TurnKey Linux Virtual Appliance Library

problem with openphoto template

After installing the openphoto template in proxmox and pointing the brower to the openphoto ip, i get following:

You don't have permission to access /setup on this server.

Are there any steps to take to make it work?

 

not working out of the box

same here, 

 

You don't have permission to access /setup on this server

 

Any ideas ?

Alex Bassett's picture

problem with openphoto template

Same problem here with .iso and openvz , I can login to both via web min but i cannot access openphoto admin area gives : You don't have permission to access /setup on this server error .

I have also tried turnkey-init on openvz , still no access !


Liraz Siri's picture

Sorry, this might be a bug.

Sorry, this might be a bug. I'll try to reproduce it and come up with a workaround.

Aris Moratalla's picture

Found a solution

Found a solution but I'm sure if this is the right one..

But it works.

 

logon to terminal on your server.

edit /etc/apache2/sites-available/openphoto file.

at the botto of the file you will find the code:

<Location /setup>
    deny from all
</Location>
 
change deny to allow.

save changes.

 
hope this helps.

acces to openphoto setup

hy

 

thanks

it's works for me

Jeremy's picture

Did you read the rest of the thread?

We'd really like to try to get to the bottom of this.

So was the domain or IP address that you used to use the appliance (ie in your web browser) the same as what you set in the firstboot scripts?

Jeremy's picture

I can't reproduce this!?

I just downloaded the OpenPhoto OVZ template (12.0-1) and launched in Proxmox. On browsing to http://192.168.1.101 (the container's IP; which incidentally I set as the domain during the firstboot/turnkey-init setup) it tells me that 'there's nothing to see here - log in to add content' (or words to that effect). I then logged in (via the link in the top right hand corner first, but tried again using the inline log-in link) using admin@example.com (which is the default admin email which I didn't change on turnkey-init) and the password that I had set (turnkey-init). It then successfully logs me in and suggests that I upload some photos.

Initially I did not auto install security updates on turnkley-init \but I ran that to check and it didn't seem to change anything. I also reran the OpenPhoto init script and set a real email address and it still works for me... So no idea what is going on for all you guys...

[edit] AFAIK (assuming it's like the other TKL appliances before) it shouldn't need to run 'setup' - it should already be done (and the TKL firstboot/init scripts take care of the details you'd normally run on 'setup').

@Aris - Once the Apache config is changed what happens then? Does it run some sort of setup/install type thing? (Like Jaisen suggest is the defualt OpenPhoto behaviour below). For security you'll want to (re)disable access to /setup once you're good to go, otherwise anyone can browse there and reset the settings and take control of your site (like Jaisen says below).

Accessing /setup

I'm the lead dev of OpenPhoto and wanted to chime in.

Not being very familiar Turnkey Linux I wanted to at least provide some context on "/setup".

OpenPhoto runs off of hostnames. It can mean a virtual host or an ip address. If the web server answers request on a given hostname and serves it with the OpenPhoto source then a site can be set up at that host.

It's on a first come basis so whoever claims a given hostname can upload photos to it. The downside is if there's a hostname you're not aware of (often the IP address). Someone can set up an OpenPhoto instance without your knowledge.

Further questions can be posted to openphoto@googlegroups.com.

Hope that helps.

Jeremy's picture

Thanks for chiming in Jaisen

Always happy to hear from upstream devs! :)

I won't go into the in-and-outs of TKL appliances, but the basic idea is that they are fully pre-installed and configured ready to go. What little config info required is provided with an interactive firstboot setup console script. In the OpenPhoto appliance, these include OpenPhoto admin ('owner') email address, password and domain. As the name suggests, the firstboot scripts (aka turnkey-init scripts) run at firstboot after installation reboot (with the exception of some image types eg OVZ, OpenStack, etc - which either require values preseeded or manual initialisation by running 'turnkey-init'). So in the case of OpenPhoto, I would imagine that the appliance should not need to access /setup (as any required config has been done already from the console on firstboot). Ie the behaviour I experienced trying to reproduce this bug is what we would be hoping for.

>> I would imagine that the

>> I would imagine that the appliance should not need to access /setup (as any required config has been done already from the console on firstboot).

There are a few actions which can only be specified through the /setup flow. This is used to create the site/configuration but it's also used to update it (if needed). As long as the following does not need to be changed then /setup can be disabled....

1) The theme does not need to be changed at a later date.*

2) Database/Filesystem information does not need to be changed at a later date.

* Issue 254 is tracking moving the theme selection out of the /setup flow.

https://github.com/photo/frontend/issues/254

Furthermore, the original post points to the configuration file not existing at `src/userdata/configs/{hostname}.ini`. The site redirects the user to /setup if it doesn't find that file. Is it possible that the cause is a hostname mismatch between what's int he browser and what TKL thought and used for the {hostname.ini} file?

Jeremy's picture

Very handy info to know.

So thanks again for your input Jaisen!

Resolving 'Issue #254' will eliminate the need to access /setup at all (in the context of TKL anyway) I would think. I would doubt that there would be any need to adjust DB/FS info in a dedicated appliance like TKL (although there may be edge cases, so great to have that info for reference).

Furthermore, the original post points to the configuration file not existing at `src/userdata/configs/{hostname}.ini`. The site redirects the user to /setup if it doesn't find that file. Is it possible that the cause is a hostname mismatch between what's int he browser and what TKL thought and used for the {hostname.ini} file?

Ahhh... I have a hunch that you have it in one! The info that you have provided and the fact that I used the IP address of my test appliance and didn't have the issue suggests that these others may not have done it that way thus causing this behaviour. I didn't write the firstboot/init script for the OpenPhoto appliance but I strongly suspect that the TKL script writes to that file, so if there is a mismatch between what the user inputs on firstboot and the hostname (/IP) used to access OpenPhoto it tries to run setup. Perhaps TKL needs to reword the firstboot script so this requirement is a little more explicit.

I'd be really interested to hear from the others who are experiencing this issue to confirm that this may be the issue/solution.

Jeremy's picture

I can confirm that this 'issue' is reproducable

If you use an incorrect (or dummy) domain name or IP when configuring (eg leave the default www.example.com) then OpenPhoto will redirect to the /setup directory (which is disabled for security by default in the TKL appliance).

If you did that on firstboot and want to fix it the easy way, re run the firstboot script:

cd /usr/lib/inithooks/bin
./openphoto.py

Good but not 100%

Hi Jeremy,

I've revisited the Turnkey project after quite some time away just to see what's new. It's come a long way since my last visit so thought I'd try my first Turnkey appliance. I have a proxmox environment these days which was a result of initially researching how to run Turnkey appliances.

Anyway, OpenPhoto seemed like a nice appliance to install but after about an hour of trouble-shooting, reaching a "give up" stage, having one more attempt at resolution to search forums see if anyone else experienced problems, finding this thread and kicking off the "firstboot" script again due to your post, I have it up and running.

This appliance isn't something that "just works" out of the box, which is as I understand, the whole idea of Turnkey appliances.

After trying deployment of this particular appliance a couple of times, the problems encountered are:

  1. you must re-run ./openphoto.py when it's deployed to remove the "example.com" items and add a new email address, etc so that the /var/www/openphoto/src/userdata/configs/??.ini file gets correctly created
  2. the access to MySQL using root@localhost just doesn't work. The error returned is "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)" and as a result, there is no way to login as root@localhost from phpMyAdmin, from Webmin nor from shell using mysql client cli.
  3. The account created for MySQL access by openphoto is named "openphoto" with (likely) the password provided on point1, which allows the application to run, but this is uncertain as trying to login with the "openphoto" MySQL user from phpMyAdmin or mysql cli results in "ERROR 1045 (28000): Access denied for user 'openphoto'@'localhost' (using password: YES)". I can see no way of logging into MySQL which is a major issue if DB admin work needs to be performed.
  4. Testing the OpenPhoto application, most things work but the tags can't be seen when groups are created. This seems to be a bug in the version of OpenPhoto used. I'll explain below.

For point 4, this is what is done to reproduce the bug/problem:

  • create a group called "public", assign an email address to it (eg. email@example1.com)
  • create a group called "private", assign a different email address to it (eg. email@example2.com)
  • upload a photo, set it as a public photo, add a tag named "tag1" to it
  • upload another photo, set it as a private photo, add a tag named "tag2" to it
  • Signin with BrowserID email@example1.com, public photo displayed (can comment on it), go to "tags" menu and can see public tag1. Logout.
  • Signin with BrowserID email@example2.com, private photo is displayed (can comment on it), go to "tags" menu, can see public "tag1" but can not see "tag2", even though email@example2.com can see tag2 photo's and when looking at the photo's the tags are displayed on the right pane, when going to tags menu item, tag2 does not get displayed.

Understandably point 4 is not the problem of Turnkey, but IMHO my understanding of Turnkey appliances is to "install and run" in the shortest time possible, this particular appliance doesn't meet that philosophy so should be tagged as either a "beta" appliance or fixed for production use.

I'd really like to to start using some Turnkey appliances, OpenPhoto has been the first without great success, I think the next one I'll try is zurmo.

Michael.

Jeremy's picture

#1-#3: PEBKAC error :)

Other than #4 your experience is nothing to do with the OpenPhoto appliance (and I can't comment on #4 but I assume that you are right).

You would/will have a similar experience with any of the TKL appliances when using OVZ templates (PVE or any other implementation of OVZ) - if you don't initialise the system when you create it. It is a shortcoming of the usuage of TKL as an OVZ template. But there is a solution - you just need to RTFM! :)

As documented quite extensively (on the OVZ template release announcement blog post, in the Wiki in relation to both OVZ templates and PVE usage and as comments on numerous threads), OpenVZ does not have a true console. Therefore, it is impossible to have interactive firstboot scripts run automatically (as they do in most other appliance builds). Or more correctly, it is possible, it's just not possible for you to interact with them (which causes services such as Webmin to hang and other anomolies).

Ideally, it would be nice if we had a way of preseeding the required values from the PVE UI (similar to what you do when launching via the Hub) so this isn't such an issue. But until that happens, running OVZ templates requires running of the whole firstboot sequence manually. To make this easier for users the devs have included a nice little generic wrapper script to do this (it's actually available in all appliances, not just OVZ ones).

Run it like this:

turnkey-init

And it will run all the firstboot scripts (as happens automatically with an ISO install or a VM import). This will address your points as follows:

  1. Runs openphoto.py - allowing you to enter details from the start
  2. Runs mysql.py - allowing you to enter a password for the MySQL root account.
  3. As you suspect this is a part of 1, but it also re-runs mysql.py non-interactively (using openphoto as the user name) and sets a random string password for the account (which it also adds to the OpenPhoto config file so that OpenPhoto can interact with the DB).

Hope that clears it up for you.

 i tried to re-run but after

 i tried to re-run but after the above commands i get:

-bash: ./openphoto.py: no such file or directory

Jeremy's picture

Oops

Sorry I left the 'bin' off. Fixing now... 

revised yet?

has this package been revised yet? i too got the "forbidden error" and is works locally in my home however externally port forwarded thru my router i get the main page asking to run openphoto setup, not the recent uploads that you normally would see.

Jeremy's picture

It's a feature! :)

So no it hasn't and I doubt it will. It is a limitation of the OpenPhoto software itself. It can only be hosted on one domain name. So what you are trying to acheive is not possible OOTB. I can't speak for the OpenPhoto devs but i assume that it is to make the server more secure and reduce chances of things like cross-site scripting attacks. That's usually why it is done AFAIK. It is possible that there is a way you can hack it to make it host from multiple domains (or even be completely domain agnostic) but you'd need to contact the OpenPhoto community to see if that is possible and/or how you do it.

Having said that it is possible without hacking the software... But what you'll need to do is either 1) setup a reverse proxy (non-trival and probably not recommended unless you have other content you wish to serve). Or 2) set it up to serve on the external domain name (assuming you have a domain name linked to your external IP, either via some dynamic DNS provider or something else...) and reroute your internal network connection to the domain name.

If you want to go with 1) then I suggest that you check out google. I'm sure you'll find plenty of tutorials on how to do that.

If you want to go with 2) then rerun the config (as posted by me above) to resest your server to the external domain name you wish to use. You'll then need to add an entry to your hosts file (on every PC in your LAN that you wish to use the server from) that points to the local IP. The only issue with that is that if you do this with a portable device (laptop/tablet/phone/etc) you will only be able to view your photos within the LAN (it won't be able to find the IP when you are out and about).

Even without adding an entry to your hosts file you should still be able to connect to your server from within your LAN (using the external domain name) but that is dependant on your router/modem - it works with mine, but I have read others will not work). But be aware that if you do it this way then your connection is actually looping out to the internet and then back into your server. This will slow down the connection...

The other alternative (ie 2b) is to set up a local DNS server (on your home network). That is not too hard and is something I have done and am willing to share the info with you if you are interested. That will give you the best of both worlds (internal connection within your LAN and external everywhere else) without having to configure it on each machine.

Same internal & external hostname?

Is it not possible to access the site using the same hostname internally as you do externally? OpenPhoto sees each hostname as a distinct "site".

now it works

Thank you.

Running

turnkey-init

worked like a charm

Nice but not turnkey

Hi,

Seems to be nice.

But it's not "turnkey" like other solutions in turnkey linux.

In the setup process (/setup (after modify config file)) we need to configure database info, etc.

Real turnkey is ALL turnkey app. Just login and GO !

:)

But good project !

Thanks

PY

Jeremy's picture

Thanks for the feedback

To try to recreate your experience (with an aim to fixing it) can you please give me a couple more details please? Namely:

  • Were you using the latest version? (v13.0 currently)
  • What architecture are you using? (32 or 64 bit)
  • Where/how is the appliance installed? [Bare-Metal/Local Hyperviser (Proxmox, VMware vSphere or similar)/Local Desktop VM (VirtualBox, VMware Player, KVM or similar)/TKL Hub (or AWS)/another VPS/Cloud provider (please give details)]
  • If installed locally - what format/build type did you use/download? (e.g. ISO, OVF, VMDK file, OVZ, etc)

Thanks! :)

Sure !

 Hi,

  • Were you using the latest version? (v13.0 currently)

Yes I downlaoded last week (turnkey-openphoto-13.0-wheezy-amd64.iso)

  • What architecture are you using? (32 or 64 bit)

x64

  • Where/how is the appliance installed? [Bare-Metal/Local Hyperviser (Proxmox, VMware vSphere or similar)/Local Desktop VM (VirtualBox, VMware Player, KVM or similar)/TKL Hub (or AWS)/another VPS/Cloud provider (please give details)]

I installed simply on ESXi host 5.0 with the ISO. (boot on ISO, auto LVM setup, set password and that's all.) After setup I got permission denied on /setup but modify /etc/apache2/....openphoto and after this it work. After he ask me info for database. I set root password in setup (ISO).  but the setup did not ask me to create database. 

  • If installed locally - what format/build type did you use/download? (e.g. ISO, OVF, VMDK file, OVZ, etc)

 ISO !

What it Trovebox ? It looks like we're on another software.

I always use turnkey ISO. More simple for me !

Don't hesitate if you need anything for help you !

Thanks

PY 

Jeremy's picture

Thanks

Sorry for all the questions, it just helps me try to recreate the issue you are having. I will launch from an ISO and see what happens. I'll post back when I have a chance.

Jeremy's picture

I couldn't download from the mirror you used

It seems that the mirror you are using is private. It asked me for a username and password... So I downloaded from SourceForge instead (http://downloads.sourceforge.net/project/turnkeylinux/iso/turnkey-openph...).

I installed it to a KVM VM and all went smoothly. Once I had completed all the first boot scripts it was all working as I would expect (no additional install steps required...). So I'm not really sure what happened for you... Perhaps the version you downloaded was corrupt (or got corrupted on download)?

Also I noticed (as you mentioned) that the software appears to be called TroveBox, not OpenPhoto (as I was expecting too). It appears that OpenPhoto was rebranded as TroveBox. See here: http://blog.theopenphotoproject.org/post/41541186074/say-hello-to-trovebox (note that 'theopenphotoproject.org' redirects to 'trovebox.com').

Browsing to Server Results in Setup

Hello,

I have a VMWare ESXi server. I installed OprenPhoto via an ovf template. The installation went smooth, but when I first went to the server via a browser at 192.168.1.212, I was denied permission, so I edited the openphoto file as described earler in this thread. Once I did that and rebooted, I was taken to a setup page where I have to enter an email address, password, then the sql password etc etc as others have described. This, of course fails. In my initial setup I changed the user email and site, but I'm still getting the "Create Your Trovebox site" page. I followed the suggestions above, but still no luck.

Thoughts?

Jeremy's picture

Did you run the firstboot script?

Is that what you mean when you say "I edited the openphoto file as described earler in this thread"?

Bottom line is that I can't reproduce this issue. I just downloaded and installed a fresh version of this appliance. I ran the firstboot scripts (from the console), set up a domain (I just used the hosts file on my laptop) and it all just worked OOTB.

Can you walk me through the exact steps you took, one by one and maybe we can work out what is going on...

Did you run the firstboot script?

Thanks for the reply, I appreciate it. I'm flying out for a week-long trip early tomorrow morning, but the weekend after this one coming, I'll re-do it and document my steps and the results. I did follow the install process twice, and with the same result.

Cheers,

Craig

Jeremy's picture

Ok Thanks Craig

Sorry to hear of your issues, but if we can reproduce the issue then we can fix it one way or another (either make changes to the appliance or the docs...)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)