RE: Error 403 with Nginx in front

Think I'm hitting the same issue with 1.41.3

Login page loads and if I enter valid credentials it appears to login but redirects to a blank page with the path /oauth2/authorize. At a glance, it appears that headers are not being passed correctly.

We are using a comparatively simple setup: Fusionauth + Nginx in a single docker image. Our nginx config:

server {
    listen 8443 ssl;
    listen [::]:8443 ssl;
    server_name _;

    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;

    access_log            /var/log/nginx/access.log;

    proxy_set_header        X-Forwarded-Proto https;
    proxy_set_header        X-Forwarded-Port 8443;
    proxy_set_header        X-Forwarded-Host $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        Accept-Encoding "";

    location / {
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:9011/;
    }
}

@anand-murugan-0 I run FusionAuth in ECS/Fargate. I don't know about the clustering side, but to make standing up a FusionAuth instance automated I needed to do 2 things:

1. enable Silent Mode https://fusionauth.io/docs/v1/tech/guides/silent-mode which skips the first boot / migration page. This required passing in database credentials as env vars, so that Fusionauth doesn't need to ask you for them.

2. Use a kickstart.json to configure an API key https://fusionauth.io/docs/v1/tech/installation-guide/kickstart#using-environment-variables

Adding a kickstart.json file to a docker image in ECS is a bit non-trivial (either with EFS or S3). So I made my own Dockerfile:

FROM fusionauth/fusionauth-app:1.38.1

ARG FUSIONAUTH_APP_KICKSTART_VALUE
ENV FUSIONAUTH_APP_KICKSTART_FILE=/tmp/kickstart.json

RUN echo ${FUSIONAUTH_APP_KICKSTART_VALUE} > ${FUSIONAUTH_APP_KICKSTART_FILE}

When running docker build, if you pass in an argument like

docker build \
    --build-arg FUSIONAUTH_APP_KICKSTART_VALUE="{\"apiKeys\": [{\"key\": \"42\" } ] }" \
    .

will build and write out a /tmp/kickstart.json file and tell Fusionauth to look at that path when it starts up. NOTE: any random value would work, I picked 42 for simplicity, don't use this in Production.

With those 2 things, ECS will start a Fusionauth instance that doesn't prompt for initial installation (assuming you pass in db credentials as environment variable) and will

Think I'm hitting the same issue with 1.41.3

Login page loads and if I enter valid credentials it appears to login but redirects to a blank page with the path /oauth2/authorize. At a glance, it appears that headers are not being passed correctly.

We are using a comparatively simple setup: Fusionauth + Nginx in a single docker image. Our nginx config:

server {
    listen 8443 ssl;
    listen [::]:8443 ssl;
    server_name _;

    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;

    access_log            /var/log/nginx/access.log;

    proxy_set_header        X-Forwarded-Proto https;
    proxy_set_header        X-Forwarded-Port 8443;
    proxy_set_header        X-Forwarded-Host $host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Server $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        Accept-Encoding "";

    location / {
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:9011/;
    }
}