@dan Thanks, we are running the nginx tightly coupled with our fusion auth deploy (we modified the Docker file in order to start both together in a single container) so that we can deploy it to AWS Fargate. I'm not sure exactly why we were getting a 403 hitting the admin endpoint for auth through the LB, however we are closing off ingress to the public internet anyway and we are able to successfully auth when tunneled through our bastion host and the application API is working so we can at least upgrade to 1.41.3 for the security patch there.
Z
Posts made by zradick
-
RE: Error 403 with Nginx in frontposted in Q&A
-
RE: Error 403 with Nginx in frontposted in Q&A
We are seeing a similar issue. The API appears to be working from our application perspective but we are seeing a similar 403 after attempting to log in to the admin console using the existing username and password. Our nginx configuration is similar:
server { listen 80; listen [::]:80; location / { rewrite ^ https://$host$request_uri? permanent; } } error_log /var/log/nginx/error.log info; server { listen 8443 ssl; listen [::]:8443 ssl; server_name _; ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/private/nginx.key; access_log /var/log/nginx/access.log; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 8443; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Accept-Encoding ""; location / { proxy_http_version 1.1; proxy_pass http://127.0.0.1:9011/; } } -
HTTPS port (9013) not exposed?posted in General Discussion
We are attempting to upgrade to fusion auth 1.41.3 from 1.36.7. Previously 1.36.7 exposed port 9013 for HTTPS via the Docker image. Now it appears that it does not?
The same docker compose bindings that were used previously now don't appear to work:
image: fusionauth/fusionauth-app:1.41.3 ports: - 9013:9013I see in the startup that it is exposing 9011 and 9012 as HTTP but I don't see anything about 9013 or HTTPS:
fusionauth_1 | 2022-12-01 07:14:03.005 PM INFO io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up! fusionauth_1 | 2022-12-01 07:14:03.041 PM INFO io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011] fusionauth_1 | 2022-12-01 07:14:03.042 PM INFO io.fusionauth.http.server.HTTPServer - HTTP server started successfully fusionauth_1 | 2022-12-01 07:14:03.042 PM INFO io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up! fusionauth_1 | 2022-12-01 07:14:03.052 PM INFO io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012] fusionauth_1 | 2022-12-01 07:14:03.053 PM INFO io.fusionauth.http.server.HTTPServer - HTTP server started successfullyI attempted to specify the HTTPS port as well but that did not seem to change things:
- FUSIONAUTH_APP_HTTPS_PORT=9013 -
Issue starting up docker image with FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGSposted in General Discussion
When I add the following to my docker compose file:
- FUSIONAUTH_APP_ADDITIONAL_JAVA_ARGS="-Djavax.net.ssl.keyStore=/fusionauth/example.p12 -Djavax.net.ssl.keyStorePassword=****"I see the following when starting up:
Error: Could not find or load main class "-Djavax.net.ssl.keyStore=.fusionauth.example.p12This same environment configuration option was working for older versions of fusion auth (1.36.7). Is this no longer a valid configuration option?