Closed lamuertepeluda closed 5 years ago
Hi, thanks for opening an issue so that we can assist you.
Make sure the configured redirect URI in the FusionAuth application is correct.
If that is correct, this is likely a proxy configuration issue. Review these issues for further context. https://github.com/FusionAuth/fusionauth-issues/issues/112#issuecomment-481724601 https://github.com/FusionAuth/fusionauth-issues/issues/114#issuecomment-482424013 https://github.com/FusionAuth/fusionauth-issues/issues/92#issuecomment-474906718
TL;DR You'll have to let FusionAuth know what the public URL is by using X-Forwarded-
headers. Some of these headers may already be added, so you could use set headers to ensure the headers are not duplicated.
appendHeaders:
"x-forwarded-port": "30657"
If your browser sees http://fusionauth.minikube
and the error says http://fusionauth.minikube:30657:30657
then the scheme and host look correct, just the port is wrong.
@robotdan Thank you very much! You pointed me to the right solution.
I post here my solution (in case somebody else would find it useful)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fusionauth
annotations:
kubernetes.io/ingress.class: traefik
ingress.kubernetes.io/custom-request-headers: "X-Forwarded-Port:30657||X-Forwarded-Host:fusionauth.minikube"
spec:
rules:
- host: fusionauth.minikube
http:
paths:
- path: /
backend:
serviceName: fusionauth
servicePort: 9011
Thanks @lamuertepeluda for posting your solution! I am sure someone else will find it useful.
In the next release of FusionAuth we will post a large warning on the dashboard when these headers are not set correctly when behind a proxy. We hope this will reduce how many run into this issue.
This project rocks! 🎸
Hi there,
great work: I was trying to use the kubernetes setup locally with minikube.
The container setup seems to work good.
However there is no way I got it working (meaning: accessing from outside the cluster) with an ingress such as traefik, except using port forward (which is a non-solution).
kubectl port-forward svc/fusionauth 9011:9011
I tried adding this traefik configuration for an ingress:
I followed this guide and used a where port was assigned to the deployment, in my case 30657
Deployment
for the access. fusionauth.minikube is something like: clusterIp:Browsing to http://fusionauth.minikube:30657 I get a nasty error
error_description" : "Invalid redirection uri http://fusionauth.minikube:30657:30657/login",
What I'm doing wrong here?
Thank you