Login & steering/dashboard not working when using reverse proxy for HTTPS termination
Hi,
I installed aura-web
via docker-compose according to the docs. The init-db
step completed successfully. All containers come up successfully with docker-compose up
.
However, I cannot login into the aura-web instance.
Steps to reproduce
- Go to the AURA_HOST domain in a webbrowser, aura web loads as expected. click Login.
- Enter the django superuser username and password
- I'm redirected to a page where I can Accept or Decline the requested permissions. Click Accept.
Expected results
- Be redirected to aura-web admin interface
Actual results
- I'm redirected to
https://aura.rdlnet.de/steering/https://aura.rdlnet.de/oidc_callback.html#access_token=71..redacted..vWQw&token_type=bearer&expires_in=3600&state=514815d66cba42d78e86a94a5dfc30de
- Browser page says
Not found
- Browser console is empty
Setup
- Install aura-web via docker-compose according to the docs on a fresh VM running Debian 11
- No docker-compose.override.yml in use
- External reverse proxy (Caddy) does HTTPS termination and forwards the domain setup in AURA_HOST to port 80 of the VM.
- From the
sample.env
I changed all passwords, set OIDC client IDs and secrets and setAURA_HOST
to the domain setup in the external reverse proxy,AURA_PROTO=https
andRUN_CERTBOT=false
.
docker-compose.yml:
unchanged at revision 75970c8f5b641beb72cb6b75710eb108b643fd78
(May 2, 2022)
no docker-compose.override.yml
Browser console:
empty
docker-compose logs:
dashboard | 10.23.1.104 - - [03/May/2022:10:55:09 +0200] "POST /steering/admin/login/?next=/openid/authorize%3Fclient_id%3D10002%26redirect_uri%3Dhttps%253A%252F%2
52Faura.rdlnet.de%252Foidc_callback.html%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520email%2520username%2520aura_shows%26state%3D514815d66cba42d78e8
6a94a5dfc30de%26nonce%3D1a0b0b657a87492cadc4a3ce3733f5e2 HTTP/1.1" 302 0 "https://aura.rdlnet.de/steering/admin/login/?next=/openid/authorize%3Fclient_id%3D10002%26redirect_u
ri%3Dhttps%253A%252F%252Faura.rdlnet.de%252Foidc_callback.html%26response_type%3Did_token%2520token%26scope%3Dopenid%2520profile%2520email%2520username%2520aura_shows%26state
%3D514815d66cba42d78e86a94a5dfc30de%26nonce%3D1a0b0b657a87492cadc4a3ce3733f5e2" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183"
dashboard | 10.23.1.104 - - [03/May/2022:10:55:10 +0200] "GET /steering/openid/authorize?client_id=10002&redirect_uri=https%3A%2F%2Faura.rdlnet.de%2Foidc_callback.
html&response_type=id_token%20token&scope=openid%20profile%20email%20username%20aura_shows&state=514815d66cba42d78e86a94a5dfc30de&nonce=1a0b0b657a87492cadc4a3ce3733f5e2 HTTP/
1.1" 200 1370 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183"
dashboard | 10.23.1.104 - - [03/May/2022:10:55:10 +0200] "GET /favicon.ico HTTP/1.1" 200 15086 "https://aura.rdlnet.de/steering/openid/authorize?client_id=10002&re
direct_uri=https%3A%2F%2Faura.rdlnet.de%2Foidc_callback.html&response_type=id_token%20token&scope=openid%20profile%20email%20username%20aura_shows&state=514815d66cba42d78e86a
94a5dfc30de&nonce=1a0b0b657a87492cadc4a3ce3733f5e2" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183"
dashboard | 10.23.1.104 - - [03/May/2022:10:55:15 +0200] "POST /steering/openid/authorize HTTP/1.1" 302 0 "https://aura.rdlnet.de/steering/openid/authorize?client_
id=10002&redirect_uri=https%3A%2F%2Faura.rdlnet.de%2Foidc_callback.html&response_type=id_token%20token&scope=openid%20profile%20email%20username%20aura_shows&state=514815d66c
ba42d78e86a94a5dfc30de&nonce=1a0b0b657a87492cadc4a3ce3733f5e2" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183"
steering | WARNING:django.request:Not Found: /https:/aura.rdlnet.de/oidc_callback.html
dashboard | 10.23.1.104 - - [03/May/2022:10:55:15 +0200] "GET /steering/https://aura.rdlnet.de/oidc_callback.html HTTP/1.1" 404 190 "-" "Mozilla/5.0 (X11; Linux x8
6_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183"
dashboard | 10.23.1.104 - - [03/May/2022:10:55:15 +0200] "GET /favicon.ico HTTP/1.1" 200 15086 "https://aura.rdlnet.de/steering/https://aura.rdlnet.de/oidc_callbac
k.html" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0" "109.192.195.183
.env
:
STEERING_DB_PASS=_redacted_
STEERING_DB_USER=steering
STEERING_DB_NAME=steering
STEERING_SECRET_KEY=_redacted_
DJANGO_SUPERUSER_USERNAME=admin
DJANGO_SUPERUSER_PASSWORD=_redacted_
DJANGO_SUPERUSER_EMAIL=technik@rdl.de
TANK_DB_PASS=_redacted_
TANK_DB_USER=tank
TANK_DB_NAME=tank
TANK_OIDC_CLIENT_ID=100001
TANK_OIDC_CLIENT_SECRET=_redacted_
ENGINE_SECRET=_redacted_
TANK_CALLBACK_BASE_URL=
DASHBOARD_OIDC_CLIENT_ID=10002
DASHBOARD_OIDC_CLIENT_SECRET=_redacted_
DASHBOARD_CALLBACK_BASE_URL=
AURA_HOST=aura.rdlnet.de
CERTBOT_EMAIL=
AURA_PROTO=https
RUN_CERTBOT=false
TIMEZONE=Europe/Vienna
STEERING_VERSION=unstable
TANK_VERSION=unstable
DASHBOARD_VERSION=unstable
DASHBOARD_CLOCK_VERSION=unstable
Edited by Franz