Login issues after install

so I was able to deploy the tutor on a VPS. but now weird issue is that I get an error for my superuser I created and cannot register. comes up with “An unexpected error”.

https://apps.roninuniversity.com/authn/register?next=%2F

Used the YT channel to deploy. https://www.youtube.com/watch?v=dTHHeEXu2c8&list=PL87xhvJSz2W5AhGcra8ojmxqIGSUetiZY

using IONOS VPS with static IP coupled with CloudFlare for DNS.

Ubuntu 22.04LTS is the OS.

Docker version 26.1.2, build 211e74b

it’s docker based, FW rules have 80, 443, and 22. are there any other ports that need to be opened?

Hopefully this helps to help point me in the right direction.

Hi @Limskey ! I can’t help you with this issue but I recategorized your post to Site Operators > Tutor Help. Please ensure you choose an appropriate topic before you post - not everyone gets notifications for all topics, so choosing the right topic can get more eyeballs on it!

I would recommend editing your post with a lot more details. What instructions did you follow, for example? What steps did you take? Where is your VPS? More detail will mean better help.

Best,
Sarina

understood, I will update now.

it might be worthwhile to inspect the logs on the server side: in an SSH session try run a tail on the logs then reproduce the error to see if the logs provide more detail into the failure

tutor local logs --tail=1 -f

the number following “tail” is just how many of the last lines of the logfile to include in the output, but when you tail the log it provides results in realtime, so you start the tail then perform an action to get your error, then you can stop the tail (CRTL+C) and somewhere there in your logs should be an error corresponding to the failure

I noticed when I inspect your site I see this error:
Mixed Content: The page at 'https://apps.roninuniversity.com/authn/login?next=%2F' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://roninuniversity.com/login_refresh'. This request has been blocked; the content must be served over HTTPS.
Are you doing reverse proxy through CloudFlare? If so maybe try turning that off to test if it still gives the same issue, you might have a config issue with CloudFlare perhaps, just a guess though I’m not certain…

Hot digity dog, that’s it! so now I’m wondering what the issue is with CloudFlare since it’s a pretty good tool to help mitigate attacks and what not. do you think the CNAME * value is the issue?

You can definitely use CloudFlare; there is just some configuration issue resulting in use of plain HTTP instead of HTTPS.

CloudFlare might be configured to use plain HTTP (instead of HTTPS) to connect to your LMS, in which case you need to change the URL on the CloudFlare side from http:// to https://.

If CloudFlare is definitely using HTTPS to load your site, then there is some misconfiguration that causes the LMS to not detect that CloudFlare or Caddy (the two proxies involved) are in HTTPS mode, via the X-Forwarded headers or similar. You can probably find other posts on the forum about that, but usually Tutor takes care of it for you, so I’m surprised if that is the issue.

If your origin server hosting the Tutor instance has a valid SSL cert then you might want to set your SSL/TLS encryption mode to Full(Strict). There’s some more info about the encryption methods here: Encryption modes · Cloudflare SSL/TLS docs

You might find (just an example) that you’ve set up encryption on CloudFlare but set up your Tutor instance without HTTPS. Caddy should be serving HTTPS to CloudFlare in order for the encryption to work properly

so placing the CF SSL encryption mode to full gives me a 521 error. when in Flexible, it’s cool but the apps.domain and studio.domain are now 80 instead of 443. with the tutor launch local and answering Yes to the https, I wonder if the certs are being deployed or not. I thought Caddy would automate the certificates, right?

edit: I added apps.ronin… and studio.ronin… as an A record. maybe that will fix it? but I thought the * in the CNAME would take care of all this as it is proxy’d through CF.

edit2: the A records for apps and studio did not /does not work…

A record vs CNAME types should not have any impact on functionality as they simply resolve a DNS name to IP address, though typically you’d have an A record for the main host (roninuniversity.com) and then a CNAME for all the subdomains (apps.ronin / studio.ronin / preview.ronin / etc).
Wildcards are supported on CloudFlare but I typically prefer to explicitly define my records.

If during the tutor local launch you answered Yes for activating the SSL certs then it should be active. Check in your config.yml file if ENABLE_HTTPS is set to true to confirm if its active or not. You might also have encountered errors during the cert creation that was missed initially.

Assuming its disabled you can enable it in commandline by running:
tutor config save --set ENABLE_HTTPS=true
https://docs.tutor.edly.io/configuration.html#ssl-tls-certificates-for-https-access

seems like Caddy is the issue: {“level”:“error”,“ts”:1715772446.9925385,“logger”:“http.acme_client”,“msg”:“challenge failed”,“identifier”:“roninuniversity.com”,“challenge_type”:“tls-alpn-01”,“problem”:{“type”:“urn:ietf:params:acme:error:unauthorized”,“title”:“”,“detail”:“Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge”,“instance”:“”,“subproblems”:}}