Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Looking for an explanation of all the available config options in warpgate.yaml #976

Closed
kekonn opened this issue Mar 29, 2024 · 1 comment
Closed

Looking for an explanation of all the available config options in warpgate.yaml #976

kekonn opened this issue Mar 29, 2024 · 1 comment

Comments

@kekonn
Copy link
Contributor

kekonn commented Mar 29, 2024

I can't find any documentation on the options available in warpgate.yaml and how to configure them.

I am trying to setup warpgate behind traefik but traefik is giving me a bad gateway error. The only thing I've changed after setup is settings trust_x_forwarded_headers to true because I found that in the reverse proxy wiki.

my warpgate.yaml

---
sso_providers: []
recordings:
  enable: true
  path: /data/recordings
external_host: ~
database_url: "sqlite:/data/db"
ssh:
  enable: true
  listen: "0.0.0.0:2222"
  keys: /data/ssh-keys
  host_key_verification: prompt
http:
  enable: true
  listen: "0.0.0.0:8888"
  certificate: /data/tls.certificate.pem
  key: /data/tls.key.pem
  trust_x_forwarded_headers: true
  session_max_age: 30m
  cookie_max_age: 1day
mysql:
  enable: true
  listen: "0.0.0.0:33306"
  certificate: /data/tls.certificate.pem
  key: /data/tls.key.pem
log:
  retention: 7days
  send_to: ~
config_provider: database

This is the service Traefik sees:
image

And this is the traefik access log line that is generated by me trying to access the admin console (with some obvious censoring to protect personal data):

{
    "ClientAddr": "0.0.0.0:41266",
    "ClientHost": "0.0.0.0",
    "ClientPort": "41266",
    "ClientUsername": "-",
    "DownstreamContentSize": 11,
    "DownstreamStatus": 502,
    "Duration": 3305500,
    "OriginContentSize": 11,
    "OriginDuration": 3066933,
    "OriginStatus": 502,
    "Overhead": 238567,
    "RequestAddr": "warpgate.mydomain.com",
    "RequestContentSize": 0,
    "RequestCount": 328,
    "RequestHost": "warpgate.mydomain",
    "RequestMethod": "GET",
    "RequestPath": "/@warpgate/admin",
    "RequestPort": "-",
    "RequestProtocol": "HTTP/2.0",
    "RequestScheme": "https",
    "RetryAttempts": 0,
    "RouterName": "warpgate@docker",
    "ServiceAddr": "172.18.0.6:8888",
    "ServiceName": "warpgate@docker",
    "ServiceURL": {
        "Scheme": "http",
        "Opaque": "",
        "User": null,
        "Host": "172.18.0.6:8888",
        "Path": "",
        "RawPath": "",
        "OmitHost": false,
        "ForceQuery": false,
        "RawQuery": "",
        "Fragment": "",
        "RawFragment": ""
    },
    "StartLocal": "2024-03-29T11:44:25.568328107Z",
    "StartUTC": "2024-03-29T11:44:25.568328107Z",
    "TLSCipher": "TLS_AES_128_GCM_SHA256",
    "TLSVersion": "1.3",
    "entryPointName": "https",
    "level": "info",
    "msg": "",
    "request_User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0",
    "time": "2024-03-29T11:44:25Z"
}
@kekonn
Copy link
Contributor Author

kekonn commented Mar 29, 2024

I fixed it. Traefik tries to access the downstream services trough http, by adding the following label to the warpgate container, it started working: traefik.http.services.warpgate.loadbalancer.server.scheme: https

@kekonn kekonn closed this as completed Mar 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kekonn