I trying to mount a docker-compose stack with a mariadb and proxysql and all works fine. When i navigate to https://172.25.0.174:6080/ (the VM that holds docker stack), the browser shows the ProxySQL Web UI. On top of this stack, i mount another VM with HAProxy not using docker at all. This last VM routes requests across several other services. All works fine, but ProxySQl Web UI. When i navigate to admin.testdomain.com/proxysql (HAProxy route this address to 172.25.0.174:6080), the browser ask me for the authentication, but then a 404 Not Found error is thrown.
It seems that the problem is the digest auth that ProxySQL Web UI uses. I tried many config options on the HAProxy side, but no one seems to work.
Anybody can help me, please?
Related
I have a docker image running instance of Apache Superset and some other services on the same VM. The other services are setup and deployed independently from the Superset app. What I would like to do is to be able to redirect via url from the Superset app into the other apps. Obviously simply passing url will redirect me inside the container.
The optimal solution would not require me to include the other services into docker container and also allow for some cross service authentication.
I'm not sure how to approach this.
Please help.
I'm working on moving our Geoserver 2.15.4 instance behind a Spring Cloud Gateway instance. These are all running in a standalone Docker instance on a local server. I've been able to get the requests for map data working fine. However the Admin interface is not functioning correctly. I can bring up the login page, but when I try to log in, it's not maintaining the route from the reverse proxy.
So instead of POSTing to https://HOST/geoserver-admin/xxxx, it's going to https://HOST/xxxx, which is failing.
My assumption is that I'll be able to pick up the X-Forwarded-* headers from the proxy, but what I can't figure out is how to update Tomcat and/or Geoserver configuration to pick up these headers.
Thanks!
I deployed an application (let's say app1) in GKE with a service, deployment and certificate setup in an existing cluster with Jenkins and another app (let's say app2).
The other app is deployed in the same way as the new one, with a certificate (and a static IP and DNS entry).
Jenkins is not exposed to an external IP, so I used to use the port forward option in the cloud console and then web preview - this creates an appspot URL which alloww me to login to the web admin.
Something strange happened after I deployed app2.
I tested it with the webpreview button and could reach it.
All was fine and it was accessible at the new URL with HTTPS and all.
But after that, the web preview to Jenkins was not working anymore.
Instead, I would be redirected to app2, always.
I could not figure out why, so I removed everything from app2 and now I have some very strange situation:
in the (Chrome) browser where I did most of the actions, I can still access the (broken) app on both the FQDN in DNS and on the appspot link ( https://8080-dot-1234567-dot-devshell.appspot.com/ even after I reboot, clear cache and logout the google account (and removed the statis IP even) - the port forward actions works and gives the above link (with other numbers)
in another (Chromium) browser on the same laptop running Ubuntu, the portford action works, but when clicking the link in the browser it does not generate another appsot url and fails with a 500 error screen
After reading up a bit, I understand there is some proxy that is used to do the forward, I expect the proxy to be 'hanging' some how and on top of that it seems there are application left overs in the cluster that should really not be there
I have basic support currently, so not eligable for technical support.
I cannot find a manual way to access the appspot proxy and I found no load balancer or any other thing I know of that may cause this.
If I run the portfoward in the cloud shell in the second browser, I can curl to the localhost on the exposed port and get Jenkins, so that part seems to work, but the web preview then does not.
How can I go about troubleshooting this (meaning getting back to the web preview working for Jenkins and getting rid of the application left overs)?
I actually found the cause of this issue with the help of a colleague.
The second application I deployed was Yopass.
It turned out that it uses a serviceworker, that cached (almost) everything in the browser, including most of the application, I suppose to run offline.
Although I tried clearing cache in the network tab in developer options, I still had this behaviour which made me think it was not a cache issue.
After removing all cache in the applications tab for both the FQDN url and the appspot domain, behavior went back to normal.
I was not able to fix it in the other browser yet, but I suppose that is cache too. Thanks for the help, I consider this solved.
I'm having an issue getting Traefik to proxy applications that are secured using Integrated Windows Authentication (IWA). When the content being served is simply an IIS virtual directory secured with IWA there is no problem. However, when it is a .NET Core application or MVC application or even just a simple Default.aspx page and IWA is enabled I continually get prompted for my credentials (never being accepted). See below for my configuration:
Traefik Configuration:
# ns-ws
[frontends.ns_ws]
passHostHeader=true
entrypoints=["http","https"]
backend = "ns_ws"
[frontends.ns_ws.routes.match_all]
rule = "Host:ns-ws.example.com"
[backends.ns_ws]
# ns-ws
[backends.ns_ws.loadbalancer.stickiness]
[backends.ns_ws.servers.server1]
url = "http://x.x.x.x:80"
I've played with removing pass host headers and stickiness, but no luck.
Seems like the original request makes it through because I do not get an unauthenticated error message from IIS for the page, but most subsequent requests to the server will return a 401 (seems sporadic).
Example Image:
I've tried changing the "authPersistNonNTLM" option in IIS, as described here: https://boyan.io/kerberos-load-balancers/ (with no luck)
I realize this is a very stale issue but in case this helps others.
I can confirm that Windows Integrated authentication works successfully with Traefik 2.x using a TCP as opposed to HTTP router with successful logins proven on Windows/Mac using Safari/Chrome/IE.
Note that when testing it is important to ensure you have cleared cookie caches or you can get unpredictable results due to prior login attempts on non-working configurations you may have attempted. Indeed I experienced something similar to your described behavior with repeated unexplained login prompts until I reset my browser.
In our configuration we have a mixed-OS docker Swarm (Linux/Windows) with Traefik operating on Linux and sending requests straight to back-end Windows-containers running on Windows swarm nodes.
If you have configured your Windows app and containers correctly I can confirm that from:
A domain-joined machine you will get straight through login to Windows back-end containers using the domain-joined machine's Kerberos credentials
A non-domain-joined machine connection will downgrade to Windows NTLM authentication and prompt for Windows authentication credentials.
From a Traefik configuration perspective our docker containers have labels like this:
- "traefik.tcp.routers.dotnet-tcpexample.entrypoints=websecure"
- "traefik.tcp.routers.dotnet-tcpexample.tls=true"
- "traefik.tcp.routers.dotnet-tcpexample.tls.options=default"
- "traefik.tcp.routers.dotnet-tcpexample.rule=HostSNI(`windows.foo.bar`)"
- "traefik.tcp.routers.dotnet-tcpexample.tls.passthrough=true"
- "traefik.tcp.routers.dotnet-tcpexample.service=dotnet-tcpexample"
- "traefik.tcp.services.dotnet-tcpexample.loadbalancer.server.port=443"
Note that configuring containers for Windows integrated authentication in itself is non-trivial but documented here.
I have been trying to deploy a product version of my django application. For that, I have been informed that I must follow the following tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-14-04
to setup and run my application on nginx server using gunicorn. I followed all the steps and everything went fine. But in the end of this tutorial it says that:
If no errors are reported, go ahead and restart Nginx by typing:
sudo service nginx restart
You should now be able to go to your
server's domain or IP address to view your application.
but when I go to my ip address, I see the default nginx page. Screen shot here:
screenshot
Can anyone advise, what can I do to see my actual website from here by visiting my ip address in browser?
Try restarting gunicorn service also. I would suggest using automated deployment methodology rather than manually doing it, like dokku, mina etc.