-
Hi, not sure if this is a bug or just a misconfiguration on my end. I am serving Teleport via a Nginx reverse proxy, which is not officially supported, but works fine for everything else. I now tried to serve an internal Nginx provided PHP site via the Teleport application proxy. Upon accessing it through the Teleport interface, the session cookie seems to either be voided or lost, causing the authorization to fail. I am not using any of the SSO features of Teleport. I authenticate to the website manually by entering my credentials on its logon page after opening it through the Teleport interface. I assume it is a matter of instructing Nginx to preserve cookies, however after trying several caching and cookie flag settings, and having lost trace of the things I already tried, I figured I should go over to asking if someone else has an idea on what to try. Allow me to present my Teleport as well as Nginx configurations: Nginx and NSEdit are installed in the latest version. Teleport is installed in version 6.0.2. Albeit the reverse proxy adds an unsupported step in the setup, I would highly appreciate if someone would be so kind to take a look, as I am, at this point, not even sure if it's actually Nginx's responsibility to handle the cookie "better", of if maybe Teleport, NSEdit or even PHP-FPM have an issue with the setup. Thanks a lot for reading so far. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
Edit: A different tool for managing my PowerDNS servers (https://github.com/operasoftware/dns-ui) works flawlessly. Hence I assume it is an issue that could be resolved by altering NSEdit. Whilst my core issue, managing my DNS zones through Teleport, is resolved, I would still appreciate if someone could shed some light as to what is going on, in order to, if it is deemed necessary, raise an issue with the NSEdit developers. |
Beta Was this translation helpful? Give feedback.
-
My guess is that the session cookie is being set against the internal domain used by nginx/nsedit and so isn't passed through by Teleport (because what the application thinks its public address is and its actual public address behind Teleport are different) You can try something like adding a app_service:
enabled: yes
apps:
- name: "nsedit1"
uri: "https://nsedit1-local.secure.example.com:8083"
public_addr: "nsedit1.secure.example.com"
insecure_skip_verify: false
labels:
generic: "admins"
redirect:
rewrite:
- nsedit1-local.secure.example.com Also, the Failing that, make sure that Teleport and your application are running on the same domain - IIRC Honestly, there's a few too many layers of indirection here with the use of |
Beta Was this translation helpful? Give feedback.
-
Hi @webvictim, thank you very much for the thorough reply! Will try the suggestions out. |
Beta Was this translation helpful? Give feedback.
My guess is that the session cookie is being set against the internal domain used by nginx/nsedit and so isn't passed through by Teleport (because what the application thinks its public address is and its actual public address behind Teleport are different)
You can try something like adding a
redirect
configuration to your Teleportapp_service
:Also, the
public_addr
here should be a subdomain of Te…