Open wguanicedew opened 1 year ago
rmiccoli
commented
1 year ago Hi, the problem could be related to the forwarded headers from reverse proxy.
Have you added the IAM_FORWARD_HEADERS_STRATEGY=native environment variable in your deployment?
In Indigo IAM < v1.8.0 it was IAM_USE_FORWARDED_HEADERS=true.
wguanicedew
commented
1 year ago I am using v1.8.0. Without IAM_FORWARD_HEADERS_STRATEGY=native, most of the time it can work with port 8443. Only a few use cases it will redirected 8080. With IAM_FORWARD_HEADERS_STRATEGY=native, all requests are redirected to 443, instead of 8443. All things are broken.
(1) with https://rubin-panda-iam-dev.slac.stanford.edu:8443/login, it works ok. I can use it to login, register (if I am not registered). However, when clicking https://rubin-panda-iam-dev.slac.stanford.edu:8443/, I will be redirected to https://rubin-panda-iam-dev.slac.stanford.edu:8080/login.
(2) in https://rubin-panda-iam-dev.slac.stanford.edu:8443/login, when clicking 'apply for an account', I will be redirected to "https://rubin-panda-iam-dev.slac.stanford.edu:8080/openid_connect_login?iss=https://cilogon.org". The port has been changed from 8443 to 8080. If manually changing to port to 8443, "https://rubin-panda-iam-dev.slac.stanford.edu:8443/openid_connect_login?iss=https://cilogon.org" works ok.
For the configuration, I have changed all port to 8443 (the nginx port, the docker image port (the internal docker is listening 8443, instead of 8080), IAM_PORT=8443 and so on). I don't have anywhere defines 8080. However I am frequently redirected to 8080. Could you help have a look?