i am currently hosting dashmachine on kubernetes using istio with mtls and pomerium as an authentication gateway. when i navigate to external host of dashmachine.somedomain.com, i am not authenticated with dashmachine so a redirect is issued but the location header is set to the internal hostname of the app which is dashmachine.self-hosted:5000/unauthorized which is not accessible from client.
:authority: dashmachine.somedomain.com
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: <redacted>
dnt: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36
i've using an identical configuration for many other apps which issue redirects which i presume rely on the host/authority header when issuing redirects.
another solution to this would be some kind of environment variable such as EXTERNAL_HOST to take care of this issue.
i am currently hosting dashmachine on kubernetes using istio with mtls and pomerium as an authentication gateway. when i navigate to external host of
dashmachine.somedomain.com, i am not authenticated with dashmachine so a redirect is issued but the location header is set to the internal hostname of the app which isdashmachine.self-hosted:5000/unauthorizedwhich is not accessible from client.high level overview of ingress:
response headers when accessing dashmachine.somedomain.com (302 code to redirect to login prompt)
request headers:
i've using an identical configuration for many other apps which issue redirects which i presume rely on the host/authority header when issuing redirects.
another solution to this would be some kind of environment variable such as
EXTERNAL_HOSTto take care of this issue.