search

linuxserver / docker-bookstack

A Docker container for the BookStack documentation wiki
GNU General Public License v3.0
814 stars 109 forks source link

[BUG] <title>Can't Use Domain URL to Login Bookstack #239

Open nakroy opened 3 weeks ago

nakroy commented 3 weeks ago

Is there an existing issue for this?

Current Behavior

I use kubernetes deployments to deploy bookstack, and I set APP_URL as a domain name for https visit. But the problem is that after I use default username "admin@admin.com" and default password "password" to login. the problem occurs with error code like this: 419 Page Expired

Expected Behavior

user can succesfully login bookstack by domain name with https protocol

Steps To Reproduce

  1. My deployments yaml file is set like this: 
    apiVersion: v1
kind: Service
metadata:
name: bookstack
spec:
selector:
app: bookstack
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bookstack-ingress
annotations:
cert-manager.io/cluster-issuer: "ca-cluster-issuer"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: "nginx"
tls:
- hosts:
    - my-bookstack.com
  secretName: bookstack-certs
rules:
- host: my-bookstack.com
  http:
    paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: bookstack
            port:
              number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bookstack-pvc
labels:
app: bookstack
spec:
storageClassName: nfs-fpt-storage
accessModes:
- ReadWriteMany
resources:
requests:
  storage: 100Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bookstack
namespace: bookstack
labels:
app: bookstack
spec:
replicas: 1
selector:
matchLabels:
  app: bookstack
template:
metadata:
  labels:
    app: bookstack
spec:
  containers:
    - name: bookstack
      image: linuxserver/bookstack:24.05.2
      ports:
        - name: http
          containerPort: 80
      envFrom:
      - configMapRef:
          name: bookstack-config
      resources:
        limits:
          cpu: "2"
          memory: "2Gi"
      volumeMounts:
      - name: bookstack-storage
        mountPath: /config
  volumes:
    - name: bookstack-storage
      persistentVolumeClaim:
        claimName: bookstack-pvc

    I use cert-manager to create tls secret for ingress automatically.

The mariadb I use for deployments is:

apiVersion: v1
kind: Service
metadata:
  name: mariadb
  labels:
    app: bookstack
spec:
  ports:
    - port: 3306
      protocol: TCP
  selector:
    app: bookstack
    tier: mariadb
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bookstack-db-pvc
  labels:
    app: bookstack
spec:
  storageClassName: nfs-fpt-storage
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 30Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bookstack-db
  labels:
    app: bookstack
spec:
  selector:
    matchLabels:
      app: bookstack
      tier: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: bookstack
        tier: mariadb
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            preference:
              matchExpressions:
              - key: server-type
                operator: In
                values: 
                - database
      containers:
      - image: linuxserver/mariadb:10.11.8
        name: bookstack-mariadb
        env:
        - name: PUID
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: PUID
        - name: PGID
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: PGID
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_PASSWORD
        - name: MYSQL_DATABASE
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_DATABASE
        - name: MYSQL_USER
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_USERNAME
        - name: MYSQL_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_PASSWORD
        ports:
        - containerPort: 3306
        volumeMounts:
        - name: bookstack-db-storage
          mountPath: /config
      volumes:
      - name: bookstack-db-storage
        persistentVolumeClaim:
          claimName: bookstack-db-pvc

And I use configMap for env variable:

apiVersion: v1
kind: ConfigMap
metadata:
  name: bookstack-config
data:
  PUID: "1000"
  PGID: "1000"
  DB_DATABASE: bookstack
  DB_HOST: mariadb
  DB_PORT: "3306"
  DB_PASSWORD: "bookstack123"
  DB_USERNAME: "admin"
  APP_URL: "https://my-bookstack.com"
  APP_KEY: "base64:xxxxxx"

  1. I deploy the resources, and use URL https://my-bookstack.com to visit the website, and after I use default user and password for logging, it returns an error code with a page like this: image

  2. It's all fine if I use LoadBalancer type of Service and set up a static IP, such as 192.168.1.2, and change APP_URL=http://192.168.1.2, but this is under HTTP protocol which is not safe and can't use domain URL to visit.

Environment

- OS: Ubuntu 22.04
- How docker service was installed: use deployments yaml file in Kubernetes

CPU architecture

x86-64

Docker creation

The creation file is mentioned above with deployments yalm file.

Container logs

No error log in pod
github-actions[bot] commented 3 weeks ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

nakroy commented 3 weeks ago

Another question I want to ask is that is this docker image supporting multi replicas?