Unable to install my ACE app deployed on Heroku on my instance (return 401)

hamzabouallegue · January 7, 2021, 12:49pm

hello evryone
after developing and testing my ACE i deployed it on heroku when i call my app url ( https://agil-cockpit.herokuapp.com/) it return the atlassian-connect.json just fine , now i tried to install my app on my instance but i got 401 error , i run the commande heroku logs --tail to show the log so i got this

2021-01-07T12:43:10.086390+00:00 heroku[router]: at=info method=GET path="/atlassian-connect.json" host=agil-cockpit.herokuapp.com request_id=59458544-c960-4d2c-a783-a5bfdba358f8 fwd="52.215.192.230" dyno=web.1 connect=1ms service=1
9ms status=200 bytes=850 protocol=https
2021-01-07T12:43:10.085822+00:00 app[web.1]: ::ffff:10.109.166.130 - - [07/Jan/2021:12:43:10 +0000] "GET /atlassian-connect.json HTTP/1.1" 200 419 "-" "Apache-HttpClient/4.5.13 (Java/1.8.0_275)"
2021-01-07T12:43:10.839056+00:00 heroku[router]: at=info method=POST path="/installed" host=agil-cockpit.herokuapp.com request_id=22cc48b1-a011-42e0-8a7e-fc15f82dc973 fwd="52.215.192.227" dyno=web.1 connect=1ms service=31ms status=4
01 bytes=566 protocol=https
2021-01-07T12:43:10.813006+00:00 app[web.1]: Installation verification error: 401 no pg_hba.conf entry for host "54.210.58.36", user "yjozzozofeciwl", database "d6vhckjkl9l4d2", SSL off
2021-01-07T12:43:10.838809+00:00 app[web.1]: ::ffff:10.111.171.190 - - [07/Jan/2021:12:43:10 +0000] "POST /installed HTTP/1.1" 401 133 "-" "Atlassian HttpClient unknown / JIRA-1001.0.0-SNAPSHOT (100154) / Atlassian-Connect/1001.0.0-
SNAPSHOT"

this is my atlassian-connect.json

{
    "key": "new key ",
    "name": "My app",
    "description": "My very first app",
    "baseUrl": "{{localBaseUrl}}",
    "authentication": {
        "type": "jwt"
    },
    "lifecycle": {
        "installed": "/installed"
    },
    "scopes": [
        "READ","WRITE","ADMIN"
    ],
    "modules": {
        "generalPages": [
            {
                "key": "test ",
                "location": "system.top.navigation.bar",
                "name": {
                    "value": "test"
                },
                "url": "/myplugin",
                "conditions": [{
                    "condition": "user_is_logged_in"
                }]
            }


        ]
    }
}

any help please

osiebenmarck · January 7, 2021, 1:03pm

Hi @hamzabouallegue,

It looks like there is a problem accessing your PostgreSQL db during installation, that’s the error message in the second to last line in your log excerpt.
Can you share a bit more about your database setup? I’m guessing you are not using Heroku’s PostgreSQL, right?

Regards,
Oliver

hamzabouallegue · January 7, 2021, 1:24pm

@osiebenmarck thank you for your response
i used this commande heroku addons:add heroku-postgresql:hobby-dev --app <add-on-name> in may case heroku addons:add heroku-postgresql:hobby-dev --app agil-cockpit
from my config.json :

 "production": {
       
        "port": "$PORT",
    
        "errorTemplate": true,
       
        "localBaseUrl": "https://agil-cockpit.herokuapp.com/",
        "store": {
           
            "type": "postgres",
      
            "url": "$DATABASE_URL"
        },
   
        "whitelist": [
            "*.jira-dev.com",
            "*.atlassian.net",
            "*.atlassian.com",
            "*.jira.com"
        ]
    }

what is missing please !

osiebenmarck · January 7, 2021, 1:43pm

Hi @hamzabouallegue,

can you try the following in your config.json:

    "store": {
      "adapter": "sequelize",
      "type": "postgres",
      "logging": false,
      "url": "$DATABASE_URL",
      "ssl": true
    },

My hunch is, that your app does not use SSL to connect to the DB, which would be rejected by Heroku’s PostgreSQL.

Hope that helps,
Oliver

hamzabouallegue · January 7, 2021, 2:18pm

same error (401) unfortunately
2021-01-07T14:09:49.516751+00:00 app[web.1]: Installation verification error: 401 no pg_hba.conf entry for host "3.84.248.46", user "yjozzozofeciwl", database "d6vhckjkl9l4d2", SSL off
my config.json :

"production": {
     
        "port": "$PORT",

        "errorTemplate": true,
      
        "localBaseUrl": "https://agil-cockpit.herokuapp.com/",
        "store": {
          
            "adapter": "sequelize",
            "type": "postgres",
            "logging": false,
            "url": "$DATABASE_URL",
            "ssl": true

        },
    
        "whitelist": [
            "*.jira-dev.com",
            "*.atlassian.net",
            "*.atlassian.com",
            "*.jira.com"
        ]
    },

hamzabouallegue · January 8, 2021, 12:03pm

i fix that by downgraded pg version from 8 to 7 now i m able to install may ACE app in my instance
but i m facing this error while runing my app
Error: Could not load the component dashboard.jsx. Did you run npm buildto compile your jsx files?

this is my route file :
export default function routes(app, addon) {

app.get('/', (req, res) => {
    res.redirect('/atlassian-connect.json');
});


app.get('/cockpit',  addon.authenticate(), (req, res) => {

    res.render(
      'dashboard.jsx',
      {
        title: 'Atlassian Connect'
       
      }
    );

});

}
i tried to change my dashboard.jsx with another file test.hbs it works perfectly .

when i run my app localy using ngrok it works fine as expected with my jsx

boris · March 11, 2021, 10:08pm

The SSL failure seems to be related to the dialect options at Node.js, PostgreSQL error: no pg_hba.conf entry for host - Stack Overflow

When I added

        "ssl": true,
        "dialect": "postgres",
        "dialectOptions": {
          "ssl": {"require":true }
        }

To my config.json file it resolved the issue.

frederictardieu · May 22, 2021, 5:37pm

Hi @boris ,

I’m also running an app on Heroku/Postgres as @hamzabouallegue . (node v14.17.0, atlassian-connect-express v6.6.0, pg v8.6.0, sequelize v6.3.5. So I tested several cases :

Case #1, with lines from @boris :

"store": {
      "adapter": "sequelize",
      "type": "postgres",
      "logging": false,
      "url": "$DATABASE_URL",
      "ssl": true
    },

got error :

2021-05-22T17:18:30.396616+00:00 app[web.1]: Unhandled error: SequelizeConnectionError: self signed certificate
2021-05-22T17:18:30.396618+00:00 app[web.1]: at Client._connectionCallback (/app/node_modules/sequelize/lib/dialects/postgres/connection-manager.js:184:24)
2021-05-22T17:18:30.396620+00:00 app[web.1]: at Client._handleErrorWhileConnecting (/app/node_modules/pg/lib/client.js:305:19)
2021-05-22T17:18:30.396621+00:00 app[web.1]: at Client._handleErrorEvent (/app/node_modules/pg/lib/client.js:315:19)
2021-05-22T17:18:30.396621+00:00 app[web.1]: at Connection.emit (events.js:376:20)
2021-05-22T17:18:30.396622+00:00 app[web.1]: at TLSSocket.reportStreamError (/app/node_modules/pg/lib/connection.js:52:12)
2021-05-22T17:18:30.396622+00:00 app[web.1]: at TLSSocket.emit (events.js:376:20)
2021-05-22T17:18:30.396622+00:00 app[web.1]: at emitErrorNT (internal/streams/destroy.js:106:8)
2021-05-22T17:18:30.396623+00:00 app[web.1]: at emitErrorCloseNT (internal/streams/destroy.js:74:3)
2021-05-22T17:18:30.396623+00:00 app[web.1]: at processTicksAndRejections (internal/process/task_queues.js:82:21)

Case #2, with lines from @osiebenmarck :

"store":
      {
        "type": "postgres",
        "url": "$DATABASE_URL",
        "ssl": true,
        "dialect": "postgres",
        "dialectOptions": {
          "ssl": {"require":true}
        }
      },

I got the same error.

Case #3, with code from mentioned Stackoverflow article :

 "store":
      {
        "type": "postgres",
        "url": "$DATABASE_URL",
        "ssl": true,
        "dialect": "postgres",
        "dialectOptions": {
          "ssl": {"require":true,
                  "rejectUnauthorized": false }
        }
      },

→ It’s OK, so it seems that "rejectUnauthorized":"false" is mandatory, do you confirm that ? I looks for me like a medium security problem, I don’t really like to add this parameter… Your opinion ?

Thanks !

Fred

osiebenmarck · May 23, 2021, 12:54pm

Hi @frederictardieu ,

I must have missed in January, but I do believe that Heroku’s PostgreSQL databases use self-signed certificates, in which case Yes, you will need to set rejectUnauthorized to false to connect to them.

If you are uneasy about this, then your options would be to move to a database provider that provides verifiable SSL certificates or to see what else Heroku has to offer. They talk about this issue here, but I have no experience with the alternatives they propose.

Best regards,
Oliver

boris · May 26, 2021, 1:42am

Ran into this as well now. Adding the rejectUnauthorized fixed it.

frederictardieu · May 26, 2021, 10:48am

@boris , which DB do you use with ACE ? Do you have any cloud provider offering DB with SSL certificates? Thanks, Fred

boris · May 26, 2021, 11:47am

I ended up using the rejectUnauthorized option and stayed on heroku.