Error: invalid_request Mismatching redirect URI

Site Operators
1

I am trying to completely reinstall edX using Tutor after our admins started pressing me because my install was from 2019. I am using apache2, which uses port 80, to redirect port 8080 to edX. I am using lets-encrypt on the server for certificates. The campus is using DMARC now which won’t let edX send verification emails, so I tried to disable that, by setting SKIP_EMAIL_VALIDATION=true. I have ENABLE_HTTPS=true, with the caddy port set to 8080 and the RUN_PORT set to 8080. I have ENABLE_WEB_PROXY=false. When I try to sign in on studio I get this error. I see there was a bug that was closed about a year ago dealing with this, but it is the last thing I can find. I am running Tutor 18.1.3 in the local environment and not using Kubernetes. The URL that fails is: Authentication
The CMS logs show:
cms-1 | 2024-10-08 20:00:19,774 INFO 1 [tracking] [user None] [ip 172.18.16.161] logger.py:41 - {“name”: “/”, “context”: {“user_id”: null, “path”: “/”, “course_id”: “”, “org_id”: “”, “enterprise_uuid”: “”}, “username”: “”, “session”: “5f626a1b82d6fe59521a0bf1c9395906”, “ip”: “172.18.16.161”, “agent”: “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36”, “host”: “studio.edx.fweb.wallawalla.edu”, “referer”: “”, “accept_language”: “en-US,en;q=0.9”, “event”: “{"GET": {}, "POST": {}}”, “time”: “2024-10-08T20:00:19.773855+00:00”, “event_type”: “/”, “event_source”: “server”, “page”: null}
cms-1 | [pid: 1|app: 0|req: 3/27] 172.17.0.5 () {60 vars in 3290 bytes} [Tue Oct 8 20:00:19 2024] GET / => generated 13680 bytes in 56 msecs (HTTP/1.1 200) 6 headers in 308 bytes (1 switches on core 0)
cms-1 | [pid: 16|app: 0|req: 5/28] 172.17.0.5 () {62 vars in 3468 bytes} [Tue Oct 8 20:00:26 2024] GET /login/?next=http%3A%2F%2Fstudio.edx.fweb.wallawalla.edu%2F => generated 0 bytes in 27 msecs (HTTP/1.1 302) 6 headers in 253 bytes (1 switches on core 0)
cms-1 | [pid: 1|app: 0|req: 4/29] 172.17.0.5 () {62 vars in 3490 bytes} [Tue Oct 8 20:00:26 2024] GET /login/edx-oauth2/?next=http%3A%2F%2Fstudio.edx.fweb.wallawalla.edu%2F => generated 0 bytes in 27 msecs (HTTP/1.1 302) 9 headers in 930 bytes (1 switches on core 0)
frohro@fweb:~/.local/share/tutor$ tutor config printvalue ENABLE_HTTPS

Does anyone have any suggestions?
Thanks,
Rob
image

2

Hi @frohro,
You shouldn’t be using Apache nor letsencrypt. If you just install Tutor local with the default ports, it will create the Caddy container to listen to 443 and handle the ingress traffic and also the certificates.

3

So I cannot use edX on the same server I already have apache2 and letsencrypt on anymore? It worked fine in 20119. Back in 2019 it was a pain, because you had to renew certificates regularly. By using letsencrypt, I found I did not have to do that. Is there some way around this?

4

Caddy does it all for you. It generates and renews all certificates without any user intervention. It actually runs something similar to letsencrypt under the hood. Btw, Caddy is a web server, so you don’t need apache at all.

5

It used to be that Tutor used nginx. In 2019 I was redirecting ports 8080 to edx. I am still doing that, but if I understand correctly it is now using Caddy instead. Should I be redirecting port 443 to something? Right now I am redirecting port 8080. I suspect my problem has to do with the fact that other web pages on my server are using apache2 and I may not be redirecting things correctly. I think this, because I did a test install on my laptop where there is no apache2 server running, and things seemed to work fine there.

6

If I understand correctly I should exclude the edx sites when I setup letsencrypt, but still tell tutor to use SSL/TLS. Is that right?
Thanks!
Rob