vouch-proxy: 502 Bad Gateway
I have been trying to get this up and running for the last couple of days, but have been unsuccessful. Can someone point out what I am doing wrong?
I am running lasso in docker and encounter a 502 error when I am redirected to the lasso login. I am trying to authenticate using nginx. It looks like the none of the upstream variables are being set properly, but I am quite new to this area.
time="2018-12-29T11:36:44-05:00" level=debug msg=/validate
time="2018-12-29T11:36:44-05:00" level=error msg="no jwt found in request"
time="2018-12-29T11:36:44-05:00" level=debug msg="CaptureWriter.WriteHeader set w.StatusCode 401"
time="2018-12-29T11:36:44-05:00" level=debug msg="Request handled successfully: 401"
time="2018-12-29T11:36:44-05:00" level=info msg="|401| 86.556µs /validate" avgLatency=" 179.024µs" host="192.168.10.32:9090" ipPort="172.26.0.1:35670" latency=" 86.556µs" method=GET path=/validate referer= request=4 statusCode=401 time="2018-12-29T11:36:44-05:00" level=debug msg="Request received : &{GET /login?url=https://REDACTED_URL/&lasso-failcount=&X-Lasso-Token=&error= HTTP/1.0 1 0 map[Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36] Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-CA,en;q=0.9,fr;q=0.8,en-GB;q=0.7,en-US;q=0.6] X-Forwarded-Proto:[https] Connection:[close]] {} <nil> 0 [] true login.REDACTED_URL map[] map[] <nil> map[] 172.26.0.1:35674 /login?url=https://REDACTED_URL/&lasso-failcount=&X-Lasso-Token=&error= <nil> <nil> <nil> 0xc42018cf40}"
time="2018-12-29T11:36:44-05:00" level=debug msg=/login
time="2018-12-29T11:36:44-05:00" level=debug msg="session state set to t2G6AkxdPzmt0gLkakXEzWfefpZvYrwoE/roTARSOdU=" time="2018-12-29T11:36:44-05:00" level=debug msg="session requestedURL set to https://REDACTED_URL/"
time="2018-12-29T11:36:44-05:00" level=debug msg="saving session"
2018/12/29 11:36:44 http: panic serving 172.26.0.1:35674: runtime error: invalid memory address or nil pointer dereference
goroutine 21 [running]:
net/http.(*conn).serve.func1(0xc420081b80)
/usr/local/go/src/net/http/server.go:1726 +0xd0
panic(0x8be1c0, 0xbf58b0)
/usr/local/go/src/runtime/panic.go:502 +0x229
github.com/LassoProject/lasso/handlers.loginURL(0xc4201ca000, 0xc420084cc0, 0x2c, 0xc420181120, 0x0)
/go/src/github.com/LassoProject/lasso/handlers/handlers.go:62 +0x40
github.com/LassoProject/lasso/handlers.LoginHandler(0x9ae8a0, 0xc420181120, 0xc4201ca000)
/go/src/github.com/LassoProject/lasso/handlers/handlers.go:296 +0x7ad
net/http.HandlerFunc.ServeHTTP(0x96bee0, 0x9ae8a0, 0xc420181120, 0xc4201ca000)
/usr/local/go/src/net/http/server.go:1947 +0x44
github.com/LassoProject/lasso/pkg/timelog.TimeLog.func1(0x9af5e0, 0xc420130700, 0xc42012be00)
/go/src/github.com/LassoProject/lasso/pkg/timelog/timelog.go:47 +0x17b
net/http.HandlerFunc.ServeHTTP(0xc4200f3fa0, 0x9af5e0, 0xc420130700, 0xc42012be00)
/usr/local/go/src/net/http/server.go:1947 +0x44
net/http.(*ServeMux).ServeHTTP(0xc420171dd0, 0x9af5e0, 0xc420130700, 0xc42012be00)
/usr/local/go/src/net/http/server.go:2340 +0x130
net/http.serverHandler.ServeHTTP(0xc42017b040, 0x9af5e0, 0xc420130700, 0xc42012be00)
/usr/local/go/src/net/http/server.go:2697 +0xbc
net/http.(*conn).serve(0xc420081b80, 0x9afca0, 0xc42018cec0)
/usr/local/go/src/net/http/server.go:1830 +0x651
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2798 +0x27b
Here is my relevant nginx config:
server {
listen 443 ssl;
server_name login.REDACTED_URL;
ssl_certificate /etc/letsencrypt/live/login.REDACTED_URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/login.REDACTED_URL/privkey.pem;
# Proxy to your Lasso instance
location / {
proxy_set_header Host login.REDACTED_URL;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:9090;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name REDACTED_URL;
ssl_certificate /etc/letsencrypt/live/REDACTED_URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/REDACTED_URL/privkey.pem;
# Any request to this server will first be sent to this URL
auth_request /validate;
location = /validate {
# lasso can run behind the same nginx-revproxy
# May need to add "internal", and comply to "upstream" server naming
proxy_pass http://127.0.0.1:9090/validate;
# lasso only acts on the request headers
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# pass X-Lasso-User along with the request
#auth_request_set $auth_resp_x_lasso_user $upstream_http_x_lasso_user;
# these return values are used by the @error401 call
auth_request_set $auth_resp_jwt $upstream_http_x_lasso_jwt;
auth_request_set $auth_resp_err $upstream_http_x_lasso_err;
auth_request_set $auth_resp_failcount $upstream_http_x_lasso_failcount;
}
# if validate returns `401 not authorized` then forward the request to the error401block
error_page 401 = @error401;
location @error401 {
# redirect to lasso for login
return 302 https://login.REDACTED_URL/login?url=$scheme://$http_host$request_uri&lasso-failcount=$auth_resp_failcount&X-Lasso-Token=$auth_resp_jwt&error=$auth_resp_err;
}
location / {
}
root /usr/share/nginx/html;
index index.html;
}
Any help would be greatly appreciated 😃
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 18 (9 by maintainers)
Got it working! There was an issue with my nginx config.
I added
proxy_set_header X-Lasso-User $auth_resp_x_lasso_user;
to my location. I replaced my validate location with the one in the README. I also set my proxy_pass toproxy_pass https://login.domainname.com/validate;
instead of the IP.Thank you very much for all of your help!