Two Instances of Vouch

Question

Two Instances of Vouch

normelton opened this issue 2 months ago · comments

Running the latest versions of Vouch and nginx (from hub.docker.com), with Azure AD authentication.

Our environment has two Nginx proxies (nginx-00 / nginx-01), each running Vouch (vouch-00 / vouch-01). Traffic is load balanced across both proxies.

When a user's browser bounces between nginx-00 and nginx-01, they have to establish a new session. The Vouch debug shows "signature is invalid". This makes sense since the cookie was created by the a different instance of Vouch.

I found a related issue (#503) where the suggestion was to establish different cookies for each of the Vouch. This would still require establishing two sessions with Azure AD.

Is there any way for one Vouch instance to be able to validate cookies from a second Vouch instance? Some sort of secret configured identically?

Benjamin Foote · Answer 1 · Mon May 27 2024 06:58:41 GMT+0800 (China Standard Time)

Yes, you'll want to give them the same secret

https://github.com/vouch/vouch-proxy/blob/master/config/config.yml_example#L96

Norman Elton · Answer 2 · Mon May 27 2024 09:40:58 GMT+0800 (China Standard Time)

Brilliant thanks