-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't start setup or login behind nginx v1.7 (v1.6 works, but without subfolder) #109
Comments
+1 I'm upgrading from an existing setup with Steps to reproduce:On clicking Log in after entering the credentials, I'm greeted with the following:
URL in the address bar changes to: Steps to fix:Revert to v1.6 and log in works as expected NotesI did not change any configuration or environment variables since v1.6. Were there any breaking changes that we should have taken note? I did check the release notes but did not see any upgrade steps necessary. |
Hi. There were some small changes to cookies with this version, so perhaps that's the issue. Which browser are you using? |
It would be helpful if you could also post the logs from when you're trying to log in, but with |
I am using Brave Browser (Chromium Based). I will post logs later |
I'm using Chrome, unfortunately I won't be able to access my machine in the next few days so I can't help for now. |
docker-compose logs
It seems there is and environment variable IS_SETUP_ADMIN, I couldn't find in in the README.md docker-compose logs after trying to login with user in admin group (hopefully, dont know exactly)
|
IS_SETUP_ADMIN is an internal variable - you can't set it via environmental variables. The issue is that the cookies aren't being set. I'll look into this - I think it's because the cookie code was updated to use SameSite and there might be an issue with that when using HTTP. |
Brave blocks third_party cookies maybe it generates another cookie not for 10.8.0.1 (where it sits behind nginx proxy) |
I looked into this yesterday evening and was unable to replicate the issue. I tried with recent versions of Chrome and Chromium with various Same-Site cookie flags enabled and disabled, so I don't think the issue lies there. Could you try bypassing Nginx and connecting to the user manager directly? |
I can now confirm that it didn't work without nginx, even taking port 80 (with 10.8.0.1 as the ip). But it works without proxy with v1.6, login and setup and with proxy, but no subfolder (SERVER_PATH not working). The request comes to the container (can see with docker-compose logs the request, but under the SERVER_PATH given in the first message in this issue), but I get a not found message from nginx, so it doesn't give the correct response. So something was happening between v1.6 and v1.7 which enables correct path proxy service but breaks cookies. |
Could you try this Docker image: wheelybird/ldap-user-manager:oldcookies (amd64 only)? |
@wheelybird I tried it, it works (oldcookies) in subfolder with nginx proxy. It doesn't work with latest. |
here is the debug log
using v1.7 image in dockerhub, tried both chromium and firefox, seems the orf_cookie was sent by nginx? below is the error from setup page
|
Hi,
I am trying to use this project to get groups with memberof, but I can't start the setup, when I put in the admin password I am still at the same site and ?unauthorised is added to the URL.
The whole setup works with phpldapadmin and even with keycloak, but I would like the memberof state without writing for every group and .ldif file.
But I can't login via setup with this project. Hope somebody can help.
docker-compose.yml
Also I am using the following .ldif file (tried without, didn't work either).
argon.ldif
The whole is behind an nginx proxy:
nginx proxy config
Hopefully this output log can give some idea, to why it doesn't work:
docker-compose up output
Thanks in advance 👍🏼
The text was updated successfully, but these errors were encountered: