Using docker as backend and traefik as proxy, I'm using this label, under the service in docker-compose.yml
traefik.enable=true
traefik.frontend.rule=Host:sub.example.com
traefik.backend.port=80
traefik.docker.network=http_network
How to allow our user, to be able use their domain or subdomain by using CNAME redirect, such as
sub.usera.com CNAME sub.example.com
I already make my web app to handle the host redirect. But i can't get it work. It always resulting to "404 page not found", but the request never passed through our apps. The traefik log also resulting in 404 because it doesn't contain frontend rule of sub.usera.com. Does it mean, it not possible to serve a CNAME redirection using traefik?
change frontend.rule into traefik.frontend.rule=Host:sub.example.com,sub.usera.com
Related
I can't seem to figure out if this is common practice or not, but I want to create a website (Running on a container) and then have traffic forwarded to the website from a wildcard on my domain, I want to secure it and use Nginx Proxy Manager and Let's Encrypt to manage the certificate.
Do I keep the website running on my internal server as just HTTP:80 and redirect traffic to to via Nginx? My current site is just a serverside Blazor webapp.
I've seen other people do this, but it makes me wonder if that is indeed secure, at some point between Nginx and the internal server it is not encrypted. Is my understanding correct?
I imagine it looks something like this:
Client connects securely to Nginx Proxy Manager (HTTPS)
Nginx Proxy Manager then decrypts and forwards to the Internal Website (HTTP)
Is my understanding correct?
Is this common practice, or is there a better way to achieve what I want?
first time using docker and nginx reverse proxy.
Setup
Dockerized front with Vuejs behind localhost:4200
Dockerized back with Symfony behind a dockerized nginx on localhost:80
Trouble
Every time I add a cookie to the response, the Set-Cookie get ignored by the front.
Telling me:
This Set-Cookie was blocked because its Domain attribute was invalid with regards to the current host url.
What I tried
Add different domain to the cookie config.
Add a new header within nginx.
As I said, I m new with this setup, can't figure if the problem come from nginx or the cookie config.
Edit: It actually work fine with postman.
I'm running Airflow 1.10.10 with latest Flask AppBuilder.
I've setup the webserver_config.py to use the AUTH_OAUTH as AUTH_TYPE and set up my provider appropriately. I've allowed my domain name as Authorized URI on the Google Console and that works as well. I've also set up registration on logging with role Admin.
When I click login, I get redirected to choose my G profile. So far, so good.
I click my profile and it redirects me to 127.0.0.1:8080. Obviously I don't have this address in Authorized URI's so it fails there. If I allow it, it's basically useless, because it redirects successfully ... to 127.0.0.1:8080 .. there's nothing there! Airflow is not hosted on my machine.
I've set base_url in airflow.cfg to the full domain name, web_server_host/port is 127.0.0.1/8080, but that shouldn't be the problem. What's the deal?
It turns out I was missing X-Forwarded-Host: <my.domain.com> in my nginx configuration. You should also add X-Forwarded-Proto: https if you want to be redirected to https.
I have setup a CAS server at 172.16.238.10 that generally works with the CAS protocol. However, for OAuth2 there is a strange redirection behavior:
REQ: https://172.16.238.10:8443/ooscas/oauth2.0/authorize
RESP: 302, Location: https://localhost:8443/ooscas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fooscas%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient
Never mind the service and client_name parameters for this staged example, but my question is about the hostname:
Where does the "localhost" come from? How can I configure that to be something else?
In a real OAuth2 webflow localhost will simply not work, even if 172.16.238.10 happens to be localhost. The reason is that by posting the login form to localhost, the CAS server then redirects to itself using localhost (https://localhost:8443/oauth2.0/callbackAuthorize) and that will lead to an internal SSL handshake error, because the server's certificate is not valid for localhost.
Most likely, you need to define the following:
cas.server.name=
cas.server.prefix=${cas.server.name}/cas
You're referencing the prefix in your setup, but its definition seems absent. If you fail to do that, default values take place.
PS Always specify the CAS version in your posts.
I lauched docker container using Rancher 2 and when i click on its URL it takes me to http://xx.xxx.xxx.xx:32000
But i would like is : it takes me to directly to https://xx.xxx.xxx.xx:32000 (https instead of http).
How can i do that ?
Any help would appriciated!
Since I see 32000 in the URL, I am assuming you had used NodePort to expose your application. If you are using Rancher 2.x, you would be able to take advantage of Ingress. You can expose your app using port 433 by providing your SSL certificates and the ingress controller automatically does the redirect for you. This is similar behavior provided by Load Balancers in various cloud providers.
If you want to do it in your app, you should be able to add logic in your http/https action handler code where you can do a redirect from http to https.