Forum Discussion

Former Member's avatar
Former Member
5 years ago

[Docker] [Plesk] 401: Invalid Bearer Token

We set up the 1pw connect and api locally through docker, which was working just fine. Today we tried to move it to online, but ran into several issues. Our current issue is, that even though dockers seems to be working well (console logs look good), the only result I get, making a valid request through Postman (which yields good results from my local docker), is
"{"status":401,"message":"Invalid bearer token"}"

  • The yml is configured with the sample yml file provided in the docs
  • The server is running on Ubuntu 20.04.3 LTS with Plesk Obsidian Version 18.0.37 Update #2,

We had a lot of trouble with setting the mapping, because 1pw image settings for docker on plesk do not seem to allow setting a shared path volume as is done with the yml file (volumes: data:)(Side note: we're running the 1pw connect services on another server than the application we're building). We worked around this by docker inspect-ing the 1pw sync, copying the wpd and pasting it into the volume mapping for both. This is working, but it was anything but clean (the suggested approach didn't work) and I'm afraid this might be the cause for the bearer problem.

Any help is greatly appreciated!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

3 Replies

  • Former Member's avatar
    Former Member

    Glad to hear you resolved it!

    It sounds like there are some quirks with how Plesk creates directories for Docker volumes on the host machine. We can't provide Plesk advice, but if you do come across a more permanent solution you're welcome to share it here.

    Thanks again for following up :)

  • Former Member's avatar
    Former Member

    Hello David,

    thank you very much for your quick and detailled reply. Before writing my previous message, we did exactly as suggested by you.
    However, the

    path to a directory on your server (for example, /var/docker/op)
    does not seem to apply for plesk. If we use a path - any path outside of the volume directory created by docker for the connect-sync service results in various error message along the lines of
    {"log_message":"(I) no database found, will retry in 1s","timestamp":"2021-09-29T12:55:56.278587349Z","level":3}
    So we now have a path which is something along the lines of
    /var/lib/docker/volumes/e24bc803a75870004......32093/1password-credentials.json and
    /var/lib/docker/volumes/e24bc803a75870004......32093/_data
    set for both containers.

    BUT: Spending ~2 1/2 hours on this yesterday, along with two other developers, and another 1 hour today, trying all crazy stuff, out of a sudden, today, it worked. Not sure what did the trick. We had those settings at about half the time working on it yesterday.

    Anyway, leaving this here in case someone else comes across the same issues.

    Thanks!

  • Former Member's avatar
    Former Member

    Hello!

    Sorry to hear that about the issues you're having with Plesk. I'm not too familiar with how Plesk handles Docker and Docker Volumes, but I can make some suggestions for how to map the Docker volumes.

    Our https://github.com/1Password/connect/blob/ad080cc3c1f982ea6af5bf83dce6a736ef4a5fc4/examples/docker/compose/docker-compose.yaml example defines the following volumes:


    volumes:
    - "./1password-credentials.json:/home/opuser/.op/1password-credentials.json"
    - "data:/home/opuser/.op/data"

    If I understand Plesk's support https://support.plesk.com/hc/en-us/articles/115001973253-How-to-map-volumes-in-Docker-on-Plesk-server- then you'll need to configure the following:

    Volume 1:
    - Destination: /home/opuser/.op/1password-credentials.json
    - Source: a path to the 1password-credentials.json file on your server

    Volume 2:
    - Destination: home/opuser/.op/data
    - Source: path to a directory on your server (for example, /var/docker/op)

    You would need both volumes for the API container and the Sync container.

    I'm not sure if Plesk has special configurations for volumes, so these instructions may need some tweaking to work with Plesk.