Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile Server: UNABLE_TO_VERIFY_LEAF_SIGNATURE #6

Open
Suika opened this issue Jul 9, 2020 · 10 comments
Open

Profile Server: UNABLE_TO_VERIFY_LEAF_SIGNATURE #6

Suika opened this issue Jul 9, 2020 · 10 comments

Comments

@Suika
Copy link

Suika commented Jul 9, 2020

Hi, nice seeing that someone tackled the... mess that is fxa.
I think most of the services are running properly except the fxa_fxa-profile-server that has a problem with self-signed certificates.

I'm cheating the whole thing a bit, because I want to serve everything on 80/443 with self-signed certificates and have it go through traefik.
If you look at the Compose file at the bottom it's basically: Me > Browser > traefik (443) > nginx(80) > other services

I mounted the /etc/ssl:/etc/ssl:ro in hopes that the system would pick up on the host Root CAs, but it doesn't seem to do that for Node applications in this case.

Any idea?

Response from profileserver https://fxa-profile.dockerhost.lan/v1/profile:

{
  "code": 503,
  "errno": 104,
  "error": "Service Unavailable",
  "message": "OAuth server error",
  "cause": {
    "code": "UNABLE_TO_VERIFY_LEAF_SIGNATURE"
  }
}

From: nginx

172.20.0.2 - - [09/Jul/2020:16:58:51 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /settings HTTP/1.1" 200 3417 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /styles/4ec5ae0f.main.css HTTP/1.1" 200 26508 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/c86df1d3.mozilla.svg HTTP/1.1" 200 762 "https://fxa-www.dockerhost.lan/styles/4ec5ae0f.main.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/c86df1d3.mozilla.svg HTTP/1.1" 200 762 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/16821f55.firefox-logo.svg HTTP/1.1" 200 2631 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0d4c39bb.icon-key-grey-50.svg HTTP/1.1" 200 184 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/926ef78a.icon-warning-red-50.svg HTTP/1.1" 200 226 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/e989245b.icon-check-blue-50.svg HTTP/1.1" 200 198 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/de9d9f0c.icon-lock-grey-50.svg HTTP/1.1" 200 217 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/84cbca5d.icon-check-white.svg HTTP/1.1" 200 213 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/b08b6d6f.icon-device-laptop-windows.svg HTTP/1.1" 200 334 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/b8e508e7.icon-device-laptop.svg HTTP/1.1" 200 260 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/173decbe.icon-device-laptop-linux.svg HTTP/1.1" 200 1056 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/a6776cca.icon-device-phone.svg HTTP/1.1" 200 322 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/5f50bfb8.icon-device-laptop-mac.svg HTTP/1.1" 200 486 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/3fbaa542.icon-device-phone-android.svg HTTP/1.1" 200 494 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/abb1ca89.icon-device-phone-iphone.svg HTTP/1.1" 200 525 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/48a61e06.icon-device-phone-windows.svg HTTP/1.1" 200 377 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/8c795326.icon-device-tablet.svg HTTP/1.1" 200 265 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/4c8c74ce.icon-device-tablet-android.svg HTTP/1.1" 200 449 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/16e07f83.icon-device-tablet-ipad.svg HTTP/1.1" 200 514 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0238edd5.icon-device-vr.svg HTTP/1.1" 200 318 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/d2413681.icon-service-addon.svg HTTP/1.1" 200 397 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/21af5d58.icon-device-tv.svg HTTP/1.1" 200 216 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/25a06f3a.icon-service-lockbox.svg HTTP/1.1" 200 332 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/2c81118a.icon-service-monitor.svg HTTP/1.1" 200 731 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/14a4c457.icon-service-private-network.svg HTTP/1.1" 200 568 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/20b95eb0.icon-service-firefox-notes.svg HTTP/1.1" 200 643 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/3fa2fb12.icon-service-better-web.svg HTTP/1.1" 200 748 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/ad46e1d7.icon-service-reality.svg HTTP/1.1" 200 284 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/ec423fc6.icon-service-pocket.svg HTTP/1.1" 200 371 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/b89ad13e.icon-service-screenshots.svg HTTP/1.1" 200 394 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0fc481bc.icon-client-default.svg HTTP/1.1" 200 431 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/47196c49.icon-service-pontoon.svg HTTP/1.1" 200 203 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/16bc96ee.icon-service-send.svg HTTP/1.1" 200 496 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/a58276f4.icon-web-session.svg HTTP/1.1" 200 7343 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0c2e7cc8.icon-service-lockwise.svg HTTP/1.1" 200 647 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/3c46cf11.icon-open-in.svg HTTP/1.1" 200 281 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/41b8a558.recovery_code_replace.svg HTTP/1.1" 200 374 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0edd579c.recovery_key_download.svg HTTP/1.1" 200 199 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/39d396a4.recovery_key_key.svg HTTP/1.1" 200 398 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/723edba6.recovery_key_print.svg HTTP/1.1" 200 242 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/f865d0ab.spinnerlight.png HTTP/1.1" 200 15158 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/[email protected] HTTP/1.1" 200 15933 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/87b02829.spinnerwhite.svg HTTP/1.1" 200 474 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/a9d4e679.spinnergrey.png HTTP/1.1" 200 478 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/[email protected] HTTP/1.1" 200 1016 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/6caa4c67.glyph-camera-32.svg HTTP/1.1" 200 343 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/1827186e.glyph-upload-16.svg HTTP/1.1" 200 318 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/898d0863.glyph-clear-16.svg HTTP/1.1" 200 352 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/204ef5bd.crop-mask.svg HTTP/1.1" 200 434 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/41b8dc9d.account-verified.svg HTTP/1.1" 200 1316 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/1718f7bd.graphic_mail_bounced.svg HTTP/1.1" 200 1576 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/3e5b4942.graphic_mail.svg HTTP/1.1" 200 2389 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/34fa31a7.account-verified-hearts.svg HTTP/1.1" 200 1416 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/8f341755.graphic_laptop_mobile.svg HTTP/1.1" 200 2644 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/9a29d7ec.graphic_laptop_mobile_qr.svg HTTP/1.1" 200 3428 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/6f1c3bc5.graphic_recovery_codes.svg HTTP/1.1" 200 2421 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/81c63568.graphic_two_factor_auth.svg HTTP/1.1" 200 1733 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/bdcf873a.recovery_code_download.svg HTTP/1.1" 200 357 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/eff45dd7.recovery_code_copy.svg HTTP/1.1" 200 419 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/11703ba4.recovery_code_print.svg HTTP/1.1" 200 410 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/e2f92ecb.graphic-logo-firefox.svg HTTP/1.1" 200 3962 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/565e654c.graphic_hearts_broken.svg HTTP/1.1" 200 1322 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/f9ca0aac.graphic-logo-lockwise.svg HTTP/1.1" 200 5225 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/f44eaa7b.graphic-logo-send.svg HTTP/1.1" 200 3683 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/3db9eaf5.close.svg HTTP/1.1" 200 210 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/0a25d57b.chevron.svg HTTP/1.1" 200 186 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/b1b13850.icon-close.svg HTTP/1.1" 200 191 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/16821f55.firefox-logo.svg HTTP/1.1" 200 2631 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/c86df1d3.mozilla.svg HTTP/1.1" 200 762 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/4a06e213.default-profile.svg HTTP/1.1" 200 499 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/342b7c50.choose_what_to_sync_devices.svg HTTP/1.1" 200 2769 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/8f05c551.graphic-logo-monitor.svg HTTP/1.1" 200 6660 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /images/f865d0ab.spinnerlight.png HTTP/1.1" 200 15158 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:53 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /favicon.ico HTTP/1.1" 200 15086 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/account HTTP/1.1" 200 56 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "POST /v1/oauth/token HTTP/1.1" 200 174 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/profile HTTP/1.1" 503 136 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /bundle-6e6008c1bbd53f0ecbfb9e9652e023fb5abdd151/vendors~fxa-common-password-list.bundle.js HTTP/1.1" 200 119016 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "POST /v1/recoveryKey/exists HTTP/1.1" 200 52 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/recovery_emails HTTP/1.1" 200 96 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/totp/exists HTTP/1.1" 200 64 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "GET /v1/recovery_email/status HTTP/1.1" 200 98 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:58:54 +0000] "POST /v1/recoveryKey/exists HTTP/1.1" 200 52 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"
172.20.0.2 - - [09/Jul/2020:16:59:03 +0000] "POST /metrics HTTP/1.1" 200 16 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "10.0.0.103"

From: fxa_fxa-auth-server_1

{"Timestamp":1594313783788000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./account.200","missingFlowId":true}}
{"Timestamp":1594313783791000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"oauth.token.created","missingFlowId":true}}
{"Timestamp":1594313783796000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./oauth/token.200","missingFlowId":true}}
{"Timestamp":1594313783944000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./totp/exists.200","missingFlowId":true}}
{"Timestamp":1594313783947000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./recoveryKey/exists.200","missingFlowId":true}}
{"Timestamp":1594313783949000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./recovery_emails.200","missingFlowId":true}}
{"Timestamp":1594313783976000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":38,"EnvVersion":"2.0","Fields":{"event":"route./recoveryKey/exists.200","missingFlowId":true}}

From: fxa_fxa-auth-db-mysql_1

{
  "Timestamp": 1594313686342000000,
  "Logger": "fxa-auth-db-server",
  "Type": "bin.server.summary",
  "Severity": 4,
  "Pid": 19,
  "EnvVersion": "2.0",
  "Fields": {
    "code": 404,
    "route": "gettotpid",
    "method": "GET",
    "path": "/totp/64d5f8508a044da981f358a1ed1ded99",
    "err": "Error: Not Found",
    "t": 2
  }
}

From: fxa_fxa-profile-server

{
  "Timestamp": 1594313400523000000,
  "Logger": "fxa-profile-server",
  "Type": "server.web.oauth.error",
  "Severity": 2,
  "Pid": 8,
  "EnvVersion": "2.0",
  "Fields": {
    "error": "Error: unable to verify the first certificate",
    "stack": "\n    at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)\n    at TLSSocket.emit (events.js:315:20)\n    at TLSSocket.EventEmitter.emit (domain.js:482:12)\n    at TLSSocket._finishInit (_tls_wrap.js:936:8)\n    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12)"
  }
}

{
  "Timestamp": 1594313400524000000,
  "Logger": "fxa-profile-server",
  "Type": "server.summary",
  "Severity": 2,
  "Pid": 8,
  "EnvVersion": "2.0",
  "Fields": {
    "code": 503,
    "method": "get",
    "errno": 104,
    "path": "/v1/profile",
    "agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
    "t": 30,
    "remoteAddressChain": "[\"10.0.0.103\",\"172.20.0.2\",\"172.20.0.17\"]",
    "stack": "Error: OAuth server error\n    at Function.oauthError (/fxa/packages/fxa-profile-server/lib/error.js:179:10)\n    at Request._callback (/fxa/packages/fxa-profile-server/lib/server/web.js:137:42)\n    at self.callback (/fxa/node_modules/request/request.js:185:22)\n    at Request.emit (events.js:315:20)\n    at Request.EventEmitter.emit (domain.js:482:12)\n    at Request.onRequestError (/fxa/node_modules/request/request.js:877:8)\n    at ClientRequest.emit (events.js:315:20)\n    at ClientRequest.EventEmitter.emit (domain.js:482:12)\n    at TLSSocket.socketErrorListener (_http_client.js:426:9)\n    at TLSSocket.emit (events.js:315:20)\n    at TLSSocket.EventEmitter.emit (domain.js:482:12)\n    at emitErrorNT (internal/streams/destroy.js:92:8)\n    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)\n    at processTicksAndRejections (internal/process/task_queues.js:84:21)"
  }
}

copmose:

version: "2"
services:
  mysqldb:
    image: mysql/mysql-server:5.6
    environment:
    - MYSQL_ALLOW_EMPTY_PASSWORD=true
    - MYSQL_ROOT_HOST=%
    expose:
    - "3306"
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/mysql_data:/var/lib/mysql/
    - /opt/docker/fxa/_init/mysql/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
    restart: unless-stopped
  redis:
    image: redis
    expose:
    - "6379"
    restart: unless-stopped
  browseridverifier.local:
    image: mozilla/browserid-verifier:v1.178.0
    volumes:
    - /etc/ssl:/etc/ssl:ro
    expose:
    - "5050"
    environment:
    - PORT=5050
    - IP_ADDRESS=0.0.0.0
    - FORCE_INSECURE_LOOKUP_OVER_HTTP=false
    - HTTP_TIMEOUT=60
    restart: unless-stopped
    entrypoint: node
    command: server.js
  syncserver:
    image: mozilla/syncserver
    expose:
    - "5000"
    environment:
    - WAIT_HOSTS=mysqldb:3306,nginx:80
    - WAIT_HOSTS_TIMEOUT=120
    - SYNCSERVER_PUBLIC_URL=https://fxa-token.dockerhost.lan
    - SYNCSERVER_BROWSERID_VERIFIER=http://browseridverifier.local:5050
    - SYNCSERVER_SQLURI=mysql+pymysql://root@mysqldb/sync
    - SYNCSERVER_BATCH_UPLOAD_ENABLED=true
    - SYNCSERVER_FORCE_WSGI_ENVIRON=true
    - PORT=5000
    - SYNCSERVER_IDENTITY_PROVIDER=http://fxa-content-server:3030
    depends_on:
    - mysqldb
    - fxa-content-server
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    entrypoint: sh -c "/wait && /usr/bin/dumb-init /app/docker-entrypoint.sh server"
    restart: unless-stopped
  pushbox.local:
    image: mozilla/pushbox
    expose:
    - "8002"
    environment:
    - ROCKET_ENV=prod
    - ROCKET_PORT=8002
    - ROCKET_SERVER_TOKEN=LEH7sBPxVz9J5EArmPRvjXyywtK5LYSyMM4w2pifbRro4S6fNiEKHvCkV6demEZd
    - ROCKET_DATABASE_URL=mysql://root@mysqldb/pushbox
    - WAIT_HOSTS=mysqldb:3306
    - WAIT_HOSTS_TIMEOUT=120
    depends_on:
    - mysqldb
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    command: sh -c "/wait && /app/bin/pushbox"
    restart: unless-stopped
  fxa-auth-db-mysql:
    image: mozilla/fxa-auth-db-mysql:v1.178.0
    expose:
    - "8000"
    depends_on:
    - mysqldb
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    command: sh -c "/wait && node ./bin/db_patcher.js > /dev/null && node ./bin/server.js"
    environment:
    - WAIT_HOSTS=mysqldb:3306
    - WAIT_HOSTS_TIMEOUT=120
    - MYSQL_HOST=mysqldb
    - MYSQL_SLAVE_HOST=mysqldb
    - ENABLE_PRUNING=true
    - LOG_LEVEL=WARN
    - HOST=0.0.0.0
    restart: unless-stopped
  fxa-auth-local-mail-helper:
    image: mozilla/fxa-auth-server:v1.178.0
    expose:
    - "9999"
    ports:
    - 127.0.0.1:9001:9001
    environment:
    - NODE_ENV=dev
    - SMTP_PORT=9999
    - MAILER_HOST=0.0.0.0
    - MAILER_PORT=9001
    command: sh -c "npm i -D mailparser simplesmtp && node /app/test/mail_helper.js"
    restart: unless-stopped
  fxa-auth-server:
    image: mozilla/fxa-auth-server:v1.178.0
    expose:
    - "9000"
    depends_on:
    - fxa-auth-db-mysql
    - redis
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    - /opt/docker/fxa/_init/auth/oauthserver-prod.json:/app/config/prod.json
    environment:
    - OAUTH_SERVER_SECRET_KEY=kvjLWnTS9frWqodxUN6f2CDZJ4njgG5UtBpaEtUS5JbA5vGgqCL4iZeBCAXTpg5Q
    - OAUTH_SERVER_SECRETS=kvjLWnTS9frWqodxUN6f2CDZJ4njgG5UtBpaEtUS5JbA5vGgqCL4iZeBCAXTpg5Q
    - AUTH_SERVER_SHARED_SECRET=kvjLWnTS9frWqodxUN6f2CDZJ4njgG5UtBpaEtUS5JbA5vGgqCL4iZeBCAXTpg5Q
    - AUTH_SERVER_SECRETS=kvjLWnTS9frWqodxUN6f2CDZJ4njgG5UtBpaEtUS5JbA5vGgqCL4iZeBCAXTpg5Q,realwhatever
    - SUPPORT_PANEL_AUTH_SECRET_BEARER_TOKEN=SUPPORT_PANEL_IS_NOT_SUPPORTED
    - PROFILE_SERVER_AUTH_SECRET_BEARER_TOKEN=I_DONT_WANT_TO_CHANGE_YOU
    - FLOW_ID_KEY=PRbkFvTe5tCDa93zvUcXeXYoKCTqd6LeQqeoqKvB8xGVFp6iyz2Wg7E6VY7CH9wu
    - REDIS_HOST=redis
    - ACCESS_TOKEN_REDIS_HOST=redis
    - REFRESH_TOKEN_REDIS_HOST=redis
    - SNS_TOPIC_ARN=disabled
    - SMS_ENABLED=false
    - SMS_ENABLE_BUDGET_CHECKS=false
    - MEMCACHE_METRICS_CONTEXT_ADDRESS=none
    - DB=mysql
    - MYSQL_HOST=mysqldb
    - HTTPDB_URL=http://fxa-auth-db-mysql:8000
    - IP_ADDRESS=0.0.0.0
    - SIGNIN_UNBLOCK_FORCED_EMAILS=^block.*@restmail\\.net$$
    - SIGNIN_CONFIRMATION_ENABLED=true
    - SIGNIN_CONFIRMATION_FORCE_EMAIL_REGEX=^sync.*@restmail\\.net$$
    - ISSUER=fxa-api.dockerhost.lan
    - PUBLIC_URL=https://fxa-api.dockerhost.lan
    - OAUTH_URL=https://fxa-oauth.dockerhost.lan
    - AUTH_SERVER_URL=https://fxa-api.dockerhost.lan
    - CONTENT_SERVER_URL=https://fxa-www.dockerhost.lan
    - SYNC_TOKENSERVER_URL=https://fxa-token.dockerhost.lan/token
    - PROFILE_SERVER_URL=https://fxa-profile.dockerhost.lan
    - FXA_OPENID_ISSUER=https://fxa-www.dockerhost.lan
    - VERIFICATION_URL=http://browseridverifier.local:5050/v2
    - PUSHBOX_KEY=LEH7sBPxVz9J5EArmPRvjXyywtK5LYSyMM4w2pifbRro4S6fNiEKHvCkV6demEZd
    - PUSHBOX_URL=http://pushbox.local:8002
    - PUSHBOX_ENABLED=true
    - CUSTOMS_SERVER_URL=none
    - FXA_OPENID_KEYFILE=config/key.json
    - FXA_OPENID_NEWKEYFILE=config/newKey.json
    - FXA_OPENID_OLDKEYFILE=config/oldKey.json
    - SMTP_SENDER="Firefox Accounts <[email protected]>"
    - SMTP_HOST=fxa-auth-local-mail-helper
    - SMTP_PORT=9999
    - FXA_MX_RECORD_VALIDATION=false
    - GEODB_ENABLED=false
    - WAIT_HOSTS=redis:6379,fxa-auth-db-mysql:8000
    - WAIT_HOSTS_TIMEOUT=120
    - LOG_LEVEL=WARN
    command: sh -c "node /app/scripts/gen_keys.js; node /app/scripts/oauth_gen_keys.js
      ; node /app/scripts/gen_vapid_keys.js  && /wait && node /app/bin/key_server.js"
    restart: unless-stopped
  fxa-profile-static:
    image: mozilla/fxa-profile-server:v1.178.0
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/public:/app/var/public/:ro
    expose:
    - "1112"
    environment:
    - HOST=0.0.0.0
    - IMG=local
    command:
    - node
    - /app/bin/_static.js
    restart: unless-stopped
  fxa-profile-worker:
    image: mozilla/fxa-profile-server:v1.178.0
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/public:/app/var/public/
    expose:
    - "1113"
    environment:
    - WORKER_HOST=0.0.0.0
    - IMG=local
    command:
    - node
    - /app/bin/worker.js
    restart: unless-stopped
  fxa-profile-server:
    image: mozilla/fxa-profile-server:v1.178.0
    expose:
    - "1111"
    depends_on:
    - mysqldb
    - redis
    environment:
    - WAIT_HOSTS=mysqldb:3306,redis:6379
    - WAIT_HOSTS_TIMEOUT=120
    - AUTH_SECRET_BEARER_TOKEN=I_DONT_WANT_TO_CHANGE_YOU
    - EVENTS_ENABLED=false
    - HOST=0.0.0.0
    - DB=mysql
    - IMG_PROVIDERS_FXA=^https://fxa-profile.dockerhost.lan/img/a/[0-9a-f]{32}$$
    - IMG_URL=https://fxa-profile.dockerhost.lan/img/a/{id}
    - MYSQL_HOST=mysqldb
    - IMG=local
    - AUTH_SERVER_URL=https://fxa-api.dockerhost.lan/v1
    - OAUTH_SERVER_URL=https://fxa-oauth.dockerhost.lan/v1
    - REDIS_HOST=redis
    - WORKER_URL=http://fxa-profile-worker:1113
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    - /opt/docker/fxa/public:/app/var/public/
    command: sh -c "/wait && node /app/bin/server.js"
    restart: unless-stopped
  fxa-content-server:
    image: mozilla/fxa-content-server:v1.178.0
    expose:
    - "3030"
    depends_on:
    - fxa-auth-server
    - fxa-profile-server
    - redis
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/_init/content/contentserver-prod.json:/app/config/prod.json
    environment:
    - CONFIG_FILES=/app/config/prod.json
    - FXA_OAUTH_CLIENT_ID=ea3ca969f8c6bb0d
    - FLOW_ID_KEY=PRbkFvTe5tCDa93zvUcXeXYoKCTqd6LeQqeoqKvB8xGVFp6iyz2Wg7E6VY7CH9wu
    - FEATURE_FLAGS_REDIS_HOST=redis
    - SYNC_TOKENSERVER_URL=https://fxa-token.dockerhost.lan/token
    - PUBLIC_URL=https://fxa-www.dockerhost.lan
    - FXA_OAUTH_URL=https://fxa-oauth.dockerhost.lan
    - FXA_URL=https://fxa-api.dockerhost.lan
    - FXA_PROFILE_URL=https://fxa-profile.dockerhost.lan
    - FXA_PROFILE_IMAGES_URL=https://fxa-profile.dockerhost.lan
    - FXA_MARKETING_EMAIL_ENABLED=false
    - GEODB_ENABLED=false
    - LOG_LEVEL=WARN
    - NODE_ENV=production
    - STATIC_DIRECTORY=dist
    - PAGE_TEMPLATE_SUBDIRECTORY=dist
    - CSP_ENABLED=true
    command:
    - node
    - /app/server/bin/fxa-content-server.js
    restart: unless-stopped
  nginx:
    image: nginx
    expose:
    - "80"
    labels:
      - "traefik.frontend.rule=Host:fxa-www.dockerhost.lan,fxa-api.dockerhost.lan,fxa-oauth.dockerhost.lan,fxa-profile.dockerhost.lan,fxa-token.dockerhost.lan,fxa-kinto.dockerhost.lan"
      - "traefik.frontend.entryPoints=http,https"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.port=80"
      - "com.centurylinklabs.watchtower.enable=true"
    depends_on:
    - fxa-auth-server
    - fxa-profile-server
    - syncserver
    - fxa-content-server
    - kinto
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/_init/nginx/fxa_nossl.conf.tmpl:/etc/nginx/conf.d/fxa.conf.tmpl:ro
    - /opt/docker/fxa/_init/nginx/kinto_nossl.conf.tmpl:/etc/nginx/conf.d/kinto.conf.tmpl:ro
    environment:
    - NGINX_DOMAIN_NAME=dockerhost.lan
    - CONTENT=fxa-www
    - AUTH=fxa-api
    - OAUTH=fxa-oauth
    - PROFILE=fxa-profile
    - SYNC=fxa-token
    - KINTO=fxa-kinto
    command: /bin/sh -c "envsubst '$$NGINX_DOMAIN_NAME $$CONTENT $$AUTH $$OAUTH $$PROFILE
      $$SYNC' < /etc/nginx/conf.d/fxa.conf.tmpl > /etc/nginx/conf.d/fxa.conf && envsubst
      '$$NGINX_DOMAIN_NAME $$KINTO' < /etc/nginx/conf.d/kinto.conf.tmpl > /etc/nginx/conf.d/kinto.conf
      && nginx -g 'daemon off;'"
    restart: unless-stopped
  kinto:
    image: kinto/kinto-server:latest
    depends_on:
    - postgresdb
    expose:
    - "8888"
    environment:
    - WAIT_HOSTS=postgresdb:5432
    - WAIT_HOSTS_TIMEOUT=120
    - PORT=8888
    - KINTO_STORAGE_BACKEND=kinto.core.storage.postgresql
    - KINTO_STORAGE_URL=postgresql://postgres:postgres@postgresdb/postgres
    - KINTO_CACHE_BACKEND=kinto.core.cache.postgresql
    - KINTO_CACHE_URL=postgresql://postgres:postgres@postgresdb/postgres
    - KINTO_PERMISSION_BACKEND=kinto.core.permission.postgresql
    - KINTO_PERMISSION_URL=postgresql://postgres:postgres@postgresdb/postgres
    - FXA_OAUTH_OAUTH_URI=https://fxa-oauth.dockerhost.lan/v1
    - FXA_OAUTH_CLIENTS_STORAGESYNC_CLIENT_ID=5882386c6d801776
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/wait:/wait
    - /opt/docker/fxa/_init/kinto/kinto.ini:/etc/kinto/kinto.ini
    command: sh -c "pip install PyFxa==0.7.3 && pip install kinto-fxa && /wait &&
      kinto migrate --ini $$KINTO_INI && kinto start --ini $$KINTO_INI --port $$PORT"
    restart: unless-stopped
  postgresdb:
    image: postgres
    expose:
    - "5432"
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /opt/docker/fxa/postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
@Suika
Copy link
Author

Suika commented Jul 9, 2020

Nevermind, found a way to fix it.

Set NODE_TLS_REJECT_UNAUTHORIZED=0 environment of fxa-profile-server and it will work.
Not the best solution, but works for now. If you have any idea how to get it to work properly, then that would be nice.

Otherwise, if no other solution exists, just add it to the readme or something like that. Since someone else will maybe have a setup like this.
Technically, the issue can be closed.

@Suika
Copy link
Author

Suika commented Jul 9, 2020

Strange, now I'm able to login, but I'm always requested to reconnect.

@Suika
Copy link
Author

Suika commented Jul 9, 2020

All the logs that happen on firefox signin.
Looks like browserid-verifier is bitching about the certificate, it seems.

fxa_nginx_1: 2020-07-09T21:24:19.457186360Z 172.20.0.2 - - [09/Jul/2020:21:24:19 +0000] "POST /metrics HTTP/1.1" 200 16 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:19.458384852Z {"event":"flow.force-auth.submit","flow_id":"fbf589c2bc4f6943a294ce5acef8188a1e2477c420f2fd8435b1c69e6fa2e258","flow_time":8338,"hostname":"646fe277bdb6","locale":"en_US","op":"flowEvent","pid":1,"time":"2020-07-09T21:24:19.449Z","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0","v":1,"context":"fx_desktop_v3","entrypoint":"fxa_app_menu","service":"sync"}
fxa_fxa-auth-db-mysql_1: 2020-07-09T21:24:19.751956273Z {"Timestamp":1594329859751000000,"Logger":"fxa-auth-db-server","Type":"bin.server.summary","Severity":4,"Pid":19,"EnvVersion":"2.0","Fields":{"code":404,"route":"gettotpid","method":"GET","path":"/totp/64d5f8508a044da981f358a1ed1ded99","err":"Error: Not Found","t":1}}
2020-07-09T21:24:19.846694623Z No verify code match
2020-07-09T21:24:19.847263291Z {
2020-07-09T21:24:19.847284557Z   html: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\n' +
2020-07-09T21:24:19.847293934Z     '<html xmlns="http://www.w3..org/1999/xhtml">\n' +
2020-07-09T21:24:19.847302524Z     '  <head>\n' +
2020-07-09T21:24:19.847310173Z     '    <meta http-equiv="content-type" content="text/html; charset=utf-8" />\n' +
2020-07-09T21:24:19.847318732Z     '    <title>New sign-in to Firefox</title>\n' +
2020-07-09T21:24:19.847327772Z     '  </head>\n' +
2020-07-09T21:24:19.847336933Z     '\n' +
2020-07-09T21:24:19.847342309Z     '  <body style="-ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; margin: 0; padding: 0;">\n' +
2020-07-09T21:24:19.847347903Z     '    <table\n' +
2020-07-09T21:24:19.847353049Z     '     align="center"\n' +
2020-07-09T21:24:19.847358289Z     '     border="0"\n' +
2020-07-09T21:24:19.847363462Z     '     cellpadding="0"\n' +
2020-07-09T21:24:19.847368798Z     '     cellspacing="0"\n' +
2020-07-09T21:24:19.847374920Z     '     width="310"\n' +
2020-07-09T21:24:19.847381094Z     '     style="-webkit-text-size-adjust: 100%; border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; width: 310px; margin: 0 auto;"\n' +
2020-07-09T21:24:19.847386857Z     '    >\n' +
2020-07-09T21:24:19.847392869Z     '      <tr style="page-break-before: always">\n' +
2020-07-09T21:24:19.847399476Z     '        <td align="center" id="firefox-logo" style="padding: 20px 0;">\n' +
2020-07-09T21:24:19.847405148Z     '            <img\n' +
2020-07-09T21:24:19.847410935Z     '             src="https://image.e.mozilla.org/lib/fe9915707361037e75/m/4/11c1e411-7dfe-4e04-914c-0f098edac96c.png"\n' +
2020-07-09T21:24:19.847416692Z     '             height="60"\n' +
2020-07-09T21:24:19.847422014Z     '             width="60"\n' +
2020-07-09T21:24:19.847427171Z     '             alt=""\n' +
2020-07-09T21:24:19.847432309Z     '             style="-ms-interpolation-mode: bicubic;"\n' +
2020-07-09T21:24:19.847462687Z     '            />\n' +
2020-07-09T21:24:19.847469748Z     '\n' +
2020-07-09T21:24:19.847474930Z     '        </td>\n' +
2020-07-09T21:24:19.847480177Z     '      </tr>\n' +
2020-07-09T21:24:19.847485731Z     '\n' +
2020-07-09T21:24:19.847490789Z     '      <tr style="page-break-before: always">\n' +
2020-07-09T21:24:19.847496134Z     '  <td valign="top">\n' +
2020-07-09T21:24:19.847501443Z     '    <h1 style="font-family: sans-serif; font-size: 21px; line-height: 29px; font-weight: normal; margin: 0 0 11px 0; text-align: center;">New sign-in to Firefox</h1>\n' +
2020-07-09T21:24:19.847507227Z     '\n' +
2020-07-09T21:24:19.847512327Z     '    <p style="font-family:sans-serif; font-size: 13px; line-height: 20px; font-weight: normal; margin: 0 0 24px 0px; text-align: center; color: #4a4a4f;">\n' +
2020-07-09T21:24:19.847519358Z     '      \n' +
2020-07-09T21:24:19.847524418Z     '      Firefox on Linux<br/>\n' +
2020-07-09T21:24:19.847529584Z     '      \n' +
2020-07-09T21:24:19.847534617Z     '      IP address: 10.0.0.103<br/>\n' +
2020-07-09T21:24:19.847539995Z     '      9:24:19 PM (UTC) Thursday, Jul 9, 2020<br/>\n' +
2020-07-09T21:24:19.847545205Z     '    </p>\n' +
2020-07-09T21:24:19.847550321Z     '  </td>\n' +
2020-07-09T21:24:19.847555407Z     '</tr>\n' +
2020-07-09T21:24:19.847561602Z     '\n' +
2020-07-09T21:24:19.847566844Z     '<tr height="50">\n' +
2020-07-09T21:24:19.847572399Z     '  <td align="center" valign="top">\n' +
2020-07-09T21:24:19.847577793Z     '    <table\n' +
2020-07-09T21:24:19.847582925Z     '     border="0"\n' +
2020-07-09T21:24:19.847587987Z     '     cellpadding="0"\n' +
2020-07-09T21:24:19.847593057Z     '     cellspacing="0"\n' +
2020-07-09T21:24:19.847598192Z     '     height="100%"\n' +
2020-07-09T21:24:19.847603326Z     '     width="100%"\n' +
2020-07-09T21:24:19.847608402Z     '     id="email-button"\n' +
2020-07-09T21:24:19.847613767Z     '     style="-webkit-text-size-adjust: 100%; border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace: 0pt; background-color: #0a84ff; border-radius: 4px; height: 50px; width: 310px !important;"\n' +
2020-07-09T21:24:19.847619490Z     '    >\n' +
2020-07-09T21:24:19.847624625Z     '      <tr style="page-break-before: always">\n' +
2020-07-09T21:24:19.847630234Z     '        <td\n' +
2020-07-09T21:24:19.847635519Z     '         align="center"\n' +
2020-07-09T21:24:19.847640761Z     '         valign="middle"\n' +
2020-07-09T21:24:19.847654460Z     '         id="button-content"\n' +
2020-07-09T21:24:19.847661220Z     '         style="font-family: sans-serif; font-weight: normal; text-align: center; margin: 0; color: #fff; font-size: 20px; line-height: 100%;"\n' +
2020-07-09T21:24:19.847667309Z     '        >\n' +
2020-07-09T21:24:19.847672825Z     '          <!--[if mso]>\n' +
2020-07-09T21:24:19.847680448Z     '          <v:roundrect xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" href="https://fxa-www.dockerhost.lan/settings?email=suika%40dockerhost.lan&uid=64d5f8508a044da981f358a1ed1ded99&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-manage-account" style="width:280px;height:40px;v-text-anchor:middle;" arcsize="10%" stroke="f" fillcolor="#0a84ff">\n' +
2020-07-09T21:24:19.847688428Z     '          <w:anchorlock/>\n' +
2020-07-09T21:24:19.847694538Z     '          <center>\n' +
2020-07-09T21:24:19.847700075Z     '          <![endif]-->\n' +
2020-07-09T21:24:19.847705582Z     '\n' +
2020-07-09T21:24:19.847711038Z     '          <a\n' +
2020-07-09T21:24:19.847716485Z     '           href="https://fxa-www.dockerhost.lan/settings?email=suika%40dockerhost.lan&uid=64d5f8508a044da981f358a1ed1ded99&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-manage-account"\n' +
2020-07-09T21:24:19.847722688Z     '           id="button-link"\n' +
2020-07-09T21:24:19.847728364Z     '           style="font-family: sans-serif; color: #fff; display: block; padding: 15px; text-decoration: none; width: 280px; font-size: 18px; line-height: 26px;"\n' +
2020-07-09T21:24:19.847734300Z     '          >Manage account</a>\n' +
2020-07-09T21:24:19.847739993Z     '\n' +
2020-07-09T21:24:19.847745324Z     '          <!--[if mso]>\n' +
2020-07-09T21:24:19.847750836Z     '          </center>\n' +
2020-07-09T21:24:19.847756786Z     '          </v:roundrect>\n' +
2020-07-09T21:24:19.847762504Z     '          <![endif]-->\n' +
2020-07-09T21:24:19.847768523Z     '        </td>\n' +
2020-07-09T21:24:19.847774218Z     '      </tr>\n' +
2020-07-09T21:24:19.847779765Z     '    </table>\n' +
2020-07-09T21:24:19.847785255Z     '  </td>\n' +
2020-07-09T21:24:19.847790656Z     '</tr>\n' +
2020-07-09T21:24:19.847796086Z     '\n' +
2020-07-09T21:24:19.847801464Z     '<tr style="page-break-before: always">\n' +
2020-07-09T21:24:19.847807131Z     '  <td border="0" cellpadding="0" cellspacing="0" height="100%" width="100%">\n' +
2020-07-09T21:24:19.847813131Z     '    <p class="secondary" style="font-family: sans-serif; font-weight: normal; margin: 24px 0 12px 0; text-align: center; color: #737373; font-size: 11px; line-height: 18px; width: 310px !important; word-wrap:break-word">\n' +
2020-07-09T21:24:19.847827737Z     '      This is an automated email; if you did not authorize this action, then <a href="https://fxa-www.dockerhost.lan/settings/change_password?email=suika%40dockerhost.lan&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-change-password" style="color: #0a84ff; text-decoration: none; font-family: sans-serif;">please change your password</a>.\n' +
2020-07-09T21:24:19.847835572Z     '      For more information, please visit <a href="https://support.mozilla..org/kb/im-having-problems-with-my-firefox-account?utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-support" style="color: #0a84ff; text-decoration: none; font-family: sans-serif;">Mozilla Support</a>.\n' +
2020-07-09T21:24:19.847842231Z     '    </p>\n' +
2020-07-09T21:24:19.847847549Z     '  </td>\n' +
2020-07-09T21:24:19.847852919Z     '</tr>\n' +
2020-07-09T21:24:19.847858247Z     '\n' +
2020-07-09T21:24:19.847863384Z     '\n' +
2020-07-09T21:24:19.847868749Z     '      <tr style="page-break-before: always">\n' +
2020-07-09T21:24:19.847874476Z     '        <td valign="top">\n' +
2020-07-09T21:24:19.847879874Z     '          <p style="font-family: sans-serif; font-weight: normal; margin: 0; text-align: center; color: #737373; font-size: 11px; line-height: 18px; width: 310px !important; word-wrap:break-word">\n' +
2020-07-09T21:24:19.847885854Z     '            Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041\n' +
2020-07-09T21:24:19.847891373Z     '            <br />\n' +
2020-07-09T21:24:19.847896799Z     '            <a\n' +
2020-07-09T21:24:19.847902089Z     '             href="https://www.mozilla.org/privacy?utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-privacy"\n' +
2020-07-09T21:24:19.847908070Z     '             style="color: #0a84ff; text-decoration: none; font-family: sans-serif; font-size: 11px; line-height: 18px;"\n' +
2020-07-09T21:24:19.847914442Z     '            >Mozilla Privacy Policy</a>\n' +
2020-07-09T21:24:19.847919889Z     '            <br />\n' +
2020-07-09T21:24:19.847925208Z     '            <a\n' +
2020-07-09T21:24:19.847931230Z     '             href="https://www.mozilla.org/about/legal/terms/services/"\n' +
2020-07-09T21:24:19.847937054Z     '             style="color: #0a84ff; text-decoration: none; font-family: sans-serif; font-size: 11px; line-height: 18px;"\n' +
2020-07-09T21:24:19.847942723Z     '            >Firefox Cloud Terms of Service</a>\n' +
2020-07-09T21:24:19.847948165Z     '          </p>\n' +
2020-07-09T21:24:19.847953468Z     '        </td>\n' +
2020-07-09T21:24:19.847958744Z     '      </tr>\n' +
2020-07-09T21:24:19.847963962Z     '    </table>\n' +
2020-07-09T21:24:19.847969245Z     '  </body>\n' +
2020-07-09T21:24:19.847981569Z     '</html>\n',
2020-07-09T21:24:19.847987757Z   text: 'New sign-in to Firefox\n' +
2020-07-09T21:24:19.847993344Z     '\n' +
2020-07-09T21:24:19.847998729Z     '\n' +
2020-07-09T21:24:19.848004157Z     'Firefox on Linux\n' +
2020-07-09T21:24:19.848009656Z     '\n' +
2020-07-09T21:24:19.848015075Z     'IP address: 10.0.0.103\n' +
2020-07-09T21:24:19.848020489Z     '9:24:19 PM (UTC) Thursday, Jul 9, 2020\n' +
2020-07-09T21:24:19.848025912Z     '\n' +
2020-07-09T21:24:19.848031200Z     'Manage account:\n' +
2020-07-09T21:24:19.848036711Z     'https://fxa-www.dockerhost.lan/settings?email=suika%40dockerhost.lan&uid=64d5f8508a044da981f358a1ed1ded99&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-manage-account\n' +
2020-07-09T21:24:19.848048779Z     '\n' +
2020-07-09T21:24:19.848055016Z     'This is an automated email; if you didn’t add a new device to your Firefox Account, you should change your password immediately at https://fxa-www.dockerhost.lan/settings/change_password?email=suika%40dockerhost.lan&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-change-password\n' +
2020-07-09T21:24:19.848062761Z     '\n' +
2020-07-09T21:24:19.848068296Z     'For more information, please visit https://support.mozilla.org/kb/im-having-problems-with-my-firefox-account?utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-support\n' +
2020-07-09T21:24:19.848074425Z     '\n' +
2020-07-09T21:24:19.848079904Z     '\n' +
2020-07-09T21:24:19.848085305Z     'Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041\n' +
2020-07-09T21:24:19.848090822Z     '\n' +
2020-07-09T21:24:19.848096201Z     'Mozilla Privacy Policy\n' +
2020-07-09T21:24:19.848101607Z     'https://www.mozilla.org/privacy?utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-privacy\n' +
2020-07-09T21:24:19.848107510Z     '\n' +
2020-07-09T21:24:19.848112908Z     'Firefox Cloud Terms of Service\n' +
2020-07-09T21:24:19.848118317Z     'https://www.mozilla.org/about/legal/terms/services/\n',
2020-07-09T21:24:19.848123824Z   headers: {
2020-07-09T21:24:19.848129171Z     'content-type': 'multipart/alternative; boundary="----sinikael-?=_1-15943298597680.012712636859771864"',
2020-07-09T21:24:19.848134987Z     'content-language': 'en-US',
2020-07-09T21:24:19.848140379Z     'x-template-name': 'newDeviceLogin',
2020-07-09T21:24:19.848146467Z     'x-template-version': '5',
2020-07-09T21:24:19.848151969Z     'x-link': 'https://fxa-www.dockerhost.lan/settings/change_password?email=suika%40dockerhost.lan&utm_medium=email&utm_campaign=fx-new-device-signin&utm_content=fx-change-password',
2020-07-09T21:24:19.848158557Z     'x-device-id': 'fcd992eb9c4a444cb2abf47cd2d0eb2f',
2020-07-09T21:24:19.848164301Z     'x-flow-id': 'fbf589c2bc4f6943a294ce5acef8188a1e2477c420f2fd8435b1c69e6fa2e258',
2020-07-09T21:24:19.848177257Z     'x-flow-begin-time': '1594329851111',
2020-07-09T21:24:19.848183352Z     'x-service-id': 'sync',
2020-07-09T21:24:19.848188636Z     'x-uid': '64d5f8508a044da981f358a1ed1ded99',
2020-07-09T21:24:19.848193943Z     'x-email-service': 'fxa-auth-server',
2020-07-09T21:24:19.848199296Z     'x-email-sender': 'ses',
2020-07-09T21:24:19.848204498Z     from: '"Firefox Accounts < >" <[email protected]>',
2020-07-09T21:24:19.848210253Z     sender: '"Firefox Accounts < >" <[email protected]>',
2020-07-09T21:24:19.848215768Z     to: '[email protected]',
2020-07-09T21:24:19.848220970Z     subject: 'New sign-in to Firefox',
2020-07-09T21:24:19.848226236Z     'message-id': '<[email protected]>',
2020-07-09T21:24:19.848231797Z     date: 'Thu, 09 Jul 2020 21:24:19 +0000',
2020-07-09T21:24:19.848237424Z     'mime-version': '1.0'
2020-07-09T21:24:19.848242690Z   },
2020-07-09T21:24:19.848247806Z   subject: 'New sign-in to Firefox',
2020-07-09T21:24:19.848253073Z   messageId: '[email protected]',
2020-07-09T21:24:19.848258399Z   priority: 'normal',
2020-07-09T21:24:19.848263595Z   from: [ { address: '[email protected]', name: 'Firefox Accounts < >' } ],
2020-07-09T21:24:19.848269466Z   to: [ { address: '[email protected]', name: '' } ],
2020-07-09T21:24:19.848274871Z   date: 2020-07-09T21:24:19.000Z
2020-07-09T21:24:19.848280114Z }
fxa_nginx_1: 2020-07-09T21:24:19.852661530Z 172.20.0.2 - - [09/Jul/2020:21:24:19 +0000] "POST /v1/account/login?keys=true HTTP/1.1" 200 209 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_nginx_1: 2020-07-09T21:24:19.927356869Z 172.20.0.2 - - [09/Jul/2020:21:24:19 +0000] "POST /metrics HTTP/1.1" 200 16 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:19.928292124Z {"event":"flow.signin.attempt","flow_id":"fbf589c2bc4f6943a294ce5acef8188a1e2477c420f2fd8435b1c69e6fa2e258","flow_time":8406,"hostname":"646fe277bdb6","locale":"en_US","op":"flowEvent","pid":1,"time":"2020-07-09T21:24:19.517Z","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0","v":1,"context":"fx_desktop_v3","entrypoint":"fxa_app_menu","service":"sync"}
fxa_nginx_1: 2020-07-09T21:24:19.930388587Z 172.20.0.2 - - [09/Jul/2020:21:24:19 +0000] "POST /metrics HTTP/1.1" 200 16 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_nginx_1: 2020-07-09T21:24:19.933942533Z 172.20.0.2 - - [09/Jul/2020:21:24:19 +0000] "POST /metrics HTTP/1.1" 200 16 "https://fxa-www.dockerhost.lan/" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:19.934658809Z {"event":"flow.signin-confirmed.view","flow_id":"fbf589c2bc4f6943a294ce5acef8188a1e2477c420f2fd8435b1c69e6fa2e258","flow_time":8822,"hostname":"646fe277bdb6","locale":"en_US","op":"flowEvent","pid":1,"time":"2020-07-09T21:24:19.933Z","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0","v":1,"context":"fx_desktop_v3","entrypoint":"fxa_app_menu","service":"sync"}
fxa_nginx_1: 2020-07-09T21:24:20.098678361Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/session/destroy?service=sync HTTP/1.1" 200 37 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.098994012Z {"Timestamp":1594329860098000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./session/destroy.200","missingFlowId":true}}
fxa_nginx_1: 2020-07-09T21:24:20.149441924Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /v1/account/devices HTTP/1.1" 200 563 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.165101846Z {"Timestamp":1594329860164000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./account/keys.200","missingFlowId":true}}
fxa_nginx_1: 2020-07-09T21:24:20.165003717Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /v1/account/keys HTTP/1.1" 200 171 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.167263021Z {"Timestamp":1594329860167000000,"Logger":"fxa-auth-server","Type":"push.send.failure","Severity":4,"Pid":39,"EnvVersion":"2.0","Fields":{"errCode":"noCallback","err":"Error: No push callback","reason":"deviceConnected","uid":"64d5f8508a044da981f358a1ed1ded99","deviceId":"cb765af6f4ec00120580f73b5162d21d","uaOS":"Windows","uaOSVersion":"10","uaBrowser":"Firefox","uaBrowserVersion":"68.0"}}
fxa_nginx_1: 2020-07-09T21:24:20.167519109Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1506 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.177624417Z {"Timestamp":1594329860177000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_nginx_1: 2020-07-09T21:24:20.196191314Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1507 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.204898950Z {"Timestamp":1594329860204000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":27}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.204945956Z {"Timestamp":1594329860204000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.205519522Z {"Timestamp":1594329860205000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IjhGQThDODcyNEM4MUQ0RDVBRjA1MjRDQzczQTRGOEE3MEEzMTM1MTMyOURGN0I1NjBDQjkyMTE3QTI5ODQ1MjRDNjA1REE5QTcyNjZBNENBRThCNjQwOUQxMzJGRjg0NzdDOTZEQzY5QTJBMzFEQTE3ODBFOTBCMzE5MDhGMDI0NEZCRTkzNzdDQTcwQkFENEQ1RDc2MEJDMjZFMUVGQjZBNDU3ODNGODA0QjZCMjFERDYzOTQ1MTQ0MzAyRkE4MjE2MzQ0NTdFMTZBNzk2MUYxMjQwMDkwQkY0NTBCRjJGQ0JFOURGMDA1QTdGMDFCNzA0MjI1RDgzRkI2OTU0MjQiLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMTYwLCJleHAiOjE1OTQzNTE0NjAxNjAsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.VV24yPzf9tCQDIKuoXsdj7yizwOX5Vcga-Cx_GY0tJJL32z049HQtXNl-eF0IilLei4GQIW2K6-sd0LBYXq6lyHcJNwgYbgMrOMWgBo3z4-w4FcCmoeoUvMQ9j1yQYCZsm5jnf29cn9UY8VkwnnSESU2eYiAdFNFX7N1LMsOLp-Hw6qDNyOvbZLMXXit4tp5ehnObFAoLhILCa-DUqqpET4TtiYH0RWWgVuHCyQbJJMXKbu1-ej5ZZlgFnIU4csnIfTtfZkQXZ-OItpj7sPzvKwg3_XE6Lg1maD4HtHv4gGtEazetn5clqv2Fu57yQue7BZpRPAFwfgWq3ZdE7eXOQ~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDAsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.HeAEr3ivs8MuVCN3qQOKrArMwrwyHV48t7CyKz7NbEfpQbMpHaUC8w==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.205575784Z {"Timestamp":1594329860205000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.205673274Z {"Timestamp":1594329860205000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.205729164Z {"Timestamp":1594329860205000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":27,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.206429384Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.206684889Z {"Timestamp":1594329860206000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.207532160Z {"Timestamp":1594329860207000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_nginx_1: 2020-07-09T21:24:20.229919219Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1506 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.235574861Z {"Timestamp":1594329860235000000,"Logger":"browserid-verifier","Type":"v1.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":28}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.235607713Z {"Timestamp":1594329860235000000,"Logger":"browserid-verifier","Type":"v1.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.236168979Z {"Timestamp":1594329860235000000,"Logger":"browserid-verifier","Type":"v1.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMTkxLCJleHAiOjE1OTQzNTE0NjAxOTEsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.Y3P-kuzsgtpVeywDJIq7x8nLwka0Lo9klce9TdzyOAU01moRYXrzWGVx77zdC_ckzpOZr0LJRuO2d-1iszoYrNl3DR4N7XU-bEa_dpefWXvGB3g-pL0nyAH_J2QCZbTCMsO3Iw-a6tGBg0-xBWga8ss5iddh1Rf7JA_aRaYRet7B49qxcnyNJWgsChecfCyPZp5uAzWu7Xut0I-JirLYnK6-ntX-iFWZFUkh_h1R6G4q8A6WZh9LloHeXJmYjK5G1dXvMSprs63RL4YNDAEpkPkBSo-0pJTmienK8SXFErcRrz4ysKvX61tvkKZc3ojdGFUNg4DbII6Vw4qjqwfZkg~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDEsImF1ZCI6Imh0dHBzOi8vZnhhLXRva2VuLnN1aWthLmxhbiJ9.O3KuC_QwoIw3UutjVod-pTLfJH_OH894e76h8EivvM03ocKDxhH24w==","trustedIssuers":"[]","rp":"https://fxa-token.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.236198728Z {"Timestamp":1594329860236000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.236298943Z {"Timestamp":1594329860236000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.16 - - [09/Jul/2020:21:24:20 +0000] \"POST / HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.236318208Z {"Timestamp":1594329860236000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"python-requests/2.20.0","remoteAddressChain":"[\"172.20.0.16\"]","api":1,"rp":"https://fxa-token.dockerhost.lan","assertion_verification_time":28,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.237751140Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /token/1.0/sync/1.5 HTTP/1.1" 401 110 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.238130379Z {"Timestamp":1594329860237000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_nginx_1: 2020-07-09T21:24:20.262177806Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1499 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.265472583Z {"Timestamp":1594329860265000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":28}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.265521455Z {"Timestamp":1594329860265000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.266026857Z {"Timestamp":1594329860265000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMjIyLCJleHAiOjE1OTQzNTE0NjAyMjIsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.Ca-p5qhclDk9-Ucsemni6q-QcGTuGeRGSecDW3tgKVDrdLG7FxR5M7Pscqj34iSc0RruzuvCI8EKx5vA1z_Lsmwefq109tP83O0A90mAS08ZynLqoVwQkqteZjZ-zXjkg2EigBz6ocwdt_jitvHON-z_WZrcoU4-R_uVSc9THNNyepVCBrj0xfNBtk409E-MhbDp7kWCBUO6TazdwmupbkXWBABbRWtuDwwKBYZh3q1BLEOES4yt9A3N-ulhguGbV0FNaGX_1AjpvwLo7NlqxHUhm1fK0NEarpFi988hyO1JqW1HS4h--VFCYn9UroDMhCuGlgUR-CPj8jVYt5-kyg~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDEsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.UeYz3W6Rz1LOYZAhF2e4nu4Kco59Jgq80sCQN6-FhK3oZShwF9cvzQ==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.266076884Z {"Timestamp":1594329860265000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.266210451Z {"Timestamp":1594329860266000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.266307870Z {"Timestamp":1594329860266000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":28,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.266980885Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.267435330Z {"Timestamp":1594329860267000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.270965976Z {"Timestamp":1594329860270000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.298742400Z {"Timestamp":1594329860298000000,"Logger":"browserid-verifier","Type":"v1.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":28}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.298793762Z {"Timestamp":1594329860298000000,"Logger":"browserid-verifier","Type":"v1.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.299290859Z {"Timestamp":1594329860299000000,"Logger":"browserid-verifier","Type":"v1.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMjU0LCJleHAiOjE1OTQzNTE0NjAyNTQsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.WncxRzqnpk7u1u5g_axGO5VwEF5IUI5tl7wMHIhMeYTODJNBQ7VDholqDUDk0-NCsBV2-jaRRZpi5KNSQ0C4CK30SBKgjCzd4Z3E0g5xcjyiaaGMBUA9Kv7Frdut57ogx87ug_jdTSas0To9a7xNc1_wW0YEw6BooaHqjDtNMH98xqaHED2rMmEq6syqJ2UKdlD6IPqjAk7TlKv2vACWNBom-BZHy3LiouM37U4jfuRoCBqK41Jl67DS-0Fw3Ox9BYwR0vRcVYzb22-B9s0scGkhfRM2NwJF0EiFxq72ZHnBUk2w0JbxzOQZMd4AGuEKOooWjrA3kHke9heycroDFg~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDAsImF1ZCI6Imh0dHBzOi8vZnhhLXRva2VuLnN1aWthLmxhbiJ9.RGkjFU6jGfOIEayBwqU2ViZ2QRM4kY18Fo-JjfoFZyarkYAVc7BlWg==","trustedIssuers":"[]","rp":"https://fxa-token.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.299369084Z {"Timestamp":1594329860299000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.299453403Z {"Timestamp":1594329860299000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.16 - - [09/Jul/2020:21:24:20 +0000] \"POST / HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.299514759Z {"Timestamp":1594329860299000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"python-requests/2.20.0","remoteAddressChain":"[\"172.20.0.16\"]","api":1,"rp":"https://fxa-token.dockerhost.lan","assertion_verification_time":28,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.300689361Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /token/1.0/sync/1.5 HTTP/1.1" 401 110 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.333170786Z {"Timestamp":1594329860333000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.359997778Z {"Timestamp":1594329860359000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":27}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.360038745Z {"Timestamp":1594329860359000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.360563040Z {"Timestamp":1594329860360000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMjU0LCJleHAiOjE1OTQzNTE0NjAyNTQsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.WncxRzqnpk7u1u5g_axGO5VwEF5IUI5tl7wMHIhMeYTODJNBQ7VDholqDUDk0-NCsBV2-jaRRZpi5KNSQ0C4CK30SBKgjCzd4Z3E0g5xcjyiaaGMBUA9Kv7Frdut57ogx87ug_jdTSas0To9a7xNc1_wW0YEw6BooaHqjDtNMH98xqaHED2rMmEq6syqJ2UKdlD6IPqjAk7TlKv2vACWNBom-BZHy3LiouM37U4jfuRoCBqK41Jl67DS-0Fw3Ox9BYwR0vRcVYzb22-B9s0scGkhfRM2NwJF0EiFxq72ZHnBUk2w0JbxzOQZMd4AGuEKOooWjrA3kHke9heycroDFg~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwNDcsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.yPQGeqLefLm8BjOPBIrGrASACjG8x0RGfTNncGOsTQBz-0HETGEiAw==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.360620986Z {"Timestamp":1594329860360000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.360806492Z {"Timestamp":1594329860360000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.360852311Z {"Timestamp":1594329860360000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":27,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.361388274Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.361735939Z {"Timestamp":1594329860361000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}
2020-07-09T21:24:20.372150278Z {"Timestamp":1594329860372000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./account/device.200","missingFlowId":true}}
fxa_nginx_1: 2020-07-09T21:24:20.372046980Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/account/device HTTP/1.1" 200 753 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_nginx_1: 2020-07-09T21:24:20.379920061Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1508 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.389821062Z {"Timestamp":1594329860389000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_nginx_1: 2020-07-09T21:24:20.401660256Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1500 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.417556920Z {"Timestamp":1594329860417000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 19"}}
fxa_nginx_1: 2020-07-09T21:24:20.441411884Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.441414696Z {"Timestamp":1594329860438000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441445582Z {"Timestamp":1594329860434000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":45}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441504181Z {"Timestamp":1594329860434000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441528574Z {"Timestamp":1594329860435000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMzc0LCJleHAiOjE1OTQzNTE0NjAzNzQsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.MoiW6WDoHWDMpoPkDk6vPR4Dyq3LkRAn_PqdY4MI9Lw9SzZ-uOGZ6jPOUaW6LjQ6o9VY7PqtTv8vUEASPAlq2APBs9FqZMibfziEDeUrVykan0VH5nEvnMf4vLadvLJ6NvxHzAGdY2Wp2vDB6KvteWua-DlzGvFJ_BumnI3dEM4k7VJl1HpYyeyVvF8mdfc7PySyBpf8OhE70eTikusIc0rqgxCYAYFGshXPmNSxrAUqnX8HcPE9BQ5PRna5O3DXJ__CqduAeAljujXYe9ORROGHgXvDe4KCNvMZNT8ClfLrFafo86GCHBCzy8xhhg70Lo4cU9voNqphMVgaH53MfA~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDEsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.Nid0VnJ8qK57ZHwlqUVxpOIcP7ckv29XzmCz-4Lzq780UubtSGxSrA==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441600325Z {"Timestamp":1594329860435000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.05s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441616219Z {"Timestamp":1594329860435000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.441627385Z {"Timestamp":1594329860435000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":45,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479061961Z {"Timestamp":1594329860475000000,"Logger":"browserid-verifier","Type":"v1.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":58}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479123994Z {"Timestamp":1594329860475000000,"Logger":"browserid-verifier","Type":"v1.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479141970Z {"Timestamp":1594329860476000000,"Logger":"browserid-verifier","Type":"v1.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwMzk0LCJleHAiOjE1OTQzNTE0NjAzOTQsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.wsDrJR4pdMZNy2jMZlJQnY3uQIPtrruqG2aMa11AKFDeDnckBcMT-cIs7p01FmnWxDfxf3PwRy0Elud8W18b4DCk2D8ywTDGl3lrPdawg3_8uHWADsSSXRjZcbH1-_XriqVDl56TzzZ1r3ZN9JbpAoMZOmgHlhoukMHrfJvDDvy4s8HH3AjUqbpg_LEDjbwhEZNLNPpnB0RJLPrlbXxJW8oywpbqgbQYG-4unztDCojQdWUWgCdTNIc43uLNv40oEBuwRySj4E-Dumo0ODcWYvssxY4F0GX9SJid2pgK4teQZlfOdeVr76zQTWmQf1J5aQEIfcqpDy8AN-2tYV6O4Q~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDAsImF1ZCI6Imh0dHBzOi8vZnhhLXRva2VuLnN1aWthLmxhbiJ9.L6_WjYVALJPPCKw2Da2bv4ddHm5F5QN29vbiaGNNwxwYCsLKdaLXdQ==","trustedIssuers":"[]","rp":"https://fxa-token.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479204967Z {"Timestamp":1594329860476000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 19 completed work in 0.06s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479219688Z {"Timestamp":1594329860477000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.16 - - [09/Jul/2020:21:24:20 +0000] \"POST / HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.479230527Z {"Timestamp":1594329860477000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"python-requests/2.20.0","remoteAddressChain":"[\"172.20.0.16\"]","api":1,"rp":"https://fxa-token.dockerhost.lan","assertion_verification_time":58,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.483706257Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /token/1.0/sync/1.5 HTTP/1.1" 401 110 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_nginx_1: 2020-07-09T21:24:20.505855200Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1501 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.519327740Z {"Timestamp":1594329860519000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.548793145Z {"Timestamp":1594329860548000000,"Logger":"browserid-verifier","Type":"v1.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":33}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.548856030Z {"Timestamp":1594329860548000000,"Logger":"browserid-verifier","Type":"v1.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.549461727Z {"Timestamp":1594329860549000000,"Logger":"browserid-verifier","Type":"v1.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwNDk5LCJleHAiOjE1OTQzNTE0NjA0OTksImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.R9K2mTDc4BD5xFBkHt7QqyNSGXvuUpGlCw2d_McwDPwjvxYGXvHlFkJxYJPRE0GxVzRjrK9VIJ9YwSurUKYPbHv6qOax1lvQG-yMO04q6akOYnBqy2OEKoPoR6GZTBCuT92DKWOLSghC4KKMN0YEkeG9fQJAq0ATlFtwTJFe1Ii4Jw-FCn1tx-vfIu7OipNE6gphZDgpTDLOUiMbROvkEIplkeQsxOGfHEjP1OEGUQbq8iPsGNSOPc9IuoDQCkBQk3HJBOfazxXa5h8GQkrCJ5JV4QYpT3eGh8Bnneqier7-ctT7iRm54pWo-_DNFwym4plcwPejxiYKP-EDQ2_7KA~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDEsImF1ZCI6Imh0dHBzOi8vZnhhLXRva2VuLnN1aWthLmxhbiJ9.Aa4n7518QSluwfIA5H0LbVu1yYo9GxSFu74yHBJxQVoo4goIK5xq7Q==","trustedIssuers":"[]","rp":"https://fxa-token.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.549560671Z {"Timestamp":1594329860549000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.549681490Z {"Timestamp":1594329860549000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.16 - - [09/Jul/2020:21:24:20 +0000] \"POST / HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.549764395Z {"Timestamp":1594329860549000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"python-requests/2.20.0","remoteAddressChain":"[\"172.20.0.16\"]","api":1,"rp":"https://fxa-token.dockerhost.lan","assertion_verification_time":33,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.551379336Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "GET /token/1.0/sync/1.5 HTTP/1.1" 401 110 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.580158059Z {"Timestamp":1594329860579000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611072952Z {"Timestamp":1594329860610000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":31}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611154200Z {"Timestamp":1594329860610000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611685755Z {"Timestamp":1594329860611000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwNDk5LCJleHAiOjE1OTQzNTE0NjA0OTksImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.R9K2mTDc4BD5xFBkHt7QqyNSGXvuUpGlCw2d_McwDPwjvxYGXvHlFkJxYJPRE0GxVzRjrK9VIJ9YwSurUKYPbHv6qOax1lvQG-yMO04q6akOYnBqy2OEKoPoR6GZTBCuT92DKWOLSghC4KKMN0YEkeG9fQJAq0ATlFtwTJFe1Ii4Jw-FCn1tx-vfIu7OipNE6gphZDgpTDLOUiMbROvkEIplkeQsxOGfHEjP1OEGUQbq8iPsGNSOPc9IuoDQCkBQk3HJBOfazxXa5h8GQkrCJ5JV4QYpT3eGh8Bnneqier7-ctT7iRm54pWo-_DNFwym4plcwPejxiYKP-EDQ2_7KA~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwNTQsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.EOqbawFMbwQJNcwLCXA0f61_L0qkTpEnB9D3hNk8JYag9bcWf3uCmw==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611741066Z {"Timestamp":1594329860611000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611905920Z {"Timestamp":1594329860611000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.611933636Z {"Timestamp":1594329860611000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":31,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.613137350Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.613386537Z {"Timestamp":1594329860613000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}
fxa_nginx_1: 2020-07-09T21:24:20.630749219Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/certificate/sign?service=sync HTTP/1.1" 200 1502 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.640593424Z {"Timestamp":1594329860640000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"passing compute job to process 12"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.669445935Z {"Timestamp":1594329860669000000,"Logger":"browserid-verifier","Type":"v2.assertion_verification_time","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"reqTime":30}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.669496074Z {"Timestamp":1594329860669000000,"Logger":"browserid-verifier","Type":"v2.assertion_failure","Severity":6,"Pid":1,"EnvVersion":"2.0"}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.670142687Z {"Timestamp":1594329860669000000,"Logger":"browserid-verifier","Type":"v2.verify","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"result":"failure","reason":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","assertion":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMjAtMDctMDktNDVjM2E0NGFhMWExZGMxMmZhZTU0ZjBlZjI2ZThiYzYifQ.eyJwdWJsaWMta2V5Ijp7ImFsZ29yaXRobSI6IkRTIiwieSI6IkRFMDAwNDQ5RUE4MzVFOTM4NzJEQUFGQjk0OEM1MjVERkYyRjNFRjlERTMwOTlGQzBDNzA2Q0M5MjgxRjgwQzEyQ0YzQjI2QUJFNzU2RDQ0MUVGMjg4NjdDRTBCNTY4ODIyQkE3RTczODM4NjZBREM3NUYzNzFFQkU1MDJBREMyQkFCRDRFMzc4MTMzN0QyQzIwQTc5Nzg5MTY4Mjk0RkZBMzYwRDNCOTJDQUExRDc2RkU5QUQ2MEE2OTlGOEFCRTU2MUFBMzgwQzE2RkNBRDkyM0UwRTc1MUMzMzJERjA1QjZEQzdDRjc2MTIwNjMwRTRBRDgyNjc4MzI1ODY4QzciLCJwIjoiRkY2MDA0ODNEQjZBQkZDNUI0NUVBQjc4NTk0QjM1MzNENTUwRDlGMUJGMkE5OTJBN0E4REFBNkRDMzRGODA0NUFENEU2RTBDNDI5RDMzNEVFRUFBRUZEN0UyM0Q0ODEwQkUwMEU0Q0MxNDkyQ0JBMzI1QkE4MUZGMkQ1QTVCMzA1QThEMTdFQjNCRjRBMDZBMzQ5RDM5MkUwMEQzMjk3NDRBNTE3OTM4MDM0NEU4MkExOEM0NzkzMzQzOEY4OTFFMjJBRUVGODEyRDY5QzhGNzVFMzI2Q0I3MEVBMDAwQzNGNzc2REZEQkQ2MDQ2MzhDMkVGNzE3RkMyNkQwMkUxNyIsInEiOiJFMjFFMDRGOTExRDFFRDc5OTEwMDhFQ0FBQjNCRjc3NTk4NDMwOUMzIiwiZyI6IkM1MkE0QTBGRjNCN0U2MUZERjE4NjdDRTg0MTM4MzY5QTYxNTRGNEFGQTkyOTY2RTNDODI3RTI1Q0ZBNkNGNTA4QjkwRTVERTQxOUUxMzM3RTA3QTJFOUUyQTNDRDVERUE3MDREMTc1RjhFQkY2QUYzOTdENjlFMTEwQjk2QUZCMTdDN0EwMzI1OTMyOUU0ODI5QjBEMDNCQkM3ODk2QjE1QjRBREU1M0UxMzA4NThDQzM0RDk2MjY5QUE4OTA0MUY0MDkxMzZDNzI0MkEzODg5NUM5RDVCQ0NBRDRGMzg5QUYxRDdBNEJEMTM5OEJEMDcyREZGQTg5NjIzMzM5N0EifSwicHJpbmNpcGFsIjp7ImVtYWlsIjoiNjRkNWY4NTA4YTA0NGRhOTgxZjM1OGExZWQxZGVkOTlAZnhhLWFwaS5zdWlrYS5sYW4ifSwiaWF0IjoxNTk0MzI5ODUwNjI1LCJleHAiOjE1OTQzNTE0NjA2MjUsImZ4YS1nZW5lcmF0aW9uIjoxNTk0MzEyNTE1OTY4LCJmeGEtbGFzdEF1dGhBdCI6MTU5NDMyOTg1OSwiZnhhLXZlcmlmaWVkRW1haWwiOiJzaW1vbkBkZXZudWxsLnpvbmUiLCJmeGEtZGV2aWNlSWQiOiI1ZWQyNTc1YzkzYTQ4ZGExMzc0MTE4NmU1OGRmZGMyZSIsImZ4YS10b2tlblZlcmlmaWVkIjp0cnVlLCJmeGEtYW1yIjpbInB3ZCIsImVtYWlsIl0sImZ4YS1hYWwiOjEsImZ4YS1wcm9maWxlQ2hhbmdlZEF0IjoxNTk0MzEyNTMyNjY1LCJmeGEta2V5c0NoYW5nZWRBdCI6MTU5NDMxMjUxNTk2OCwiaXNzIjoiZnhhLWFwaS5zdWlrYS5sYW4ifQ.0WoOThkmPtrOSPjOyfu9yapMf-uJ6mCDzRFvL5YZ2d8MDtyFgZBwg9Jby2mg5TuOFgLR2eVUHbs-8KDETFO41JrhGA4TFdoCPhsKu8-jfgnOeGxUdLW1__B5QUsxwROThe4juBmk_dxMsH3a_B_Qi3p0CAYOgsGwRvwzRwKC-QH0ts1ff74KR8y58Y4Vj6poseWIMFPoLZK6Uef_YiIWgvbUeEQjpN9pX1PpMYXSKSmUdHYqXwqbJNLkAhnVn4miUBvsgkKR_1ecHE-u6FEp5rXOlOn16QExicanAnnQ8RegggO6VAgZEvmkUEExOfEmWBnBvdkbxChv4zMNfyVCSw~eyJhbGciOiJEUzEyOCJ9.eyJleHAiOjIzODI3Mjk4NjAwMDAsImF1ZCI6Imh0dHBzOi8vZnhhLW9hdXRoLnN1aWthLmxhbi92MSJ9.pWyARExy73ABoSAwxkDFoKJO6aKhl7bApK_AowiwS-YMUnZIUAv_XQ==","trustedIssuers":"[]","rp":"https://fxa-oauth.dockerhost.lan"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.670175106Z {"Timestamp":1594329860670000000,"Logger":"browserid-verifier","Type":"ccverifier.computeCluster.debug","Severity":7,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"process 12 completed work in 0.03s"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.670370793Z {"Timestamp":1594329860670000000,"Logger":"browserid-verifier","Type":"server.message","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"message":"172.20.0.14 - - [09/Jul/2020:21:24:20 +0000] \"POST /v2 HTTP/1.1\" 200 123"}}
fxa_browseridverifier.local_1: 2020-07-09T21:24:20.670428408Z {"Timestamp":1594329860670000000,"Logger":"browserid-verifier","Type":"summary.info","Severity":6,"Pid":1,"EnvVersion":"2.0","Fields":{"agent":"","remoteAddressChain":"[\"172.20.0.14\"]","api":2,"rp":"https://fxa-oauth.dockerhost.lan","assertion_verification_time":30,"err":"fxa-api.dockerhost.lan is not a browserid primary: Error: unable to verify the first certificate","code":200}}
fxa_nginx_1: 2020-07-09T21:24:20.671017763Z 172.20.0.2 - - [09/Jul/2020:21:24:20 +0000] "POST /v1/authorization HTTP/1.1" 401 176 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0" "10.0.0.103"
2020-07-09T21:24:20.671234486Z {"Timestamp":1594329860671000000,"Logger":"fxa-auth-server","Type":"metricsEvents.emitFlowEvent","Severity":2,"Pid":39,"EnvVersion":"2.0","Fields":{"event":"route./authorization.401.999","missingFlowId":true}}

@jackyzy823
Copy link
Owner

Have you tried to add NODE_TLS_REJECT_UNAUTHORIZED=0 in browseridverifier.local ?
or set INSECURE_SSL=true in browseridverifier.local ?

Reference:
https://github.com/mozilla/browserid-local-verify/blob/7d7d2cdb5aa7f6494e144e9a4151a84aecf905fa/lib/lookup.js#L129-L163
espically

      rejectUnauthorized: !args.insecureSSL,

@Suika
Copy link
Author

Suika commented Jul 10, 2020

Yeah, INSECURE_SSL=true is the key to make it work.
Now Kinto is the one complaining.

python requests has it's own ca-cert bundle and does not use the system ca-cert bundle

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crtis needed for kinto to work with self-signed certs, if you added it to the CA store.

@Suika
Copy link
Author

Suika commented Jul 10, 2020

Ok, found the solution.
Nodejs is using NODE_EXTRA_CA_CERTS and Python-Requests is using REQUESTS_CA_BUNDLE. Because why use system provided CAs, when you can use your own. ffs

browseridverifier.local needs either INSECURE_SSL=true or NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
fxa-auth-server needs either NODE_TLS_REJECT_UNAUTHORIZED=0 or NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
fxa-profile-server needs either NODE_TLS_REJECT_UNAUTHORIZED=0 or NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
kinto needs REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt or CURL_CA_BUNDLE=""
https://stackoverflow.com/questions/48391750/disable-python-requests-ssl-validation-for-an-imported-module

After this, things should work as intended with self-signed certs.

@jackyzy823
Copy link
Owner

Hello @Suika

I've made a branch full-selfsign to make FxA works under fully self signed env which mostly LAN network.
Details are under examples/full_selfsign

It would be appreciated that you can test this branch.

@Suika
Copy link
Author

Suika commented Jul 12, 2020

Since it's a bit of a pain for me to setup another environment ATM, I'll try it at a later date.
But from looking at the changes in the full-selfsign branch, the cert generation and validity are ok.

The rest of REQUESTS_CA_BUNDLE and REQUESTS_CA_BUNDLE make sense, since it works on my side.
With the exception that I use the whole CA bundle and not exclusively the generated CA.

I'll check the whole setup at a later date.

But while I'm at it, is it really needed that the services have to talk via nginx? I know that it's easier to configure it like that and it also makes sense to use uniform addresses everywhere.
But technically all the services, if they need to talk to each other, they can talk via http inside the docker/k8s network. Never leaving the inner network. Having only the browser talk to the services via the proxy.
Since the main problem of all services is talking to each other, internally.

@jackyzy823
Copy link
Owner

But while I'm at it, is it really needed that the services have to talk via nginx? I know that it's easier to configure it like that and it also makes sense to use uniform addresses everywhere.
But technically all the services, if they need to talk to each other, they can talk via http inside the docker/k8s network. Never leaving the inner network. Having only the browser talk to the services via the proxy.
Since the main problem of all services is talking to each other, internally.

You're right . However it's too time-consuming on distinguish which url in ENV is for internal visit or public visit.

I'll try to dig into these deeper in future.

@DavidGhiro
Copy link

I have tested half of branch. And it works. I use NODE_EXTRA_CA_CERTS and REQUESTS_CA_BUNDLE part in combination with a patched ca-certificates.crt (own root ca added) in all container via volumes.

    volumes:
    - ./combinedCert.pem:/etc/ssl/certs/ca-certificates.crt:ro
    - ./combinedCert.pem:/etc/ssl/cert.pem:ro
    environment:
    - NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
    - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Suika @jackyzy823 @DavidGhiro