search

camunda / camunda-platform-helm

Camunda Platform 8 Self-Managed Helm charts
https://docs.camunda.io/docs/self-managed/overview/
Apache License 2.0
72 stars 135 forks source link

[BUG] Identity on Ingress subpath geting failed- static/js/main.97750144.js Status Code: 404 #494

Closed deepakpal-in closed 9 months ago

deepakpal-in commented 1 year ago

Describe the bug:

Not able to run identity completely on https using the subpath:

Actual behavior:

Identity is giving Status Code: 404 after login for below files:

https://myELB.us-east-1.elb.amazonaws.com/static/js/main.97750144.js https://myELB.us-east-1.elb.amazonaws.com/static/css/main.42f6e202.css

then for https://myELB.us-east-1.elb.amazonaws.com//**identity**/serviceWorker.js?basePath=%2Fidentity it is giving 200

but again for https://myELB.us-east-1.elb.amazonaws.com//favicon.png it is ginvign Erroe 404.

Expected behavior:

Identity should work normally with self signed certificate warning in the browser.

How to reproduce:

Below is my custom value file:

global:
  ingress:
    enabled: true
    tls:
      enabled: true
      #secret using self signed certificate
      secretName: "camunda8-bpm-platform-tls"
    host: "my-elb-id.us-east-1.elb.amazonaws.com"

    annotations:
      external-dns.alpha.kubernetes.io/hostname: "my-elb-id.us-east-1.elb.amazonaws.com"
  identity:
    auth:
      publicIssuerUrl: https://my-elb-id.us-east-1.elb.amazonaws.com/auth/realms/camunda-platform
      operate:
        redirectUrl: https://my-elb-id.us-east-1.elb.amazonaws.com/operate
      tasklist:
        redirectUrl: https://my-elb-id.us-east-1.elb.amazonaws.com/tasklist
      optimize:
        redirectUrl: https://my-elb-id.us-east-1.elb.amazonaws.com/optimize

operate:
  service:
    type: NodePort
  contextPath: "/operate"

identity:
  service:
    type: NodePort
  keycloak:
    service:
      type: NodePort
    #extraEnvVars:
    #- name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
    #  value: "true"
    #- name: KEYCLOAK_FRONTEND_URL
    #  value: https://my-elb-id.us-east-1.elb.amazonaws.com/auth
  env:
    - name: IDENTITY_URL
      #value: https://my-elb-id.us-east-1.elb.amazonaws.com/identity
      value: https://my-elb-id.us-east-1.elb.amazonaws.com/identity
  contextPath: "/identity"
  #contextPath: "/"
  fullURL: https://my-elb-id.us-east-1.elb.amazonaws.com/identity
  #fullURL: https://my-elb-id.us-east-1.elb.amazonaws.com/

tasklist:
  service:
    type: NodePort
  contextPath: "/tasklist"

optimize:
  service:
    type: NodePort
  contextPath: "/optimize"

zeebe-gateway:
  ingress:
    enabled: true
    className: nginx
    host: "zeebe.my-elb-id.us-east-1.elb.amazonaws.com"
  #service:
  #  type: NodePort

Logs:

Logs from my keycloak pod:

12:09:59,250 INFO  [org.hibernate.Version] (ServerService Thread Pool -- 67) HHH000412: Hibernate Core {5.3.24.Final}
12:09:59,251 INFO  [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 67) HHH000206: hibernate.properties not found
12:09:59,382 INFO  [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 67) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
12:09:59,513 INFO  [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 67) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect
12:09:59,567 INFO  [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 67) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException
12:09:59,570 INFO  [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 67) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@35092169
12:09:59,574 INFO  [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 67) Envers integration enabled? : true
12:09:59,800 INFO  [org.hibernate.orm.beans] (ServerService Thread Pool -- 67) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
12:09:59,994 INFO  [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 67) HV000001: Hibernate Validator 6.0.22.Final
12:10:01,014 INFO  [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 67) HHH000397: Using ASTQueryTranslatorFactory
12:10:01,543 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0050: Initializing master realm
12:10:03,541 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0006: Importing users from '/opt/bitnami/keycloak/standalone/configuration/keycloak-add-user.json'
12:10:03,958 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0009: Added user 'admin' to realm 'master'
12:10:04,126 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
12:10:04,127 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,127 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,128 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
12:10:04,194 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 67) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
12:10:04,253 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed "keycloak-metrics-spi-2.5.3.jar" (runtime-name : "keycloak-metrics-spi-2.5.3.jar")
12:10:04,254 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
12:10:04,331 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
12:10:04,334 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.1.1 (WildFly Core 18.0.4.Final) started in 25457ms - Started 718 of 1020 services (699 services are lazy, passive or on-demand)
12:10:04,335 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
12:10:04,335 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990/
12:10:35,449 ERROR [org.keycloak.theme.DefaultThemeManager] (default task-1) Failed to find LOGIN theme identity, using built-in themes

Environment:

aabouzaid commented 1 year ago

Hi @deepakpal-in, In your browser, did you trust your self-signed certificate? Which browser, version, OS platform do you use?

deepakpal-in commented 1 year ago

I have added/installed certs in the trusted root certificate authority. Still same results. Not able to run the service getting 404 error along with that. It's still showing certificate related error.

Browser: Edge 88, Chrome 107 OS: Windows server 2022 / Windows 10 Pro / Windows Server 2019

deepakpal-in commented 1 year ago

@aabouzaid Is this is any solution available for this issue ? Looking forward to solve this problem and try using the camunbda 8 platform.

aabouzaid commented 1 year ago

@deepakpal-in I plan to debug it next week. But if you want a quick solution, I believe by setting set Identity context to the root of the domain, that should work.

So you will have the following: