-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trouble deploying, Message=Instance not found #4452
Comments
Forgot to include the annotations on my ingress: nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/configuration-snippet: |
grpc_set_header Host $host;
proxy_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;
grpc_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port; |
hi @samjaninf The What response do you get when calling the endpoint external.domain/.well-known/openid-configuration |
Hey @fforootd, that's for looking into this. I get the same message about an instance not found. Could it be that it's missing the regular Host header? |
It looks like you set the nginx config correctly, but can you please verify it is like this?
Other then that please give me the result of the call to external.domain/.well-known/openid-configuration In its response you should see what gets forwarded to zitadel. |
With what client are you testing? Curl or a browser? |
Both. I tried with curl and with my browsers. Opera, Vivaldi, Firefox. The gives me the same message as the browser. |
Ok good to know because curl does not send the host headers 😁 Still I am not sure why its not working in your setup. Can you check the configmap created in the zitadel namespace that it actually includes the externaldomain |
An additional thing you can do is check the nginx logs if they show what endpoint is being contacted as upstream. |
What happens if you access ZITADEL inside your cluster with curl while setting the proper host header? I want to verify if the nginx or zitadel is broken 😁 An other thing you can try is to delete the whole helm chart and reapply it once more. |
Hi @samjaninf please reopen this issue if you have additional questions |
Following your instructions : ID=QUERY-n0wng Message=Instance non trouvée |
If anyone else stumbles accross this, specifying |
Hm @livio-a does there exist a need for this, looks to me like a bug. |
Any updates on this? |
Generally zitadel works well on k8s and nginx and I think it should too on k3s. would you mind sharing your config? |
any solution for this? please help in share the config |
Happy to assist, please share your config. Btw. the best place to search/discuss this is our discord server |
Hello, I am using below configs. A single ZITADEL instance always needs the same 32 characters long masterkey Run the database and application containers Biggest Problems: I am running it on a vm running on proxmox, when I access using localhost it's only accessible on that system only. When I set ExternalDomain: to IP of host then only I can see login page, In actual its trying to open login page but not able to. Trying to Achieve: |
You need to set the externaldomain parameter and the tls mode according to your setup. So in your case the tlmode should be You can find more about this here https://zitadel.com/docs/self-hosting/manage/custom-domain and here https://zitadel.com/docs/self-hosting/manage/tls_modes |
Hello
Thanks for you reply.
I want to expose port to host IP rather on localhost then using nginx proxy
which running on another host to http_proxy pass to zitadel host, which is
not working.
If I do so it says not host found. I tried using tlsmode to external
without encryption and it did not work.
Please on it.
Regards
Dev
…On Mon, 25 Sep 2023 at 12:52 AM, Florian Forster ***@***.***> wrote:
any solution for this? please help in share the config
Happy to assist, please share your config.
Btw. the best place to search/discuss this is our discord server
<https://zitadel.com/chat>
Hello, *I am using below configs.*
wget
https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/docker-compose.yaml
wget
https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-config.yaml
wget
https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-secrets.yaml
wget
https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/configure/example-zitadel-init-steps.yaml
A single ZITADEL instance always needs the same 32 characters long
masterkey If you haven't done so already, you can generate a new one For
example: export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head
-c 32)"
Run the database and application containers docker-compose up --detach
*Biggest Problems:* I am running it on a vm running on proxmox, when I
access using localhost it's only accessible on that system only. When I set
ExternalDomain: to IP of host then only I can see login page, In actual its
trying to open login page but not able to. When I tried multiple times then
my host browser started giving error redirect_uri is http but not allowed
contact administrator..... Not sure what's happening
*Trying to Achieve:* I want to access this URL via proxy which can pass
url to host IP where zzitadel is running.
You need to set the externaldomain parameter and the tls mode according to
your setup.
So in your case the tlmode should be external since your proxy can
provide https and the externaldomain should be set to the domain that
terminates on the proxy.
You can find more about this here
https://zitadel.com/docs/self-hosting/manage/custom-domain
—
Reply to this email directly, view it on GitHub
<#4452 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKX2CMGMT56OFQ2G7LSKSRTX4EZ2TANCNFSM6AAAAAAQURKN5M>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I your case I guess you need to set the externaldomain and externalport to whatever is facing the clients who access zitadel. I.e login.mydomain.com:443. This assumes you terminate your external traffic on a proxy which then forwards it to zitadel. I recommend that you join our chat at https://zitadel.com/chat to deal with this issue, or that we open a new issue/discussion to track this. |
Just to tack on to this...using the provided default docker compose and config files does not solve this issue. Even when specifying the ExternalDomain variable. Thought I'd give Zitaldel a go but the initial setup just seems cumbersome. No need to open a separate issue when the issue is the same for everyone it seems. |
Thanks for understanding my point.
Regards
Dev
…On Sun, 22 Oct 2023 at 10:24 AM, Mailstorm-ctrl ***@***.***> wrote:
Just to tack on to this...using the provided default docker compose and
config files does not solve this issue. Even when specifying the
ExternalDomain variable. Thought I'd give Zitaldel a go but the initial
setup just seems cumbersome.
No need to open a separate issue when the issue is the same for everyone
it seems.
—
Reply to this email directly, view it on GitHub
<#4452 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKX2CMDC7LDXGUOPSIZJSS3YAVJDJAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZUGE2TAOJWGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Hello
Please inform when you have fix for this or new release with fix.
Regards
Dev
…On Tue, 24 Oct 2023 at 6:38 AM, D.S. Dahiya ***@***.***> wrote:
Thanks for understanding my point.
Regards
Dev
On Sun, 22 Oct 2023 at 10:24 AM, Mailstorm-ctrl ***@***.***>
wrote:
> Just to tack on to this...using the provided default docker compose and
> config files does not solve this issue. Even when specifying the
> ExternalDomain variable. Thought I'd give Zitaldel a go but the initial
> setup just seems cumbersome.
>
> No need to open a separate issue when the issue is the same for everyone
> it seems.
>
> —
> Reply to this email directly, view it on GitHub
> <#4452 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AKX2CMDC7LDXGUOPSIZJSS3YAVJDJAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZUGE2TAOJWGQ>
> .
> You are receiving this because you commented.Message ID:
> ***@***.***>
>
|
We are working on a solution to make that process easier in the current sprint: |
Hi! the launch of my product will been very soon. I am thinking try zitadel although i use keycloak in other projects. I tried zitadel with nginx but always give me the message "not found". Unfortunately for lack of time i will give up of zitadel. I tried on my localhost and seems to be a great product, but fails when i want used for production. I dont need k8, and i only want one host configured to production. Continue the great work, but you loose many people because its very costly go to production. |
Thanks for this input. We agree that the whole "mapping" domains to make it work is not optimal and needs to be eased up for people who run just "one" zitadel. Having that feature mostly plays an important role for our cloud service 😁 In nginx this usually fixes the issue:
|
Hello
Thanks for your suggestion, but it’s not working.
As my zita is on another host or behind the proxy.
When I set proxy to pass to zita host it’s not accessible.
Regards
Dev
…On Thu, 2 Nov 2023 at 12:53 PM, Florian Forster ***@***.***> wrote:
We are working on a solution to make that process easier in the current
sprint: #5395 <#5395>
Hi! the launch of my product will been very soon. I am thinking try
zitadel although i use keycloak in other projects. I tried zitadel with
nginx but always give me the message "not found". Unfortunately for lack of
time i will give up of zitadel. I tried on my localhost and seems to be a
great product, but fails when i want used for production. I dont need k8,
and i only want one host configured to production. Continue the great work,
but you loose many people because its very costly go to production.
Thanks for this input.
We agree that the whole "mapping" domains to make it work is not optimal
and needs to be eased up for people who run just "one" zitadel.
Having that feature mostly plays an important role for our cloud service 😁
In nginx this usually fixes the issue:
location / {
grpc_pass grpc://localhost:8080;
grpc_set_header Host $host;
}
—
Reply to this email directly, view it on GitHub
<#4452 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKX2CMBAOWITYZRMJCLM2ILYCP24VAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJRGQ2TENZQHE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Can you share your proxy config? |
Hello, I have installed zitadel on EKS, using https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml, I get ID=QUERY-n0wng Message=Instance not found, I have tried externalSecure and externalDomain as suggested in the documentation, still getting the same error. I have created loadBalancer service type in EKS, when I hit LB url it gives me instance not found error, do anyone have a solution for it?. I have also installed zitadel on ec2 with docker-compose given in the documentation, when I try to access the public IP of the instance with the port number, I get the above same error. Please help! Thanks. |
I also faced the same problem, it only works if you are on local host. But
if instance is behind any lb or proxy it will not work. Will give all error
which you faced.
So you have to directly access it on your domain or ip of the host having
zitadel
A security flaw if exposing directly without a proxy
Regards
Dev
…On Tue, 7 Nov 2023 at 9:53 PM, Muzammil ***@***.***> wrote:
Hello,
I have installed zitadel on EKS, using
https://github.com/zitadel/zitadel-charts/blob/main/examples/3-cockroach-insecure/zitadel-values.yaml,
I get ID=QUERY-n0wng Message=Instance not found, I have tried
externalSecure and externalDomain as suggested in the documentation, still
getting the same error. I have created loadBalancer service type in EKS,
when I hit LB url it give me instance not found error, do anyone have the
solution for it?.
Thanks.
—
Reply to this email directly, view it on GitHub
<#4452 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKX2CMAOZE2J22GBHLSR2QTYDMM4DAVCNFSM6AAAAAAQURKN5OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRGEZTOMJVG4>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Thanks for your reply. I can understand for EKS, but for EC2, I am trying to access zitadel directly through public IP of the EC2 instance, but still getting the instance not found error, any pointers on this? Thanks. |
Have you tried setting the "externaldomain" config of zitadel to your IP? |
So below is the docker-compose.yaml I used services: crdb: networks: """ So now when I hit the host IP, I am able to access zitadel but not completely, I have attached the screenshot for reference. |
If you set "externalsecure" to false and "--tlsmode disabled" it should work |
I tried the above configuration (in docker compose) and here are my findings :
I had another service running on 8080 and I had to change it's external port # to something other than 8080 and then I was able to bring up Zitadel's console login page. I believe this is a bug - if the option is there to listen on custom port and be able to use docker to redirect ports - it should work - I think the code is expecting everything to be configured for 8080. That is not how other services I have deployed work. |
That is great to hear 🚀
Hm this is weird though, what was the redirect uri like when you set this? |
Hey all, was deploying this to see if it would be a good fit for out infrastructure and came up with an issue. I deployed it to kubernetes using the help chart and copied the values.yaml and modified it.
This is my values.yaml:
Now trying to go to the external.domain/ui/console specified under ExternalDomain gives me a
ID=QUERY-n0wng Message=Instance not found
Error in browser. And a 404 without the/ui/console
part.Not sure how to troubleshoot this. No errors are raised in the logs for the pod/container. I did get the proper UI to load before when I was trying it out on non-https mode.
Also, the documentation is slightly skewed in three places from my perusal. In some places some of the values go in the configMap but it other places the same keys are using in the secretConfig instead.
The second place is that the documentation makes mention of a FirstInstance key, but the actual defaults file at: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml puts that information in the DefaultInstance key.
And the last place is that the documentation states: For more configuration options, go to the chart repo descriptions. with a link to the repo, but the repo only links you back to a different page of the docs which again, tells you that configuration details are described in the repo.
Don't know if this was by intent but seems to just be a circular loop that doesn't contain any detailed info for production deployment.
The text was updated successfully, but these errors were encountered: