the api not work

[enzo0039]

When I try to use my self-hosted One-Time Secret API on the GLPI plugin, I get these errors:

[11/Apr/2024:15:24:05 +0200] "GET /img/favicon.png HTTP/1.1" 200 189 0.0036
2024-04-11 15:25:14 +0200 Invalid request: Invalid HTTP format, parsing fails.
/var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/request.rb:86:in execute' /var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/request.rb:86:in parse'
/var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/connection.rb:39:in receive_data' /var/lib/gems/3.0.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in run_machine'
/var/lib/gems/3.0.0/gems/eventmachine-1.2.7/lib/eventmachine.rb:195:in run' /var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/backends/base.rb:75:in start'
/var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/server.rb:162:in start' /var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/controllers/controller.rb:87:in start'
/var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/runner.rb:203:in run_command' /var/lib/gems/3.0.0/gems/thin-1.8.2/lib/thin/runner.rb:159:in run!'
/var/lib/gems/3.0.0/gems/thin-1.8.2/bin/thin:6:in <top (required)>' /usr/local/bin/thin:25:in load'
/usr/local/bin/thin:25:in `

'

Can someone help me ?

[delano]

Yes, I’ll take a look.

[enzo0039]

Thank you! I host my GLPI on the same machine as One Time Secret, yet when I use the API from the One Time Secret site, it works. However, ultimately, I would like to have both locally.

For One Time Secret, I left the configuration at default

[delano]

Thank you! I host my GLPI on the same machine as One Time Secret, yet when I use the API from the One Time Secret site, it works. However, ultimately, I would like to have both locally.

Nice, yeah that sounds like great setup.

Do you have a web server / proxy running on that machine as well? Something like Nginx, Caddy, HAProxy etc.

[enzo0039]

I have nothing else except for One Time Secret and GLPI on this VM.

[delano]

Kk, I got it sorted out. The issue you're having is related to SSL/HTTPS.

The Onetime Secret ruby app doesn't handle SSL itself. So when making a request for https://myexampledomain.com/ (or https://myexampledomain.com:3000), that's how you get the error you're seeing.

2024-04-11 08:23:05 -0700 Invalid request: Invalid HTTP format, parsing fails.
	/Users/d/.rbenv/versions/3.2.0/lib/ruby/gems/3.2.0/gems/thin-1.8.2/lib/thin/request.rb:86:in `execute'
  ...

Running a reverse proxy

The solution is to use a reverse proxy to handle the SSL termination. This is a common pattern in web applications. The reverse proxy is responsible for handling the SSL connection and then forwarding the request to the application server (in this case, the Onetime Secret app).

Thin supports SSL itself so that's one option (see this gist). An easier option is to use Caddy as a reverse proxy. Here's a simple Caddyfile that you can use to get started:

##
# Caddy 2 Configuration - One time secret
#
# Usage:
#
#   $ caddy run --config Caddyfile
#

https://myexampledomain.com {
   reverse_proxy localhost:3000
   log {
       output stdout
   }
   header X-Content-Type-Options nosniff
   header X-Frame-Options SAMEORIGIN
   header Referrer-Policy no-referrer-when-downgrade
}

Most importantly, Caddy automatically handles all of the SSL details for you (including generating the certificates). You can run Caddy as a service or in a container.

Installing Caddy

The official instructions are great and should have details for whichever kind of system you run:
https://caddyserver.com/docs/install.

Or in a nutshell, manually installing goes like this:

# Download and install Caddy
curl -o caddy.tar.gz "https://caddyserver.com/api/download?os=linux&arch=amd64&idempotency=1234567890123"
tar xvf caddy.tar.gz
sudo mv caddy /usr/local/bin/

# Save your Caddyfile configuration to a file
cat << EOF > Caddyfile
https://myexampledomain.com {
    reverse_proxy localhost:3000
    log {
        output stdout
    }
    header X-Content-Type-Options nosniff
    header X-Frame-Options SAMEORIGIN
    header Referrer-Policy no-referrer-when-downgrade
}
EOF


# Run Caddy with your configuration
caddy run --config Caddyfile --adapter caddyfile

With that, you'll be able to access your Onetime Secret app over HTTPS at https://myexampledomain.com (or whatever domain you're using).

[dannielshalev]

Hey @delano
will it be possible to have a flag to ignore SSL/HTTPS verification for dev testing?
I tried to modify this:
ONETIMESECRET_SSL="true" to ONETIMESECRET_SSL="false" in the .env file and I got:

ERROR: for app  'ContainerConfig'
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 33, in <module>
    sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
    command_func()
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 203, in perform_command
    handler(command, command_options)
  File "/usr/lib/python3/dist-packages/compose/metrics/decorator.py", line 18, in wrapper
    result = fn(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 1186, in up
    to_attach = up(False)
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 1166, in up
    return self.project.up(
  File "/usr/lib/python3/dist-packages/compose/project.py", line 697, in up
    results, errors = parallel.parallel_execute(
  File "/usr/lib/python3/dist-packages/compose/parallel.py", line 108, in parallel_execute
    raise error_to_reraise
  File "/usr/lib/python3/dist-packages/compose/parallel.py", line 206, in producer
    result = func(obj)
  File "/usr/lib/python3/dist-packages/compose/project.py", line 679, in do
    return service.execute_convergence_plan(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 579, in execute_convergence_plan
    return self._execute_convergence_recreate(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 499, in _execute_convergence_recreate
    containers, errors = parallel_execute(
  File "/usr/lib/python3/dist-packages/compose/parallel.py", line 108, in parallel_execute
    raise error_to_reraise
  File "/usr/lib/python3/dist-packages/compose/parallel.py", line 206, in producer
    result = func(obj)
  File "/usr/lib/python3/dist-packages/compose/service.py", line 494, in recreate
    return self.recreate_container(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 612, in recreate_container
    new_container = self.create_container(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 330, in create_container
    container_options = self._get_container_create_options(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 921, in _get_container_create_options
    container_options, override_options = self._build_container_volume_options(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 960, in _build_container_volume_options
    binds, affinity = merge_volume_bindings(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 1548, in merge_volume_bindings
    old_volumes, old_mounts = get_container_data_volumes(
  File "/usr/lib/python3/dist-packages/compose/service.py", line 1579, in get_container_data_volumes
    container.image_config['ContainerConfig'].get('Volumes') or {}
KeyError: 'ContainerConfig'

[delano]

You're on the right track. ONETIMESECRET_SSL and ONETIMESECRET_HOST are the environment variables you need to set. e.g. the equivalent settings in the etc/config file:

:site:
  :host: localhost:3000
  :ssl: false

The error KeyError: 'ContainerConfig' is coming from the docker python library and possibly to do with its own docker compose configuration.