Closed JeppeBylov closed 2 years ago
@tfenster - I don't think this is a general problem that version 20.x doesn't work with traefik - right? Did you try to give the 20.1 container a different name to see whether it is because traefik doesn't see the change?
No, all good for lots of 20.1 containers.
@JeppeBylov does the container become healthy?
@tfenster I'm working on this project with Jeppe. It seems like the BC 20.1 container becomes unhealthy - I've used the same script as Jeppe with 20.1 and 18.4
@Bjarke848 then you will need to figure out why the 20 container is unhealthy. Traefik only handles healthy containers
QQ - do you use the same AAD App Registration for the 18.x and the 20.x instance? There are differences, I cannot remember the details - but they are on docs.
This PR https://github.com/microsoft/navcontainerhelper/commit/7c29b487263bde96cb99143819bb9db8f91deb2b added OpenIdConnect support for AAD App Registration created by Create-AadAppsForBC (FYI)
@freddydk No, we are not using the same App Registration for 18.4 and 20.1
I have also created a number of 20.x containers with AAD auth and traefik over the weekend (to test Edit In Excel - another issue) - they work fine for normal usage, so the issue must be local.
Maybe you can use https://aka.ms/getbc to create a VM with AAD auth and traefik and then compare the apps and BC generated with the ones created by the script you use.
@freddydk @tfenster @JeppeBylov I've figured it out. The EventViewer got the exception "AadApplicationId cannot be null or empty".
So instead of running Create-AadAppsForBC after I've created the container, I used an existing AAD App Registration, and added the AadAppId parameter (-AadAppId "**-**...) to the New-BCContainer script.
Script:
$containerName = "KvikTestBC20BVI" $authenticationEmail = "bvi@kvik.com" $cetificatefile = "C:\Temp\wildcard_kvik_com_2022.pfx"
$bcartifact = Get-BCArtifactUrl -type OnPrem -country "w1" -version "20.1" -select Latest
$params = @{ "auth" = 'AAD' "containerName" = $containerName "multitenant" = $false "artifacturl" = $bcartifact "updateHosts" = $true "useTraefik" = $true "myscripts" = @("C:\Powershell Scripts\SetupCertificate.ps1", $cetificatefile) "publicDnsName" = 'bc.kvik.com' "authenticationEMail" = $authenticationEmail }
New-BCContainer @params -accept_eula
-accept_outdated -Credential $Credential
-doNotExportObjectsToText -shortcuts CommonDesktopFolder
-AadAppId "8eba5471-99e5-1111-1111-93fbaf782ec0"
Healthy and possible to reach!
PLEASE DO NOT INCLUDE ANY PASSWORDS OR TOKENS IN YOUR ISSUE!!!
Describe the issue We are using traefik for exposing containers externally. We recently decided to start the process of upgrading our containers from 18.4 to 20.1. When we create a container for version 20.1, traefik no longer registers the labels and therefore we get a "Bad Gateway" error when browsing the URL. Works fine for version 18.4, scripts for creating containers are identical except version.
Scripts used to create container and cause the issue
Full output of scripts 20.1
18.4
Screenshots If applicable, add screenshots to help explain your problem. Picture of 18.4 working - it registers 6 frontends
20.1 - no frontends registered
Additional context