the flood flag unless you get to the table and clean it manually.
Comment #9
MartinMa CreditAttribution: MartinMa as a volunteer commentedJust have similar/same problem.
I get alway following message:
GuzzleHttp\Exception\ClientException: Client error: `GET http://Replicator:***@xxx.xx/replicator/_all_dbs` resulted in a `404 Not Found` response:
I wonder a little about !http://Replicator:***" which seems not to be a correct url. (replicator-User is 'Replicator')
/relaxed on both sites seem to work an result in
couchdb "Welcome"
uuid "8ab6dd35-7d39-4fef-ab95-f0d679a2c6af"
vendor
name "Drupal"
version "8.3.2"
version "8.3.2"
/relaxed/_all_dbs results on both sites in
0 "live"
1 "stage"
(should it be counterwise?)
Better error handling with messages i can understand would be great ...
Comment #10
MartinMa CreditAttribution: MartinMa as a volunteer commentedHm, a second look to syslog:
There are messages that following pages not found:
/replicator/
/replicator/_all_dbs
Why is drupal looking for that url and not for /relaxed ?
Comment #11
jeqq@MartinMa did you complete all the steps from the documentation page? Especially "Configuring local Relaxed settings"?
Comment #12
Pranay Agarwal CreditAttribution: Pranay Agarwal commented#8 Your solutions works. Thanks.
Comment #13
roborew CreditAttribution: roborew at Christian Aid commentedThis issues seems to have got a little confused. A 404 is likely a different problem to the 403 reported and therefore a new issue is required. But to add to the original issues. I have ran into a 403 error when trying to deploy a higher number of nodes. I can confirm that the target site is active and I can deploy in low numbers. But have a site with 1000+ nodes that i'm now unable to sync between local workspaces or to a remote target, error messages:
@vflirt this could well be pointing to the problem you've identified with the auth_module and multiple login attempts, but I don't see a solution in your comment, pease could you expand.
Comment #14
dolcaer CreditAttribution: dolcaer commentedI'm also getting the following error in my status panel:
`Client error: `GET https://replicator:***@example.com/relaxed/_all_dbs` resulted in a `403 Forbidden` response`
where `replicator` is the user with the replicator role, and `example.com` is of course my own domain.
However, when manually going to `https://replicator:password@example.com/relaxed/_all_dbs`, it does work. So it seems like RELAXed is actually using the stars as the password... I don't know if this is actually the same issue that OP is having, but it's also a 403 issue.
Comment #15
kumkum29 CreditAttribution: kumkum29 commentedHello,
Same problem for me. The remote site isn't reached.
So, I'm getting these errors:
The generated urls from the "relaxed module" seems to be valid...
Can you help me to resolve this problem ?
Thanks.
Comment #16
kumkum29 CreditAttribution: kumkum29 commentedComment #17
kumkum29 CreditAttribution: kumkum29 commentedGood news.
I have resintalled a new remote site and it's ok for me (problems with my first install????).
I can deploy contents from a source site to a remote site.
But, If you use the account 1 to test the deployment, don't forget to add the "replicator" role on this account !!!! (without this role on uid 1 we get new errors in logs...)
Comment #18
jeqqI cannot reproduce this error locally. I also use this module on production sites and it works fine. Most probably you don't configure correctly your sites and the module. If you still can reproduce it, make sure you read again here the README.md file and this documentation.
Comment #19
jeqqComment #20
James Marks CreditAttribution: James Marks commentedHad the same 403 error problem described on one site but not the other. Identical replicator users set up, passwords the same, relaxed remotes set up, etc...
Manually cleared the flood table on the site with the problem which promptly resolved the problem.
Comment #21
kumkum29 CreditAttribution: kumkum29 commentedHello,
I have changed the protocol of my site to https. But, now, I get an error 403 and an forbidden access to the 'https://mysite.com/relaxed/_all_dbs' URL.
In Drupal 8 how can I clear the flood table? I don't see this table in my database.
Thanks.
P.S. if I configure a new relaxed remote site it's functionnal. I think the relaxed module keep some datas/configs in memory, then we can't update existing relaxed remote. Is there a solution to "clear" the relaxed remotes settings?
Comment #22
kumkum29 CreditAttribution: kumkum29 commentedComment #23
pbcelery CreditAttribution: pbcelery commentedSame.
Currently the error message is pretty spare. It would be useful if we updated the error messaging to include more about the URL being tried and the full response reason. That's suggested on the CouchDB docs too: http://docs.couchdb.org/en/2.1.2/replication/protocol.html
Exception: Response status code: 403 when connecting to source site or database. Response body: {"error":"unauthorized","reason":""} in Relaxed\Replicator\Replication->replicateChanges() (line 536 of /var/www/uwmed/vendor/relaxedws/replicator/src/Replication.php).
Comment #24
jeqqI faced recently this problem and the cause of the 403 response is quite funny. The 403 response was caused only when requesting
/workpsace_id/doc_id
paths and the problem ended to be caused by the bad handling of the password the user had. Because the password had the "+" symbol at the end, the CouchDB Client library seems to not handle that very well and in Drupal, the request sent by the library, had the "+" symbol replaced by a space. Example: for a password like "TestPass+", the password received by basic_auth module in Drupal was "TestPass ". The workaround was to not use a symbol at the end of the password, for long term the issue should be fixed in the CouchDB Client library. Here is sent the request when the "+" symbol is replaced with a space: https://github.com/relaxedws/couchdb-client/blob/master/lib/Doctrine/Cou....Other causes of the 403 response status can be caused by site specific permissions configuration.
Comment #25
jhedstromI encountered this issue and it came down to the flood controls in the
basic_auth
module as noted above in #8.Comment #26
mrweiner CreditAttribution: mrweiner as a volunteer commentedI'm getting a different variant of this as described in #3061360.
Exception: HTTP Error with status 403 occurred while requesting */*. Error: unauthorized in Relaxed\Replicator\Replication->replicateChanges() (line 536 of /root/vendor/relaxedws/replicator/src/Replication.php).
That error in particular is thrown by line 532. Digging into this a bit more, it looks like $this->source and $this->target in Relaxed\Replicator\Replication->replicateChanges() are both set correctly with 200 responses. Unless I'm mistaken, this means that a basic connection to both endpoints has succeeded, hence why I am not getting the "relaxed/_all_dbs" error.
The error occurs when synchronizing content, when getting the $rawHeaders on line 142 of StreamClient->getStreamHeaders(), called by MultipartParserAndSender->transferDocuments().
This is further validated by trying to execute the same via curl
Fails - {"message":"No authentication credentials provided."} :
curl http://mysite.com/relaxed/stage
Succeeds:
curl http://user:password@mysite.com/relaxed/stage
Fails - {"error":"unauthorized","reason":""} :
curl http://user:password@mysite.com/relaxed/stage/e829efaa-2971-44e8-affc-db16e0b6a64c?revs=1&latest=1&open_revs=%5B%221-3774c67d9ff30cc3a7802128f23f3cec%22%5D
I'm at a bit of a loss. The user:password user exists on mysite.com and has the replicator role with the proper permissions, and the site is a fairly clean install aside from trying to get this working, so I'm not sure where there'd be another permissions conflict.
Comment #27
jeqq@mrweiner Try to debug how that request reaches the drupal site and how authentication goes in the basic_auth module. Check what contain the authentication headers when they reach the sites and if the password and the user are correct. Just debug until you find where 403 is returned and why.
Your description look exactly like what I had in #24, and I've found that while debugging the request until I've found where it returns the 403 status.