I just downloaded the VM of the Trac appliance (version 14.1) and installed it on our vsphere. This worked fine. The server is running and I can access webmin.

However every HTTP or HTTPS call to the IP address returned an internal server error.

I could track this error down to /var/www/index.html

This file contained two additional lines after the closing html tag, which rendered it invalid and led to an error message "TemplateSyntaxError: junk after document element: line".

After I manually deleted those additional lines, trac started to work.


Jeremy Davis's picture

I'll have to look into it and see why that is occurring.
John Carver's picture


I'm seeing this same behavior when testing using Ansible and LXC.  It is new for version 14.1.  The 14.0 version was okay.


Information is free, knowledge is acquired, but wisdom is earned.

Jeremy Davis's picture

I'm pretty sure that the LXC issue is the same issue that the Torrentserver appliance is/was having (broken version of turnkey-make-ssl-cert - see discussion here). Ansible has the same issue, but in my tests (ISO in a VM on Proxmox) I can't reproduce an actual failure with Ansible (i.e. the cert/key is broken, but lighttpd still seems to work ok for me).

WRT the broken turnkey-make-ssl-cert; long story short, an older (unfixed) version of turnkey-make-ssl-cert crept into the v14.1 appliances (instead of the version that Anton fixed). This caused appliances that use Nginx to fail on reboot/restart but my testing suggests that it also affects all the appliances that were rebuilt (ones that were patched are ok), even thought LigHTTPd and Apache both seem to essentially still work, even though the cert is broken.

Back to the Ansible appliance, the TKL webcp page displays fine for me (on Chrome and Firefox) although there are 2 errors if I use google dev tools:

Failed to load resource: the server responded with a status of 503 () https://ajax.turnkeylinux.org/webcp/iso/14.1-jessie-amd64/ansible.js 
Failed to load resource: the server responded with a status of 520 () https://ajax.turnkeylinux.org/webcp/iso/14.1-jessie-amd64/ansible.direct 

I am planning to rebuild all the affected appliances, but want to make sure that I don't have to rebuild them again (I think Alon might decide to disown me if I did that...!). I will test Trac and see if I can reproduce that issue too.

So to summarise:

  • I'm 99% sure that the workaround for Torrentserver will also resolve the issues with LXC (i.e. it's because Nginix is crashing due to mismatched cert & key).
  • I couldn't reproduce the issue with Ansible (although the browser does note that there are errors & the key/cert are mismatched).
  • I could reproduce the issue with Trac and it appears that removing those last 2 lines of code resolves it (as per Rico's original comment). It also suffers the key/cert mismatch but Apache doesn't seem to care too much.

    So we have removed the v14.1 download links from the website so users are now downloading the old v14.0 appliances. The v14.1 apps are still on the mirror but I'll be rebuilding at least some of them. I won't do that until I've spoken with Alon & Liraz about this specific issue. It's actually the 29tagid inithook that inserts those last lines. AFAIK it's something to do with the fence but I'm not 100%...

  • Add new comment