Comments (7)
The "RemoteAddr" is read directly from the request, so this would be the expected behaviour: https://github.com/thomseddon/traefik-forward-auth/blob/master/main.go#L23
Perhaps this could be improved in this scenario!
I want to test this with kubernetes a bit more, so this would be one to look at whilst that's being done.
from traefik-forward-auth.
I've just pushed a commit that should fix this: f1ba9b5
I will tag and release this next week :)
from traefik-forward-auth.
This is included in v2 which has been released today
from traefik-forward-auth.
I can actually use docker-compose-dev.yml
to reproduce this issue.
- create OAuth API, configure
http://localhost:8085/_oauth
- update the
traefik-forward-auth
env setup docker-compose -f docker-compose-dev.yml up
- update virtual host and access
http://localhost:8085
I can always see
traefik-forward-auth_1 | time="2019-04-16T03:27:53Z" level=error msg="Invalid cookie: Invalid cookie mac" RemoteAddr="172.19.0.3:47630"
from traefik-forward-auth.
http request headers would be like below:
Cookie: _ga=GA1.1.1551400415.1547069710; _forward_auth=05Kj15XruH2T1MNGSDJ62KCfujj3is2WnGaLb5h2usM=|1555425295|[email protected]
Host: whoami.localhost.com
from traefik-forward-auth.
I turned on the DEBUG log:
traefik_1 | time="2019-04-16T03:45:22Z" level=debug msg="Creating server server-example-whoami2-1-d0bbe061a5e0438aae1a72e9084b9114 at http://172.19.0.2:80 with weight 1"
traefik_1 | time="2019-04-16T03:45:22Z" level=debug msg="Creating route route-frontend-Host-whoami-localhost-org-1 Host:whoami.localhost.org"
traefik_1 | time="2019-04-16T03:45:22Z" level=info msg="Server configuration reloaded on :80"
traefik_1 | time="2019-04-16T03:45:22Z" level=info msg="Server configuration reloaded on :8080"
traefik-forward-auth_1 | time="2019-04-16T03:45:33Z" level=error msg="Invalid cookie: Invalid cookie mac" RemoteAddr="172.19.0.5:50662"
traefik_1 | time="2019-04-16T03:45:33Z" level=debug msg="Remote error http://traefik-forward-auth:4181. StatusCode: 401"
from traefik-forward-auth.
Now I comment out the lines:
# [entryPoints.http.auth.forward]
# address = "http://traefik-forward-auth:4181"
# authResponseHeaders = ["X-Forwarded-User"]
Seems working for my favor now.
from traefik-forward-auth.
Related Issues (20)
- Use docker secrets for environment variables HOT 2
- Feature request: Pull information about groups of user HOT 1
- How to check for token revocation?
- Safe deployment HOT 1
- multiple whitelist users in rules doesn't work HOT 1
- go-compiler Multiple Vulnerabilities
- whitelist rule not working with arm64 images or images <= 2.2
- Invalid Cookie should point to a recoverable state
- oidc: issuer did not match the issuer returned by provider HOT 2
- oidc: id token signed with unsupported algorithm, expected ["RS256"] got "ES384" HOT 2
- 404 not found after Successful Sign in HOT 2
- Endless loop when using OIDC (cognito) as provider ERR_TOO_MANY_REDIRECTS HOT 3
- Missing Binary Files (and Instructions)
- Device code flow support
- Whitelist is case sensitive
- Getting this error when trying to install via truecharts HOT 1
- Trim the whitelisted emails
- Dockerfile not working anymore and no dockerhub update HOT 1
- Whitelist requester's IP CIDR HOT 1
- Trusted IP's broken...?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-forward-auth.