Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth form must be sent from auth page - on Z2JH #26

Closed
danlester opened this issue Aug 24, 2020 · 3 comments
Closed

Auth form must be sent from auth page - on Z2JH #26

danlester opened this issue Aug 24, 2020 · 3 comments
Assignees
@danlester
Labels
bug Something isn't working

Comments

@danlester
Copy link
Member

Where HTTPS termination happens on the load balancer under z2jh on EKS/AWS:

proxy:
  https:
    enabled: true
    type: offload

authing into someone else's dashboard doesn't work - you get '403 auth form must be sent from auth page'.

Same as this issue:
#22
but needs a different solution under z2jh

It is a bug/feature in either JupyterHub's OAuth code or in the Configurable HTTP Proxy component, depending on how you look at it.

Unfortunately, the workaround suggested in the GitHub issue above won't work here because in Zero2JH there is no easy way to specify a bespoke ConfigurableHTTPProxy.command setting to the ['configurable-http-proxy', '--no-x-forward'] which we need, as noted recently here: jupyterhub/zero-to-jupyterhub-k8s#1302

Fixing the z2jh issue 1302 would be ideal in the short term. Using an alternative proxy (Traefik instead of the standard Configurable Http Proxy is supposed to be supported soon) might make this go away: jupyterhub/zero-to-jupyterhub-k8s#1162. Or trying a different https method could work - e.g. getting z2jh to do the https termination.

But all of these have too many moving parts - I will look at building a workaround into the jupyterhub code used by ContainDS Dashboards. I am away this week but should be able to take a look at the start of next. In the meantime, I'm hoping you can continue evaluation with https off or moved to z2jh (if that solves the problem).

This was reported here: https://gitter.im/ideonate/ContainDS?at=5f430cf0ec534f584fb8fd89
@danlester danlester added the bug Something isn't working label Aug 24, 2020
@danlester danlester self-assigned this Aug 24, 2020
@sid-marain
Copy link

I've confirmed that using the letsencrypt method (let z2jh do https termination) is a viable workaround.

@fredrik-sthlm
Copy link

I've confirmed that using the letsencrypt method (let z2jh do https termination) is a viable workaround.

Hi, I'm experiencing the above issue for Z2JH using own built docker images. Can you provide more details on how to resolve this using the letsencrypt method?

@fredrik-sthlm
Copy link

This has been fixed upstream in JupyterHub 1.2 and above jupyterhub/jupyterhub#3219

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danlester danlester

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danlester @fredrik-sthlm @sid-marain