Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: could not be resolved (3: Host not found) - subrequest: "/_external-auth-Lw-Prefix" #920

Closed
mafi81 opened this issue Nov 16, 2020 · 2 comments
Closed

Error: could not be resolved (3: Host not found) - subrequest: "/_external-auth-Lw-Prefix" #920

mafi81 opened this issue Nov 16, 2020 · 2 comments

Comments

@mafi81
Copy link

mafi81 commented Nov 16, 2020

Description:
customized Ingress resource in Kubernetes to get into Github login process for a backend web application reachable from https://site.example.com

Nginx pod logs:

2020/11/16 11:18:13 [error] 36#36: *200 site.example.com could not be resolved (3: Host not found), client: 192.168.1.246, server: site.example.com, request: "GET / HTTP/2.0", subrequest: "/_external-auth-Lw-Prefix", host: "site.example.com"
2020/11/16 11:18:13 [error] 36#36: *200 auth request unexpected status: 502 while sending to client, client: 192.168.1.246, server: site.example.com, request: "GET / HTTP/2.0", host: "site.example.com"

local Environment:

  • VitualBox
  • NGINX Ingress controller
    Release: v0.41.2
    Build: d8a93551e6e5798fc4af3eb910cef62ecddc8938
    Repository: https://github.com/kubernetes/ingress-nginx
    nginx version: nginx/1.19.4
  • oauth2 image: quay.io/oauth2-proxy/oauth2-proxy

Ingress manifest:

apiVersion: extensions/v1beta1
kind: Ingress 
metadata:
  name: ingress
  namespace: web
  annotations:
     nginx.ingress.kubernetes.io/auth-response-headers: Authorization
     nginx.ingress.kubernetes.io/auth-url: http://$host/oauth2/auth
     nginx.ingress.kubernetes.io/auth-signin: https://$host/start?rd=$escaped_request_uri
     nginx.ingress.kubernetes.io/configuration-snippet: |
       auth_request_set $name_upstream_1 $upstream_cookie__oauth2_proxy_1;
       access_by_lua_block {
         if ngx.var.name_upstream_1 ~= "" then
           ngx.header["Set-Cookie"] = "_oauth2_proxy_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
         end
       }

spec:
  ingressClassName: nginx-oauth
  rules:
  - host: site.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: web-service
          servicePort: 8080

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: oauth2-proxy
  namespace: web
spec:
  ingressClassName: nginx-oauth
  rules:
  - host: site.example.com
    http:
      paths:
      - backend:
          serviceName: oauth2-proxy
          servicePort: 4180
        path: /oauth2
  tls:
  - hosts:
    - site.example.com
    secretName: tls
@mafi81 mafi81 closed this as completed Nov 16, 2020
@mafi81
Copy link
Author

mafi81 commented Nov 16, 2020

with these adjustments now works:

 nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.web.svc.cluster.local:4180/oauth2/auth
 nginx.ingress.kubernetes.io/auth-signin: https://site.example.com/oauth2/start?rd=$request_uri

@georgejdli
Copy link

Does anyone know why nginx is not able to resolve "http://$host/oauth2/auth" from within the cluster? Is there a config I need to add to make it work or am I stick using the local service DNS name?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@georgejdli @mafi81