Igor Mihaljko
ย ย ย ย ย ย 
Considering
ย ย ย 

Can't create initial super admin account

I am trying to self-host ClearFlask on my own environment
My docker compose file looks like this (using real DynamoDB, S3 and SES)
## SPDX-FileCopyrightText: 2019-2022 Matus Faro <matus@smotana.com>
## SPDX-License-Identifier: Apache-2.0
volumes:
  data:
    driver: local
services:
  clearflask-connect:
    image: ghcr.io/clearflask/clearflask-connect:latest
    depends_on:
      - clearflask-server
    ports:
      - 19080:9080
      - 19443:9443
    environment:
      - NODE_ENV=production
      - ENV=selfhost
      - CLEARFLASK_CREATE_CONNECT_CONFIG_IF_MISSING=1
    volumes:
      - ./connect:/opt/clearflask/
  clearflask-server:
    image: ghcr.io/clearflask/clearflask-server:latest
    ports:
      - 18080:8080
      # JMX
      - 9950:9950
      - 9951:9951
    environment:
      - CLEARFLASK_ENVIRONMENT=PRODUCTION_SELF_HOST
      - CLEARFLASK_CREATE_SERVER_CONFIG_IF_MISSING=1
    volumes:
      - ./server:/opt/clearflask/
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:18080/api/health" ]
      interval: 5s
      timeout: 15s
      retries: 2
  # MySQL (enabled by default as an alternative to ElasticSearch)
  mysql-db:
    image: mysql:5.7@sha256:2c23f254c6b9444ecda9ba36051a9800e8934a2f5828ecc8730531db8142af83
    platform: linux/amd64
    command:
      - 'mysqld'
      - '--port=3306'
      - '--sql-mode=IGNORE_SPACE'
      - '--explicit-defaults-for-timestamp'
      - '--secure-file-priv=/tmp'
    volumes:
      - ./data/mysql:/var/lib/mysql
    ports:
      - 13306:3306
    environment:
      - MYSQL_ROOT_PASSWORD=clearflask
  # ElasticSearch (disabled by default)
  #  elasticsearch:
  #    profiles:
  #      - with-deps
  #    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0
  #    expose:
  #      - 9200
  #    environment:
  #      - ES_JAVA_OPTS=-Xms2g -Xmx2g
  #      - discovery.type=single-node
  #    mem_limit: 4g
  #    volumes:
  #      - ./data/elasticsearch:/usr/share/elasticsearch/data
  # For DynamoDB, S3 and SES alternative

My connect.config.json is as follows (domain is redacted)
{
    "connectToken": "7cb1e1c26f5d4705a213529257d081c6",
    "disableAutoFetchCertificate": true,
    "forceRedirectHttpToHttps": true,
    "parentDomain": "feedback.redacted.com",
    "apiBasePath": "http://api.feedback.redacted.net:18080"
}
My config-selfhost.cfg is as follows (some values are redacted)
com.smotana.clearflask.security.limiter.challenge.CaptchaChallenger$Config.enabled=false
com.smotana.clearflask.store.dynamo.DefaultDynamoDbProvider$Config.productionRegion=eu-central-1
com.smotana.clearflask.store.mysql.DefaultMysqlProvider$Config.host=mysql-db
com.smotana.clearflask.store.mysql.DefaultMysqlProvider$Config.user=root
com.smotana.clearflask.store.mysql.DefaultMysqlProvider$Config.pass=clearflask
com.smotana.clearflask.core.push.provider.BrowserPushServiceImpl$Config.publicKey=redacted
com.smotana.clearflask.core.push.provider.BrowserPushServiceImpl$Config.privateKey=redacted
com.smotana.clearflask.util.DefaultServerSecret$Config.sharedKey:cursor=redacted
com.smotana.clearflask.store.impl.DynamoElasticUserStore$Config.tokenSignerPrivKey=redacted
com.smotana.clearflask.web.Application$Config.domain=feedback.redacted.com
com.smotana.clearflask.web.Application$Config.defaultSearchEngine=READWRITE_MYSQL
com.smotana.clearflask.web.security.AuthCookieImpl$Config.authCookieSecure=true
com.smotana.clearflask.web.Application$Config.startupWaitUntilDeps=true
com.smotana.clearflask.web.Application$Config.createIndexesOnStartup=true
com.smotana.clearflask.security.ClearFlaskSso$Config.secretKey=439E5B12-F4D6-4BEF-9890-2CEEEFA67A8D
com.smotana.clearflask.web.security.SuperAdminPredicate$Config.superAdminEmailRegex=^admin@localhost$
com.smotana.clearflask.web.resource.AccountResource$Config.signupEnabled=true
com.smotana.clearflask.web.security.AuthenticationFilter$Config.connectToken=7cb1e1c26f5d4705a213529257d081c6
com.smotana.clearflask.core.push.provider.EmailServiceImpl$Config.useService=ses
com.smotana.clearflask.core.email.AmazonSimpleEmailServiceProvider$Config.region=eu-central-1
com.smotana.clearflask.core.email.AmazonSimpleEmailServiceProvider$Config.serviceEndpoint=
com.smotana.clearflask.store.s3.DefaultS3ClientProvider$Config.productionRegion=eu-central-1
com.smotana.clearflask.store.impl.S3ContentStore$Config.hostname=clearflask-s3.s3.amazonaws.com
com.smotana.clearflask.store.impl.S3ContentStore$Config.bucketName=clearflask-s3
com.smotana.clearflask.store.impl.S3ContentStore$Config.scheme=https
com.smotana.clearflask.store.impl.S3ContentStore$Config.createBucket=false
com.smotana.clearflask.store.impl.S3ContentStore$Config.proxyEnabled=false
com.smotana.clearflask.store.ConfigAwsCredentialsProvider$Config.awsAccessKeyId=redacted
com.smotana.clearflask.store.ConfigAwsCredentialsProvider$Config.awsSecretKey=redacted
I also am using Apache as a reverse proxy for both main site (frontend) and API (backend)
My Apache configurations are as follows
Backend
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"

ProxyPass / http://localhost:18080/
ProxyPassReverse / http://localhost:18080/
<Proxy *>
    allow from all
</Proxy>
Frontend
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

#ProxyPreserveHost On
ProxyPass / http://localhost:19080/
ProxyPassReverse / http://localhost:19080/
DynamoDB is correctly configured because I can see that when I start the docker compose, a table is added to it I know for sure that SES is also working because I have tested it manually outside this environment For S3 I can't be sure because I haven't got yet to the point where I could successfully log in to the ClearFlask dashboard
I can start docker compose, apparently, without any issues. This is what I get as a final log entry when the docker compose is started
clearflask-server-1   | 20-Nov-2024 15:28:22.976 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/ROOT] has finished in [27,115] ms
clearflask-server-1   | 20-Nov-2024 15:28:22.981 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
clearflask-server-1   | 20-Nov-2024 15:28:22.997 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 27223 ms
As soon as I try to create an admin account, I get this in the logs
clearflask-connect-1  | react-i18next:: It seems you are still using the old wait option, you may migrate to the new useSuspense behaviour.
clearflask-server-1   | 20-Nov-2024 15:30:53.969 SEVERE [http-nio-8080-exec-1] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [api] in context with path [] threw exception [com.smotana.clearflask.web.ApiException: 404: Project does not exist or was deleted by owner] with root cause
clearflask-server-1   |         com.smotana.clearflask.web.ApiException: 404: Project does not exist or was deleted by owner
clearflask-server-1   |                 at com.smotana.clearflask.web.resource.ProjectResource.lambda$configBindSlug$0(ProjectResource.java:158)
clearflask-server-1   |                 at java.base/java.util.Optional.orElseThrow(Optional.java:408)
clearflask-server-1   |                 at com.smotana.clearflask.web.resource.ProjectResource.configBindSlug(ProjectResource.java:158)
clearflask-server-1   |                 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
clearflask-server-1   |                 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
clearflask-server-1   |                 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
clearflask-server-1   |                 at java.base/java.lang.reflect.Method.invoke(Method.java:566)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:243)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
clearflask-server-1   |                 at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
clearflask-server-1   |                 at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
clearflask-server-1   |                 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
clearflask-server-1   |                 at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
clearflask-server-1   |                 at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
clearflask-server-1   |                 at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
clearflask-server-1   |                 at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
clearflask-server-1   |                 at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
clearflask-server-1   |                 at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
clearflask-server-1   |                 at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
clearflask-server-1   |                 at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
clearflask-server-1   |                 at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
clearflask-server-1   |                 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
clearflask-server-1   |                 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
clearflask-server-1   |                 at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
clearflask-server-1   |                 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
clearflask-server-1   |                 at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
clearflask-server-1   |                 at com.smotana.clearflask.web.filter.HttpRedirectorFilter.doFilter(HttpRedirectorFilter.java:52)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
clearflask-server-1   |                 at com.smotana.clearflask.web.filter.ApiExceptionMapperFilter.doFilter(ApiExceptionMapperFilter.java:48)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
clearflask-server-1   |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
clearflask-server-1   |                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
clearflask-server-1   |                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
clearflask-server-1   |                 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
clearflask-server-1   |                 at org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java:571)
clearflask-server-1   |                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
clearflask-server-1   |                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
clearflask-server-1   |                 at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:698)
clearflask-server-1   |                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
clearflask-server-1   |                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:367)
clearflask-server-1   |                 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:639)
clearflask-server-1   |                 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
clearflask-server-1   |                 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:882)
clearflask-server-1   |                 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1693)
clearflask-server-1   |                 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
clearflask-server-1   |                 at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
clearflask-server-1   |                 at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
clearflask-server-1   |                 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
clearflask-server-1   |                 at java.base/java.lang.Thread.run(Thread.java:829)
I have no idea what I am doing wrong and how to solve this
Maybe someone can get a glimps on this and see where is my mistake?
I use ClearFlask on:
  • [X] Self-hosted (Own domain)
  • [ ] Cloud (clearflask.com)
  • [ ] Haven't tried (yet)
My financial contributions to ClearFlask:
  • [X] I use a free Plan for now because I am evaluating options
  • [ ] Thinking about it
  • [ ] Monthly / Yearly Plan
  • [ ] Lifetime Plan