I’m a peertube newcomer. I’ve followed the instructions for installing and it is being served up on port 8443.
I’m hitting two errors when trying my initial login:
A splash dialogue shows, « Cannot retrieve OAuth Client credentials: Getting client tokens for host peertube.example.com is forbidden. Ensure you have correctly configured PeerTube (config/ directory), in particular the « webserver » section. »
If I close out the dialogue and enter the username « root » and the password from the log file (/var/www/peertube/storage/logs/peertube.log), I get the error: « Invalid client: client is invalid ».
This error usually happen when the configured web server url does not match the actual url.
In the log, we can see peertube.example.com: you probably forgot to change this in your production.yaml file.
Yes you can.
But you did not provide all information… So i’m trying to guess what’s wrong.
(edit: i didn’t saw that you mentionned the 8443 port in your first message.)
Given this piece of configuration, url in your browser should be https://peertube.example.com:8443. Is this the url you were trying to use?
@mzagrabe , can you check your Peertube server logs (usually in /var/www/peertube/storage/logs, and probably also in syslog), for a line that looks like:
Getting client tokens for host A is forbidden (expected B).
The difference between A and B should help you find the configuration issue.
I don’t know if you have some dev skills. Just in case, here is the code:
const serverHostname = CONFIG.WEBSERVER.HOSTNAME
const serverPort = CONFIG.WEBSERVER.PORT
let headerHostShouldBe = serverHostname
if (serverPort !== 80 && serverPort !== 443) {
headerHostShouldBe += ':' + serverPort
}
// Don't make this check if this is a test instance
if (!isTestOrDevInstance() && req.get('host') !== headerHostShouldBe) {
logger.info(
'Getting client tokens for host %s is forbidden (expected %s).', req.get('host'), headerHostShouldBe,
{ webserverConfig: CONFIG.WEBSERVER }
)
return res.fail({
status: HttpStatusCode.FORBIDDEN_403,
message: `Getting client tokens for host ${req.get('host')} is forbidden`
})
}
The API call to https://your_domain:8443/api/v1/oauth-clients/local returns this error message. So we just need to understand why the request host does not match the wanted host+port.
I’ve gone through the log file before and have seen this error:
{"level":"info","message":"Getting client tokens for host peertube.example.com is forbidden (expected peertube.example.com:8443).","label":"peertube.example.com:8443","webserverConfig":{"SCHEME":"https","WS":"wss","HOSTNAME":"peertube.example.com","PORT":8443},"timestamp":"2025-01-02T17:59:30.678Z"}
…but I’m not sure where to correct it in the production.yaml file.
Are you sure that there is no typo, and that it is exactly the same domaine that is mentioned?
If so, it is probably a bug, and you can open an issue if you have a github account.
He sent me the URL, and I can confirm that there is no typo in the redacted logs and configuration.
When i use the correct url with the port in the browser, I have the same error.
When I use curl (curl 'https://xxxxxxxxxx:8443/api/v1/oauth-clients/local'), i got the same error.
It seems that req.get('host') only returns the host, not the port.
So the backend test does not work.