Failed authorization procedure.The client lacks sufficient authorization

rayben109 · May 4, 2020, 3:48am

find /etc/nginx -name *.conf
/etc/nginx/fastcgi.conf
/etc/nginx/snippets/snakeoil.conf
/etc/nginx/snippets/fastcgi-php.conf
/etc/nginx/nginx.conf

rg305 · May 4, 2020, 3:50am

OK seems very simplistic.
Please show:
cat /etc/nginx/nginx.conf

[there’s probably some include file(s) to some other path]

rayben109 · May 4, 2020, 3:55am

cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable “msie6”;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss
text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/;
}
#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

rg305 · May 4, 2020, 3:56am

Please show:
ls -l /etc/nginx/sites-enabled/

rayben109 · May 4, 2020, 3:58am

ls -l /etc/nginx/sites-enabled
total 0
lrwxrwxrwx 1 root root 40 May 3 21:35 bigbluebutton -> /etc/nginx/sites-available/bigbluebutton
lrwxrwxrwx 1 root root 34 May 3 21:35 default -> /etc/nginx/sites-available/default

rg305 · May 4, 2020, 3:59am

OK, there it is!
Please show:
cat /etc/nginx/sites-available/bigbluebutton

rayben109 · May 4, 2020, 4:04am

server {
listen 80;
listen [::]:80;
server_name tmc.or.tz;
access_log /var/log/nginx/bigbluebutton.access.log;
# Handle RTMPT (RTMP Tunneling). Forwards requests
# to Red5 on port 5080
location ~ (/open/|/close/|/idle/|/send/|/fcs/) {
proxy_pass http://127.0.0.1:5080;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
# Handle desktop sharing tunneling. Forwards
# requests to Red5 on port 5080.
location /deskshare {
proxy_pass http://127.0.0.1:5080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
#error_page 404 /404.html;
# Redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}

rg305 · May 4, 2020, 4:08am

hmm…
That seems to match your --webroot command…
Let’s try placing a test file there and see if it can be reached via the Internet.
echo 'testing' >> /var/www/bigbluebutton-default/test-file
then
ls -l /var/www/bigbluebutton-default/test-file

[may need sudo]

rayben109 · May 4, 2020, 4:08am

ls: cannot access ‘/var/www/bigbluebutton-default/test-file’: No such file or directory

rg305 · May 4, 2020, 4:10am

How about:
sudo echo 'testing' >> /var/www/bigbluebutton-default/test-file
then
ls -l /var/www/bigbluebutton-default/test-file

rayben109 · May 4, 2020, 4:11am

-rw-r–r-- 1 root root 8 May 4 04:09 /var/www/bigbluebutton-default/test-file

Thats what I get, I did it wrong before.

rg305 · May 4, 2020, 4:24am

But the file is NOT accessible from the Internet:

curl -Iki http://tmc.or.tz/test-file
HTTP/1.1 404 Not Found
Connection: Keep-Alive
X-Powered-By: PHP/7.2.30
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 May 2020 04:12:02 GMT
Server: LiteSpeed

And I don’t see NGINX.
I see LiteSpeed.
There must be some PROXY type device inline or along the way.

Or

The port forwarding it NOT external:80 to internal:80
Is there a NAT/firewall type device inline?

rayben109 · May 4, 2020, 4:27am

Alright, so what happens is that the tmc.or.tz is the domain name assigned to my BigBlueButton server, as instructed on the documentation
First, I installed Let’s Encrypt configuration tool. by running commands

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get install certbot

Next, generate a set of 4096-bit diffie-hellman parameters to improve security for some types of ciphers.

sudo mkdir -p /etc/nginx/ssl
sudo openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096

Then to configure the BigBlueButton server with my hostname I ran

$ sudo bbb-conf --setip tmc.or.tz

and lastly request a SSL certificate from Let’s Encrypt using the certbot tool, where the problem starts

sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d tmc.or.tz certonly

Maybe this might help knowing where went wrong! Thank you.

rg305 · May 4, 2020, 4:29am

All of that is good.
The problem is that your setup is NOT standard.
The Internet requests on port 80 don’t reach the service on port 80.
Something is changing the ports along the way (my best guess).

rayben109 · May 4, 2020, 4:34am

Alright, so what can I look at the moment,

Is there anything I can lookup?

rg305 · May 4, 2020, 2:45pm

I would speak with whomever provides your service.
I’m not familiar with your setup nor design/implementation, so I could only guess…
My first guess is a firewall/NAT device is translating the inbound port 80 requests to some other port or some other device.
My second guess is that your on a shared system and those requests only reach your system after they have been handled by the common hosting service.
My last guess is that your own system is setup to forward port 80 to some other port and is being handled by some other (than nginx) app. As you can see by the previous netstat command, there are a lot of services running (listening) on your system. It is difficult to understand how they all “work together” without a “map”.

rayben109 · May 5, 2020, 3:23am

Thanks very much!
I have managed to solve the problem by configuring the A records to point to the external IP address of the Ubuntu server on Google Cloud. Again thanks I appreciate you.

gsbrown · May 6, 2020, 1:23pm

He/she said they are using NGINX so that is why apache can not be found…

rg305 · May 6, 2020, 6:52pm

@gsbrown,
It is always easy to see things after-the-fact.
Yeah time could have been saved had I listened to the end-user.
But end-users say lots of things…
And this however is NOT hearsay:

It doesn’t show NGINX, it shows LiteSpeed.
So is “LiteSpeed” always NGINX or Apache or neither or sometimes one and sometimes another?

system · June 5, 2020, 6:45pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.