0

I have a web-ui, oauth2-proxy and Keycloak running a as Kubernetes apps; web-ui and oauth2 are behind the ingress-nginx and keycloak is exposed through NodePort.

These are the endpoints I'm using:

  • web-ui: https://ui.mydomain.uk.local
  • oauth2: https://ingress.mydomain.uk.local/oauth2
  • keycloak: http://ingress.mydomain.uk.local:8080

If I use https://ingress.mydomain.uk.local/oauth2/start I get the keycloak login page but targeting the web-ui, ends up with 500 error. I cannot copy (and paste) from the environment I'm running the actual code, but here is the screenshots of my configs:

oauth2-proxy deployment:

enter image description here

oauth2-proxy Ingress:

enter image description here

web-ui Ingress:

enter image description here

When point to https://ui.mydomain.uk.local, looks like it's actually hitting the oauth2-proxy:

enter image description here

but ends up with 500 in the end. Below is the log from ingress-controller:

enter image description here

Can anyone spot what I'm doing wrong or missing from my configuration? I tried to search the internet as much as I could but none of the suggestions actually helped. Could anyone give me a bit of hands please? Any help will be really appreciated.

MacUsers
  • 2,091
  • 3
  • 35
  • 56
  • Check logs and find what/why is generating 500 code. – Jan Garaj May 31 '22 at 12:51
  • What I pasted in the post, that's all I can see in the log. – MacUsers May 31 '22 at 13:43
  • Nope, you have provided that only Nginx ingress access logs and oauth2 proxy logs. It also possible that app itself returns 500 response. It is also not clear if OIDC flow was succesfull. – Jan Garaj May 31 '22 at 17:22
  • Thanks @JanGaraj! That's true but right now I 'm using only a HelloWorld express app and that works absolutely fine if I take all of the oauth2-proxy related config for the ingress-controller. I don't see anything significant in the pod log. – MacUsers May 31 '22 at 21:04
  • Yes, blind guess: nginx adds cookie to the header and you reach 8kb header size limit on the nodejs side - ideal opportunity for nodejs to generate 500 response. – Jan Garaj May 31 '22 at 21:16
  • I'm not really a nodeJS or programmer person (rather infrastructure) but helping DM to get through some demos. Any idea what to do in this situation? Really appreciate your time. – MacUsers May 31 '22 at 21:22

0 Answers0