Created Users unable to login

Ben_Kiarie · September 23, 2023, 7:42am

Hi Team,

I am able to login to the CHT app using the default medic credentials, but all other users I create are unable to login.

Here is a side by side view of the two (one is in incognito) before login

Here is the outcome after attempting to login. The one of the left is the created user, the one on the right is logged in with default login details.

.

I created another test user, but attempts to login using test or Jack user ends up with that error screen.

What could be the issue ?

Thanks.

diana · September 23, 2023, 1:00pm

Hi @Ben_Kiarie

My suspicion is that the secondary user that you are creating has an offline role, This requires the user to be able to register the service worker, so that the app is actually available online. Service workers won’t install of your connection is not secure - which yours isn’t.
To verify, can you please check if you have an error in your browser for failure to register service worker and nothing else afterwards?

Ben_Kiarie · September 25, 2023, 5:46am

Hi @diana you are right. This is the error

Error bootstrapping DOMException: Failed to register a ServiceWorker for scope ('https://localhost:8444/') 
with script ('https://localhost:8444/service-worker.js'): 
An SSL certificate error occurred when fetching the script.

What should I do now ?

diana · September 25, 2023, 8:30am

Hi @Ben_Kiarie

I suggest you overwrite the certificate in your nginx container, and use the local-ip one. I believe we have a script that does that automatically: https://github.com/medic/cht-core/blob/master/scripts/add-local-ip-certs-to-docker-4.x.sh

mrjones · September 25, 2023, 3:00pm

@Ben_Kiarie - if you’re using a local setup or Docker Helper 4, then @diana’s suggestion is the perfect solution.

In case you’re running the developer environment, then you’ll need to use the Nginx Local-IP project, as you won’t have an cht-nginx container running.

Let us know if you’re still stuck!

Ben_Kiarie · September 25, 2023, 3:51pm

Hi @mrjones thanks for jumping in to help. You are right, I tried Diana’s suggestion and ran into the problem of cht-nginx not running

This is what I have done …

I installed nginx-local-ip and it is running.

Screenshot 2023-09-25 at 18.46.111910×1016 292 KB
Inside my cht-4-app-developer folder I ran CHT_COMPOSE_PROJECT_NAME=app-devl COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=${PWD} COUCHDB_DATA=${PWD}/couchd CHT_COMPOSE_PATH=${PWD} COUCHDB_USER=medic COUCHDB_PASSWORD=password docker-compose up

But I got an error that port 443 was already in use. Therefore, I started the app with

NGINX_HTTP_PORT=8081 NGINX_HTTPS_PORT=8444 CHT_COMPOSE_PROJECT_NAME=app-devl COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=${PWD} COUCHDB_DATA=${PWD}/couchd CHT_COMPOSE_PATH=${PWD} COUCHDB_USER=medic COUCHDB_PASSWORD=password docker-compose up

The app is working, I can visit https://localhost:8444/#/contacts just fine.

With that context, what is my next step to sign in as a user with an offline role?

I tried visiting https://localhost:8081 but that does not work. What is the http url I should visit to sign in as a user with an offline role ?

diana · September 25, 2023, 5:14pm

You should not access your app on the http port, only on the https port.
So use https://localhost:8444 to login as your offline user.

mrjones · September 25, 2023, 5:31pm

@Ben_Kiarie - cool! Good job getting nginx-local-ip working.

I believe what happened is that when you started nginx-local-ip it bound to port 443. If you want to run it on a different port, check the troubleshooting section about “Port Conflicts”

I also noticed you ran APP_URL=http://192.168.0.3:5988 docker compose up, but I suspect that 192.168.0.3 is not the IP of your computer, but directly copied out of the “Run” section. This should be your local IP (which may be 192.168.0.3! but not likely ; )

Generally speaking, a happy path looks like this:

Install and get CHT Running. Get your IP and verify you can see the login on http. For me this is http://192.168.68.26:5988
Install nginx Local-IP. Using the IP and port from step #1, start it. For me this is APP_URL=http://192.168.68.26:5988 docker compose up

In the output of nginx Local-IP, check for this section with local-ip.medicmobile.org - it is the URL with a valid TLS cert for your CHT instance:

nginx-local-ip  | /entrypoint.sh:
nginx-local-ip  |     --------------------------------------
nginx-local-ip  |     nginx-local-ip URL:
nginx-local-ip  |     https://192-168-68-26.local-ip.medicmobile.org
nginx-local-ip  |     --------------------------------------
nginx-local-ip  | /entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration

The slightly less happy path is when you have a port conflict in step #2. For example, if I already another service running on 443, I would use this call (remember, your IP will be different than my 192 one!): HTTP=9080 HTTPS=9443 APP_URL=http://192.168.68.26:5988 docker-compose up. Note that nginx Local IP will give you the full URL back to you to use, including port:

--------------------------------------
nginx-local-ip URL:
https://192-168-68-26.local-ip.medicmobile.org:9443
--------------------------------------

Ben_Kiarie · September 25, 2023, 7:19pm

@mrjones when reading the nginx-local-ip README I focused on you normally access the app with http://192.168.0.3:5988

@diana and @mrjones y’all are rockstars! Thank you… It worked. I can now login as the offline users on https://localhost:8444/

mrjones · September 25, 2023, 7:50pm

Yay! Glad that worked.

FYI - If you’re only using https://localhost:8444/, you don’t need the nginx-local-ip service.