Closed Knniff closed 1 year ago
The provided screenshot was taken with Firefox, using edge/chromium i get a slightly different error: "Cannot read properties of undefined (reading 'replace')"
After trying around for a bit i also noticed that the webui uses cause a significant slowdown of the respective browsersand the task manager shows 30-40% cpu utilization (ryzen 7 4700U) for the browser (happens in both firefox and edge).
Hello @Knniff sorry to see that you facing issues with the Keycloak integration.
Regarding the blank screen and the error, can you please open the development tools
from your browse and refresh the page, then if you go to Console
you should see more details about the error your are facing.
You can also check the management server logs by issuing the following command:
docker-compose logs management
Regarding the CPU consumption, let's check it again after we solve the first issue? I would like to have a look if it is related to the current errors you are facing.
This is the error from the firefox dev tools:
TypeError: e.split(...)[1] is undefined
mC token.ts:21
gC token.ts:26
e token.ts:38
Babel 7
p
C
E
r
s
o
o
e token.ts:36
e header-factory.ts:6
Babel 7
p
C
E
r
s
o
o
an header-factory.ts:6
t api-request.ts:11
Babel 7
p
C
E
r
s
o
o
sn api-request.ts:6
value api-request.ts:6
value api-client.ts:18
ZG App.tsx:59
React 3
rc
Sl
El
S scheduler.production.min.js:13
I scheduler.production.min.js:14
App.tsx:66:17
And here are the logs from the managment container:
Attaching to infrastructure_files-management-1
infrastructure_files-management-1 | time="2023-04-11T10:20:41Z" level=info msg="loading OIDC configuration from the provided IDP configuration endpoint https://gitlab.domain.de/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-04-11T10:20:42Z" level=info msg="loaded OIDC configuration from the provided IDP configuration endpoint: https://gitlab.domain.de/.well-known/openid-configuration"
infrastructure_files-management-1 | time="2023-04-11T10:20:42Z" level=info msg="overriding HttpConfig.AuthIssuer with a new value https://gitlab.domain.de, previously configured value: https://gitlab.domain.de"
infrastructure_files-management-1 | time="2023-04-11T10:20:42Z" level=info msg="overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://gitlab.domain.de/oauth/discovery/keys, previously configured value: https://gitlab.domain.de/oauth/discovery/keys"
infrastructure_files-management-1 | 2023-04-11T10:20:42Z INFO management/server/telemetry/app_metrics.go:144: enabled application metrics and exposing on http://0.0.0.0:8081
infrastructure_files-management-1 | 2023-04-11T10:20:42Z INFO management/server/account.go:636: single account mode disabled, accounts number 0
infrastructure_files-management-1 | 2023-04-11T10:20:42Z INFO management/cmd/management.go:233: running gRPC backward compatibility server: [::]:33073
infrastructure_files-management-1 | 2023-04-11T10:20:42Z INFO management/cmd/management.go:265: running HTTP server and gRPC server on the same port: [::]:443
I also noticed, that the high cpu consumption only occurs after clicking on the settings button.
Hi @Knniff,
it seems the UI has issues validating the JWT. As Gitlab is using ID tokens can you check your configuration if NETBIRD_TOKEN_SOURCE=idToken
is set? After you change it you need to run configure.sh again.
The UI is doing quite a few retries if JWT validation fails. That might be the reason for the high CPU usage.
Please let me know if that solves the issue.
What do i have to put as NETBIRD_TOKEN_SOURCE? My Gitlab instance gives me an "Application ID" and "Secret"
Here are my setup files. setup.env
## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.domain.de"
# OIDC configuration e.g., https://example.eu.auth0.com/.well-known/openid-configuration
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://gitlab.domain.de/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="https://netbird.domain.de"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="currently the gitlab Application ID"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="myemail@example.de"
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
NETBIRD_AUTH_REDIRECT_URI="/peers"
NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=netbird.domain.local
docker-compose.yml.tmpl:
version: "3"
services:
#UI dashboard
dashboard:
image: wiretrustee/dashboard:latest
restart: unless-stopped
ports:
- 80:80
- 443:443
environment:
- AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
- AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
- AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY
- USE_AUTH0=$NETBIRD_USE_AUTH0
- AUTH_SUPPORTED_SCOPES=openid profile email # because my gitlab only gives those 3
- NETBIRD_MGMT_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
- NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
- NGINX_SSL_PORT=443
- LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
- LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL
- AUTH_REDIRECT_URI=$NETBIRD_AUTH_REDIRECT_URI
- AUTH_SILENT_REDIRECT_URI=$NETBIRD_AUTH_SILENT_REDIRECT_URI
volumes:
- $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt/
# Signal
signal:
image: netbirdio/signal:latest
restart: unless-stopped
volumes:
- $SIGNAL_VOLUMENAME:/var/lib/netbird
ports:
- 10000:80
# # port and command for Let's Encrypt validation
# - 443:443
# command: ["--letsencrypt-domain", "$NETBIRD_DOMAIN", "--log-file", "console"]
# Management
management:
image: netbirdio/management:latest
restart: unless-stopped
depends_on:
- dashboard
volumes:
- $MGMT_VOLUMENAME:/var/lib/netbird
- $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt:ro
- ./management.json:/etc/netbird/management.json
ports:
- $NETBIRD_MGMT_API_PORT:443 #API port
# # command for Let's Encrypt validation without dashboard container
# command: ["--letsencrypt-domain", "$NETBIRD_DOMAIN", "--log-file", "console"]
command: ["--port", "443", "--log-file", "console", "--disable-anonymous-metrics=$NETBIRD_DISABLE_ANONYMOUS_METRICS", "--single-account-mode-domain=$NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN", "--dns-domain=$NETBIRD_MGMT_DNS_DOMAIN"]
# Coturn
coturn:
image: coturn/coturn
restart: unless-stopped
domainname: $NETBIRD_DOMAIN
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
# - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
# - ./cert.pem:/etc/coturn/certs/cert.pem:ro
network_mode: host
command:
- -c /etc/turnserver.conf
volumes:
$MGMT_VOLUMENAME:
$SIGNAL_VOLUMENAME:
$LETSENCRYPT_VOLUMENAME:
Is it a problem that there is no NETBIRD_TOKEN_SOURCE in the template file or the setup.env?
Yep, seems like you're still on an older tag and will require a git pull
to fetch the latest commits. NETBIRD_TOKEN_SOURCE
was added in https://github.com/netbirdio/netbird/commit/f14f34cf2bc6041030372c817dc797207edc7006, which was the v0.15.0
release.
What do i have to put as NETBIRD_TOKEN_SOURCE? My Gitlab instance gives me an "Application ID" and "Secret"
You need to set NETBIRD_TOKEN_SOURCE=idToken
in your compose. The only two option that it supports is idToken
and accessToken
.
Also make sure to pull the new docker images with docker compose pull
and run docker compose stop && docker compose up -d
to recreate the containers with the new image after setting the variable.
Im currently on no branch, which git branch am i supposed to use?
you could use the main branch, or if you're not willing to take the risk, you could pull the latest tag:
$ git fetch --tags
$ git checkout v0.16.0
I switched to the latest tag and redid my setup.env. Now the site behaves normal but i get a new error:
Request failed with status code 401. Please refresh the page if the issue continues. token invalid
Is that a problem with my setup.env?
## example file, you can copy this file to setup.env and update its values
##
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.domain.de"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://gitlab.domain.de/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="https://netbird.domain.de"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="gitlab application id"
# if you want to use a custom claim for the user ID instead of 'sub', set it here
# NETBIRD_AUTH_USER_ID_CLAIM=""
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid profile email"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=true
# if your IDP provider doesn't support fragmented URIs, configure custom
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
NETBIRD_AUTH_REDIRECT_URI="/peers"
NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="mail"
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=netbird.domain.local
I now changed my idp to keycloak and have new issues but thats for a new issue
Describe the problem After setting up netbird through docker with gitlab as an idp, the webui shows me this error on loading up: e.split(...)[1] is undefined
To Reproduce Steps to reproduce the behavior:
Expected behavior No error being displayed
Screenshots