Giters

drakkan / sftpgo

Full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob

Home Page:https://sftpgo.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug]: error validating CSRF token After Migrate from AWS ECS to AWS EKS

hugolesta opened this issue · comments

commented

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration issue.
  • This issue is not already reported on Github (I've searched it).

Bug description

I'm trying to migrate SFTPgo from AWS ECS to AWS EKS, I'm using the same secrets and environment variables, I verified that the SFTPgo solution is connecting to the database, the only different thing is traefik as an ingress controller which passes all the traffic directly to the service HTTP, the UI is working + health however at the moment to authenticate as an admin I'm getting the following issue

{"level":"debug","time":"2024-04-23T16:50:53.617","sender":"httpd","message":"error validating CSRF token \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQ1NSRiIsIjEwLjIuMTIuMTM1Il0sImV4cCI6MTcxMzkxMjYzOCwianRpIjoiY29qdWRuaDM5dmwzZmJsdHMw.........\": token is unauthorized"}

I did a forward port to the pod by using port 8080 and I can do the authentication with no issues.

Domain is the same that I have on ECS since I'm switching DNS to the Application Load Balancer behind Traefik

Steps to reproduce

  1. Migration from AWS ECS to AWS EKS
    2.Switch DNS for the same domain to the ALB behind AWS EKS + Traefik
  2. Do a login from the UI

Expected behavior

1.UI error: unable to verify form token: token is unauthorized
2. Logs as I mentioned on Bug Descriptio

SFTPGo version

WebClient - 2.5.6

Data provider

Mysql

Installation method

Other

Configuration

I used the default values from Helm chart https://github.com/sagikazarmark/helm-charts except the following envvars and service config

envVars:

  • name: SFTGO_LOG_VERBOSE
    value: "1"
  • name: SFTPGO_COMMON_DEFENDER__BAN_TIME
    value: "15"
  • name: SFTPGO_COMMON_DEFENDER__BAN_TIME_INCREMENT
    value: "100"
  • name: SFTPGO_COMMON_DEFENDER__ENABLED
    value: "true"
  • name: SFTPGO_COMMON_DEFENDER__OBSERVATION_TIME
    value: "15"
  • name: SFTPGO_COMMON_DEFENDER__THRESHOLD
    value: "5"
  • name: SFTPGO_DATA_PROVIDER__DRIVER
    value: "mysql"
  • name: SFTPGO_DATA_PROVIDER__HOST
    value: "db-sftpgo.acc.domain.io"
  • name: SFTPGO_DATA_PROVIDER__NAME
    value: "sftpgo"
  • name: SFTPGO_DATA_PROVIDER__PASSWORD
    valueFrom:
    secretKeyRef:
    name: sftp-creds
    key: SFTPGO_DATA_PROVIDER__PASSWORD
  • name: SFTPGO_DATA_PROVIDER__PORT
    value: "3306"
  • name: SFTPGO_DATA_PROVIDER__USERNAME
    value: "sftpgo_mgr_acc"
  • name: SFTPGO_HTTP_TIMEOUT
    value: "15000"
 service:
  annotations: 
    service.beta.kubernetes.io/aws-load-balancer-type: external
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-security-groups: "secgp-elb-default"
    external-dns.alpha.kubernetes.io/hostname: "sftpgok8s-acc-nlb.acc.domain.io"

  type: LoadBalancer

  loadBalancerIP:

  loadBalancerSourceRanges: []

  ports:
    sftp:
      port: 22
      nodePort:

    ftp:
      port: 21

      nodePort:

    webdav:
      port: 81
      nodePort:

    http:
      port: 80

      nodePort:

  externalTrafficPolicy:
  sessionAffinity:

Relevant log output

{"level":"debug","time":"2024-04-23T16:50:53.617","sender":"httpd","message":"error validating CSRF token \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQ1NSRiIsIjEwLjIuMTIuMTM1Il0sImV4cCI6MTcxMzkxMjYzOCwianRpIjoiY29qdWRuaDM5dmwzZmJsdHMw.........\": token is unauthorized"}

What are you using SFTPGo for?

Enterprise

Additional info

I'd appreciate any kind of help you can provide!

commented

This is not a bug, just a support request. Please check our support policy. Thank you