[Bug]: error validating CSRF token After Migrate from AWS ECS to AWS EKS
hugolesta opened this issue · comments
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration issue.
- This issue is not already reported on Github (I've searched it).
Bug description
I'm trying to migrate SFTPgo from AWS ECS to AWS EKS, I'm using the same secrets and environment variables, I verified that the SFTPgo solution is connecting to the database, the only different thing is traefik as an ingress controller which passes all the traffic directly to the service HTTP, the UI is working + health however at the moment to authenticate as an admin I'm getting the following issue
{"level":"debug","time":"2024-04-23T16:50:53.617","sender":"httpd","message":"error validating CSRF token \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQ1NSRiIsIjEwLjIuMTIuMTM1Il0sImV4cCI6MTcxMzkxMjYzOCwianRpIjoiY29qdWRuaDM5dmwzZmJsdHMw.........\": token is unauthorized"}
I did a forward port to the pod by using port 8080 and I can do the authentication with no issues.
Domain is the same that I have on ECS since I'm switching DNS to the Application Load Balancer behind Traefik
Steps to reproduce
- Migration from AWS ECS to AWS EKS
2.Switch DNS for the same domain to the ALB behind AWS EKS + Traefik - Do a login from the UI
Expected behavior
1.UI error: unable to verify form token: token is unauthorized
2. Logs as I mentioned on Bug Descriptio
SFTPGo version
WebClient - 2.5.6
Data provider
Mysql
Installation method
Other
Configuration
I used the default values from Helm chart https://github.com/sagikazarmark/helm-charts except the following envvars and service config
envVars:
- name: SFTGO_LOG_VERBOSE
value: "1" - name: SFTPGO_COMMON_DEFENDER__BAN_TIME
value: "15" - name: SFTPGO_COMMON_DEFENDER__BAN_TIME_INCREMENT
value: "100" - name: SFTPGO_COMMON_DEFENDER__ENABLED
value: "true" - name: SFTPGO_COMMON_DEFENDER__OBSERVATION_TIME
value: "15" - name: SFTPGO_COMMON_DEFENDER__THRESHOLD
value: "5" - name: SFTPGO_DATA_PROVIDER__DRIVER
value: "mysql" - name: SFTPGO_DATA_PROVIDER__HOST
value: "db-sftpgo.acc.domain.io" - name: SFTPGO_DATA_PROVIDER__NAME
value: "sftpgo" - name: SFTPGO_DATA_PROVIDER__PASSWORD
valueFrom:
secretKeyRef:
name: sftp-creds
key: SFTPGO_DATA_PROVIDER__PASSWORD - name: SFTPGO_DATA_PROVIDER__PORT
value: "3306" - name: SFTPGO_DATA_PROVIDER__USERNAME
value: "sftpgo_mgr_acc" - name: SFTPGO_HTTP_TIMEOUT
value: "15000"
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-security-groups: "secgp-elb-default"
external-dns.alpha.kubernetes.io/hostname: "sftpgok8s-acc-nlb.acc.domain.io"
type: LoadBalancer
loadBalancerIP:
loadBalancerSourceRanges: []
ports:
sftp:
port: 22
nodePort:
ftp:
port: 21
nodePort:
webdav:
port: 81
nodePort:
http:
port: 80
nodePort:
externalTrafficPolicy:
sessionAffinity:
Relevant log output
{"level":"debug","time":"2024-04-23T16:50:53.617","sender":"httpd","message":"error validating CSRF token \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQ1NSRiIsIjEwLjIuMTIuMTM1Il0sImV4cCI6MTcxMzkxMjYzOCwianRpIjoiY29qdWRuaDM5dmwzZmJsdHMw.........\": token is unauthorized"}
What are you using SFTPGo for?
Enterprise
Additional info
I'd appreciate any kind of help you can provide!
This is not a bug, just a support request. Please check our support policy. Thank you