search

Mailu / helm-charts

Development repo for helm charts
126 stars 130 forks source link

sso.php redirects to itself - 302 status #260

Closed mwinters-stuff closed 1 year ago

mwinters-stuff commented 1 year ago

Environment & Version

2.0.10, Installed via Helm Chart Have existing 1.x install working fine.

Environment

Kubernetes, Helm charts, Traefik proxy.

Version

Description

I have installed onto a fresh database, after a failed upgrade from 1.0.x.

When logging into the administration interface, that works perfectlly.

When attempting to login to WebMail, I get the error "Too Many Redirects", ERR_TOO_MANY_REDIRECTS.

Looking at the network debugging, "sso.php" is doing the redirects to itself.

General

Request URL: https://mail2.XXXX.XXX.nz/webmail2/sso.php
Request Method: GET
Status Code: 302 
Remote Address: 219.88.234.184:443
Referrer Policy: same-origin

Response Headers

cache-control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 27 May 2023 05:30:03 GMT
expires: Sat, 27 May 2023 05:30:01 GMT
last-modified: Sat, 27 May 2023 05:30:01 GMT
location: sso.php
pragma: no-cache
referrer-policy: no-referrer
referrer-policy: same-origin
server: nginx
set-cookie: roundcube_sessauth=-del-; expires=Sat, 27-May-2023 05:29:01 GMT; Max-Age=0; path=/; HttpOnly; SameSite=Strict
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: sameorigin
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-permitted-cross-domain-policies: none
x-robots-tag: none

Request Headers

:authority: mail2.winters.org.nz
:method: GET
:path: /webmail2/sso.php
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
accept-encoding: gzip, deflate, br
accept-language: en-NZ,en;q=0.9,en-GB;q=0.8,en-US;q=0.7
cookie: roundcube_sessid=HIDDEN; authelia_session=HIDDEN
session=HIDDEN
referer: https://mail2.XXXX.XXX.nz/admin/user/settings
sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36

Replication Steps

The configuration is fairly default, with the usual hostnames and database configuration..

The traefik ingress route is:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: mailu2
  namespace: default
  annotations: 
    kubernetes.io/ingress.class: traefik-external
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`mail2.XXXX.XXX.nz`) 
      kind: Rule
      services:
        - name: mailu-front
          namespace: mailu2
          port: 443
  tls:
    secretName: XXX-XX-nz-production-tls

Observed behaviour

Unable to get to the webmail interface.

Expected behaviour

Expect to get to the webmail interface.

Logs

Unable to find anything relevant in the logs.

redimp commented 1 year ago

Ran into the same behaviour, problem was for me that subnet: didn't the podCIDR.

mwinters-stuff commented 1 year ago

@redimp Thanks, that resolved it - I had the subnet entry, as the default value but nothing worked until I removed the entry from the configuration.

Closing.

tbscode commented 11 months ago

Found this issue, helped me fix a related issue.

I was experiencing an infinite redirect when loading the web mailer ( also at sso.php ). After login I would see a ERR_TOO_MANY_REDIRECTS after a while. But I was able to login to the admin dashboard.

I also had the subnet: configured as default `. I tried just settingsubnet: ""` hoping it would configure itself which It didn't ;). Then I saw the redme states that this has to be update.

For me since I was using microk8s + calico I was able to find the pods subnet by looking for CALICO_IPV4POOL_CIDR in microk8s kubectl describe daemonset calico-node -n kube-system.

Now everything seems to work as expected with a minimal configuration like this.

domain: $DOMAIN
hostnames:
  - $DOMAIN
initialAccount:
  enabled: true
  domain: $DOMAIN
  password: ...
  username: ...
logLevel: INFO
limits:
  authRatelimit:
    ip: 100/minute;3600/hour
    user: 100/day
  messageSizeLimitInMegabytes: 200
persistence:
  size: 100Gi
secretKey: ...
ingress:
  tls: true
  annotations:
    cert-manager.io/cluster-issuer: $ISSUER_NAME
subnet: $SUBNET
Denialll commented 6 months ago

Found this issue, helped me fix a related issue.

I was experiencing an infinite redirect when loading the web mailer ( also at sso.php ). After login I would see a ERR_TOO_MANY_REDIRECTS after a while. But I was able to login to the admin dashboard.

I also had the subnet: configured as default `. I tried just settingsubnet: ""` hoping it would configure itself which It didn't ;). Then I saw the redme states that this has to be update.

For me since I was using microk8s + calico I was able to find the pods subnet by looking for CALICO_IPV4POOL_CIDR in microk8s kubectl describe daemonset calico-node -n kube-system.

Now everything seems to work as expected with a minimal configuration like this.

domain: $DOMAIN
hostnames:
  - $DOMAIN
initialAccount:
  enabled: true
  domain: $DOMAIN
  password: ...
  username: ...
logLevel: INFO
limits:
  authRatelimit:
    ip: 100/minute;3600/hour
    user: 100/day
  messageSizeLimitInMegabytes: 200
persistence:
  size: 100Gi
secretKey: ...
ingress:
  tls: true
  annotations:
    cert-manager.io/cluster-issuer: $ISSUER_NAME
subnet: $SUBNET

I encountered the same problem, but changing the subnet does not help, what should I do?