Can't able to login to frontend.(405 Not Allowed)
Closed this issue · 6 comments
Hi,
In the production can't able to connect to frontend with default credentails.PFB details.
Ingress for frontend
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: "dependency-track"
meta.helm.sh/release-namespace: "dependency-track"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/rewrite-target: /$1
generation: 1
labels:
app: "dependency-track"
app.kubernetes.io/instance: "dependency-track"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: "dependency-track"
helm.sh/chart: platform-0.1.0
name: "dependency-track"
namespace: "dependency-track"
spec:
ingressClassName: nginx
rules:
- host: "dependency-track.private.***.com"
http:
paths:- backend:
service:
name: dependency-track-frontend
port:
number: 8080
path: /(.*)
pathType: ImplementationSpecific
tls:
- backend:
- secretName: private.***.com
status:
loadBalancer:
ingress:- ip: ******
Ingress for apiserver
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: "dependency-track-api"
meta.helm.sh/release-namespace: "dependency-track"
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/rewrite-target: /$1
generation: 1
labels:
app: "dependency-track"
app.kubernetes.io/instance: "dependency-track"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: "dependency-track-api"
helm.sh/chart: platform-0.1.0
name: "dependency-track-api"
namespace: "dependency-track"
spec:
ingressClassName: nginx
rules:
- host: "dependency-track-api.private.***.com"
http:
paths:- backend:
service:
name: dependency-track-api-server
port:
number: 8080
path: /(.*)
pathType: ImplementationSpecific
tls:
- backend:
- secretName: private.***.com
status:
loadBalancer:
ingress:- ip: *********
Values.yaml
apiServer:
resources:
requests:
cpu: "2"
memory: "4Gi"
limits:
cpu: "2"
memory: "4Gi"
persistentVolume:
enabled: true
size: 30Gi
nodeSelector:
agentpool: npuser3
kubernetes.io/os: linux
extraEnv:
ALPINE_DATABASE_MODE: "external"
ALPINE_DATABASE_URL: "jdbc:sqlserver://.database.windows.net:1433;databaseName=SBOM;sendStringParametersAsUnicode=false;trustServerCertificate=false"
ALPINE_DATABASE_DRIVER: "com.microsoft.sqlserver.jdbc.SQLServerDriver"
ALPINE_DATABASE_USERNAME: "admin@"
ALPINE_DATABASE_PASSWORD: '#{databasePassword}'
SYSTEM_REQUIREMENT_CHECK_ENABLED: "false"
initContainers:
- name: fix-permissions
image: docker.io/library/busybox
command:- sh
- -c
- |
chown -R 1000:1000 /data
volumeMounts: - name: data
mountPath: /data
securityContext:
capabilities:
add:- CHOWN
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
- CHOWN
frontend:
apiBaseUrl: 'https://dependency-track-api.****.com/'
Error Info
nginx-ingress-nginx-controller-68466c9758-4mmm5:/etc/nginx$ curl -vlk https://dependency-track.private.***.com/api/v1/user/login -d "username=admin&password=admin"
- Trying 10.100.72.4:443...
- Connected to dependency-track.private.***.com (10.100.72.4) port 443 (#0)
- ALPN: offers h2
- ALPN: offers http/1.1
- [CONN-0-0][CF-SSL] TLSv1.0 (OUT), TLS header, Certificate Status (22):
- [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Certificate Status (22):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Finished (20):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, CERT verify (15):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Finished (20):
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Finished (20):
- [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN: server accepted h2
- Server certificate:
- subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
- start date: Apr 16 13:20:50 2024 GMT
- expire date: Apr 16 13:20:50 2025 GMT
- issuer: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate
- SSL certificate verify result: self-signed certificate (18), continuing anyway.
- Using HTTP2, server supports multiplexing
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- h2h3 [:method: POST]
- h2h3 [:path: /api/v1/user/login]
- h2h3 [:scheme: https]
- h2h3 [:authority: dependency-track.private.***.com]
- h2h3 [user-agent: curl/7.87.0]
- h2h3 [accept: /]
- h2h3 [content-length: 29]
- h2h3 [content-type: application/x-www-form-urlencoded]
- Using Stream ID: 1 (easy handle 0x44121551800)
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
POST /api/v1/user/login HTTP/2
Host: dependency-track.private.***.com
user-agent: curl/7.87.0
accept: /
content-length: 29
content-type: application/x-www-form-urlencoded
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- We are completely uploaded and fine
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- old SSL session ID is stale, removing
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
- Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
- [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS header, Supplemental data (23):
- [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 405
< date: Mon, 27 May 2024 12:51:00 GMT
< content-type: text/html
< content-length: 157
< strict-transport-security: max-age=15724800; includeSubDomains
<
405 Not Allowed
nginx/1.25.5 * Connection #0 to host dependency-track.private.***.com left intact
api server webpage
You have a few options in your ingress (i.e. nginx.ingress.kubernetes.io/rewrite-target
) that will affect how request paths are forwarded to the pod.
If you're getting a 405 you're hitting the wrong endpoint on the API server. For reference, when you click Login
, a POST
request is sent to /api/v1/user/login
on the API server.
You'll need to debug if and where path segments are dropped or added. I can't help with that, and this is not an issue with the Helm chart.
@nscuro : Thanks for letting me know , I will try to modify rewrite targets and path prefix accordingly. In below snapshot of frontend login page ,when I tried logging in manually with default credentials , its throwing error with 304 error .Is there any variable that needs to be set for frontend in values.yaml or is there any port conflict that both the frontend and api server are using 8080. ?
ubuntu@NARU-Pr5530:~/sbom$ kubectl logs dependency-track-frontend-54b75f9644-7m7fk -n dependency-track |tail -10
10.100.0.172 - - [27/May/2024:13:31:26 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:31:26 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:31:41 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:31:41 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:31:56 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:31:56 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.105 - - [27/May/2024:13:32:05 +0000] "GET /login?redirect=%2Fdashboard HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "172.20.30.24"
10.100.0.105 - - [27/May/2024:13:32:05 +0000] "GET /static/config.json HTTP/1.1" 304 0 "https://dependency-track.private.*****.com/login?redirect=%2Fdashboard" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0" "172.20.30.24"
10.100.0.172 - - [27/May/2024:13:32:11 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
10.100.0.172 - - [27/May/2024:13:32:11 +0000] "GET / HTTP/1.1" 200 6702 "-" "kube-probe/1.29" "-"
@nscuro : Am able to fix the ingress issue and currently was able to reach the login api with default credentials. Thanks
@nscuro : Am able to fix the ingress issue and currently was able to reach the login api with default credentials. Thanks
please share how exactly you solved this problem because I faced the same thing
@WantDead : I had tried with below in the values.yaml and worked as expected for me.
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/client-max-body-size: 5m
nginx.ingress.kubernetes.io/proxy-body-size: 5m
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffering: "on"
hostname: "dependency-track.*****.com"
ingressClassName: "nginx"
tls:
- secretName: ****.com
hosts:- "dependency-track.****.com"
@WantDead : I had tried with below in the values.yaml and worked as expected for me.
ingress: enabled: true annotations: nginx.ingress.kubernetes.io/client-max-body-size: 5m nginx.ingress.kubernetes.io/proxy-body-size: 5m nginx.ingress.kubernetes.io/proxy-buffer-size: 128k nginx.ingress.kubernetes.io/proxy-buffering: "on" hostname: "dependency-track.*****.com" ingressClassName: "nginx" tls:
* secretName: ****.com hosts: * "dependency-track.****.com"
thanks, dude