defguard icon indicating copy to clipboard operation
defguard copied to clipboard
verified publisher icon DefGuard

Login does not work if Web UI is behind reverse proxy

Open jacotec opened this issue 1 year ago • 3 comments

Describe the bug I run the Defguard VM using my subdomain "vpn.mydomain.com". Port 443 can't be used as this is required on this VM for OpenVPN traffic, so I've changed the web UI of Defguard to use port 8443.

Access using "https://vpn.mydomain.com:8443" works without issues.

To access the UI with a "normal" URL without special port number, I've configured my HAPROXY reverse proxy for accessing the UI with "https://wireguard.mydomain.com".

Using "https://wireguard.mydomain.com" correctly serves the Defguard UI, but after entering the credentials the button "Sign in" does nothing.

The core container gives the error log message:

core-1 | 2024-08-21T14:19:02.222209Z ERROR http_request{method=GET path=/api/v1/info}: defguard::handlers: msg="Session is required"

In this case.

Expected behavior I want to be able to run the Web UI behind a reverse proxy.

Version information

  • Defguard Core version: v0.11.0
  • Defguard Gateway version: No idea, latest and greatest Docker version
    • Operating system and version running the gateway: Ubuntu 22.04
  • Your browser and version [e.g. chrome 99, safari] All browsers affected: Chrome, Edge, Firefox, Safari

jacotec avatar Aug 21 '24 14:08 jacotec

Looking at the network traffic in the browser dev tools it turns out that Defguard wants to set a cookie with the domain

vpn.mydomain.com

image

Although in the .ENV file I've added the line:

DEFGUARD_COOKIE_DOMAIN=wireguard.mydomain.com

Looks like the DEFGUARD_COOKIE_DOMAIN is not used here ...?!?

jacotec avatar Aug 21 '24 14:08 jacotec

If further turns out that the DEFGUARD_COOKIE_DOMAIN needs to be passed in the environment: section in the docker-compose file.

Adding the line

DEFGUARD_COOKIE_DOMAIN: ${DEFGUARD_COOKIE_DOMAIN}

under

core:
  environment:

in the docker-compose solves the issue.

I'm leaving this open as this is a potential issue with the setup script creating the docker-compose file.

jacotec avatar Aug 21 '24 14:08 jacotec

Hi, can you explain how to install it on a virtual server? Not one of the options - only errors, then login and password does not work or docker. Is there an instruction where it is clearly described how to install?

Quixgit avatar Sep 26 '24 11:09 Quixgit

This is not a bug. Defguard works well with reverse proxies and there are guides on our docs how to do so. For troubleshooting please see: https://docs.defguard.net/resources/troubleshooting or contact support on our Matrix channel.

teon avatar Aug 06 '25 10:08 teon