So I have nimble installed for a month or so, not particularly using it, just setup two re-route, they are protected with paywall wms signurl
Today I restarted the server and now I get a 403 error? in the log it says:
[work1] E: signature is correct but (nimble time + timetolerance) < signature time. use NTP on web and nimble server SignatureTime=[2023-Apr-18 09:54:38] NimbleTime=[2023-Apr-18 09:50:20] TimeTolerance= ClientIp=[x.x.xx, signature=[c2VydmV
my server (and php timezone too) use Tokyo time (while I m in Europe) so I assume this could be the reason but I don't understand why only now I m facing this issue.
What workaround do I have (changing my server timezone is not an option)
The following string "SignatureTime=[2023-Apr-18 09:54:38] NimbleTime=[2023-Apr-18 09:50:20]" means that a web server and Nimble server have different time, about 4min18sec difference, which exceeds the defined TimeTolerance=. Please make sure both servers are syncing their time with an NTP server. (enlarging timetolerance value itself is not a perfect solution in this case)
Timezone is not relevant, machines are synced in Coordinated Universal Time (UTC).
In Linux, the 'timedatectl' command should return the status like 'System clock synchronized: yes' and 'NTP service: active'. If it's returned to be 'inactive', try 'timedatectl set-ntp true'.
I understood this but I m deliberately using Asia/Tokyo timezone for others reasons. Originally the reason was I am using a 24h token (php token hence the timezone parameters in php.ini) that would reset at midnight, a time I had lots of customers. So to avoid the token to expire when the site was crowded I actually changed the timezone. all my servers are setup this way.
Local time: Wed 2023-04-19 20:50:06 JST
Universal time: Wed 2023-04-19 11:50:06 UTC
RTC time: Wed 2023-04-19 11:49:36
Time zone: Asia/Tokyo (JST, +0900)
but true, that server was out of time compared to the others, after adjusting this (they have to work at the same hour) it's working again.
I assume another is to increase the time tolerance of the vms signature
Thank you for answering, regards
and required to achieve the purposes illustrated in the
If you want to know more or withdraw your consent to all or some of the cookies, please
refer to the