cloudbeaver icon indicating copy to clipboard operation
cloudbeaver copied to clipboard

Published 20 hours ago verified publisher icon dbeaver

Issues with reverseproxy

Open kjee87 opened this issue 1 year ago • 4 comments

Hello

Few sudden issues with reverseproxy with dbeaver/cloudbeaver:latest or previous version (cloudbeaver:23.3.0 or 23.2.5). I set up these parameters to trigger reverseproxy/oauth in both cloudbeaver.runtime.conf and product.conf, but I keep seeing local login window pops up, AFTER going through oauth-proxy (google sso). And when I try to login with admin username/password (I am also using auto.conf to auto-configuration), it still says "anonymous access restricted", which should not be... And when I force "enabledAuthProviders" only with "reverseProxy", then I am getting an error like "[GraphQL not null field of nullable object returning error for 'serverConfig/GraphQL enableReverseProxyAuth[1]". Was there some change on reverseproxy setting in the cloudbeaver or am I missing something here...? It was running completely fine (when I even pinned to 23.2.5), but all of sudden I am getting this issues.

.cloudbeaver.runtime.conf configs: `app: { anonymousAccessAllowed: true, anonymousUserRole: "user", authenticationEnabled: true, supportsCustomConnections: false, publicCredentialsSaveEnabled: false, adminCredentialsSaveEnabled: false, resourceManagerEnabled: true, forwardProxy: true, resourceQuotas: { dataExportFileSizeLimit: 10000000, resourceManagerFileSizeLimit: 500000, sqlMaxRunningQueries: 100, sqlResultSetRowsLimit: 100000, sqlResultSetMemoryLimit: 2000000, sqlTextPreviewMaxLength: 4096, sqlBinaryPreviewMaxLength: 261120 }, defaultNavigatorSettings: { showSystemObjects: false, showUtilityObjects: false, showOnlyEntities: false, mergeEntities: false, hideFolders: false, hideSchemas: false }, plugins: {

    },
    defaultAuthProvider: "reverseProxy",
    enableReverseProxyAuth: true,
    enabledAuthProviders: [
        "local",
        "reverseProxy"
    ],
    enabledDrivers: []
}`

And this is product.conf: core: { administration: { baseFeatures: [] }, authentication: { baseAuthProvider: "reverseProxy", primaryAuthProvider: "reverseProxy" },

kjee87 avatar Jan 17 '24 01:01 kjee87

Hello,

I just debugged this issue and it turns out these errors were due to having two replica in kubernetes. Was this intended not to allow having two sessions at the same time?

kjee87 avatar Jan 17 '24 19:01 kjee87

Hi @kjee87 We do not have any restrictions. It looks like you had two similar replicas, but enableReverseProxyAuth was disabled in one.

EvgeniaBzzz avatar Jan 24 '24 11:01 EvgeniaBzzz

Both sessions were using same configuration as it was defined by the same docker image. If one is using reverse proxy, the other automatically turns off...?

kjee87 avatar Feb 12 '24 19:02 kjee87

Hi @kjee87 We do not turn off anything automatically.

It would be great if you will try all the same with a new reverse proxy settings. Now you can configure several proxy providers if you want.

EvgeniaBzzz avatar Feb 13 '24 15:02 EvgeniaBzzz

Hi @kjee87! Any news here?

EvgeniaBzzz avatar Feb 28 '24 10:02 EvgeniaBzzz

No, I think this may be due to load balancer, trying redistribute any calls to different replica. For now, I am using only one and it seems running fine. And I made comment in the other request: https://github.com/dbeaver/cloudbeaver/issues/2248

kjee87 avatar Feb 29 '24 01:02 kjee87

Ok I'll close it for now. Please feel free to ask to reopen the ticket if it is still actual for you.

EvgeniaBzzz avatar Feb 29 '24 13:02 EvgeniaBzzz