Laravel Socialite behind Nginx load balancer - laravel

I have a Laravel 7 APP with two instances behind an NGINX load balancer with SSL terminating at the load balancer, I've set up Trusted Proxies as described in the Laravel documentation which is working as expected and all traffic is using HTTPS. I have both Laravel instances using the same Redis server for session and a separate Redis server for cache, and both instances are using the same session domain in .env
Both Laravel servers work correctly if they are the only instance in the load balancer. However when both Laravel instances are added to the load balancer any Socialite login fails with an invalid state error.
HTTP 500 Internal Server Error
Laravel\Socialite\Two\InvalidStateException
AbstractProvider->user()
/app/Http/Controllers/Auth/LoginController.php (line 108)
// Get google user data
$google = Socialite::driver('google')->user();
I have the same issue with both Google and Facebook logins. If I try to login manually or register a new user I get 419 | Page Expired, but none of these issues occurs when the load balancer has only one instance or I don't us a load balancer.
Thanks,
Lee.

Ok so I've fixed the problem, I rebuilt the .env file and then cut and pasted into both servers, I then generated new keys and restarted the app servers and the load balancer.
I'd gone through and checked both .env files several times, so either I missed something or the issue wasn't visible ?
Either way it's working now.
Thanks,
Lee.

Related

AWS secure Cloudfront to ALB to Fargate communication

I have the following setup:
React.js App on Cloudfront (example.eu) -> Certificate for *.example.eu and example.eu
Fargate Python FastAPI instance on port 5000
Load Balancer internet facing http://***.eu-central-1.elb.amazonaws.com/
I can visit my website https://example.eu just fine
So in my front-end I defined the Load Balancer URL for doing the requests to the Fargate instance --> GET http://***.eu-central-1.elb.amazonaws.com/users.
I clicked on the button on the website to fire the request to the backend but I get a mixed content error in the browser.
Well, I thought let's do the calls over https - I added a HTTPS on 443 listener and added the certificate created earlier. And if I deactivate the SSL verification (e.g. in Postman) that works fine but else I get in my browser the following error:
VM11:1 GET https://***.eu-central-1.elb.amazonaws.com/users net::ERR_CERT_COMMON_NAME_INVALID
Do I need another certificate for the load balancer URL? I checked out a lot of tutorials and they only create one for the domain.
Do I need to add the certificate to my back-end?
I'm really confused how I can establish a proper https communication from example.eu over the load balancer https://***.eu-central-1.elb.amazonaws.com to my Fargate backend on port 5000.
Thanks
Found the solution:
Go to your Route 53 and add an A entry with Alias Target to the ALB.
Important: Add a subdomain in the name field: e.g. api.example.eu.
That's it :)

Target group 443 gives Health checks failed with these codes: [502]

I wanted to deploy a Laravel website to amazon, so I did the following steps:
Deployed the Laravel App using Elastic Beanstalk
Configured Route:53 A instance to point to the Ip of Ec2
Created Application Load Balancer with two listeners one at 80 and one at 443
Created 2 target groups Tg80 and Tg443 and designate the listener respectively
Note that Tg443 has a valid SSL certificate
Changed the security group of the Ec2 to be the Load balancer's one
Changed the A instance in Route:53 to be the load balancer's
**Results: **
The site works perfectly on port 80 with http, same for health check, and I can acces the site normally from any browser
The site returns [502 Bad Gateway] on https:443
In (After ssh to instance) /var/log/httpd/error_log I have the following error /var/www/html/.htaccess: RewriteCond: bad flag delimiters
So, I tried, According to the link enforce-https-laravel:
To configure .htaccess in the laravel app as said in the link, refreshed everything `php artisan config:cache, retried health check but Same Results
The I deleted .htaccess and configured app/Providers/AppServiceProvider.php:
use Illuminate\Contracts\Routing\UrlGenerator;
public function boot(UrlGenerator $url)
{
if(env('ENFORCE_SSL', false)) {
$url->forceScheme('https');
}
}
And added ENFORCE_SSL=true in .env and then php artisan config:cache as said in the same link it is a newer way than .htaccess.
But Same Results
I don't know what to do net or how to fix this. I want to be able to access the site with ssl. Please Help. Thank you.
Based the comments, the issue was that the health checks were set to use HTTPS between ALB and EC2. However, since ALB terminates the SSL connections, all traffic between ALB and EC2 is in HTTP, not HTTPS.
Therefore, the solution to not working health checks was to use HTTP for them, rather then HTTPS.

Laravel + nginx + Subdomain + Load balancer

My wildcard subdomains are not working when I am using a load balancer. I have edited the nginx config so the domain is .xxx.com on both the load balancer and both of my app servers. The servers are setup using Forge.
When I visit a subdomain, the app interprets it as the main domain. For example, visiting subdomain.xxx.com shows me the homepage of xxx.com, and visting subdomain.xxx.com/blog shows me xxx.com/blog (which is a 404). The URL also changes in the browser and doesn't include the subdomain.
The same code works on my staging server, which leads me to believe that the load balancer is causing the issue. I don't have a LB on the staging server.
I have restarted nginx, cleared the route and config cache.
Looking at the request in Telescope, I see that host is set to the domain (not subdomain).
Why is the subdomain not working when using a load balancer?
Turns out the DNS hadn't propagated yet. Weird result.

classic load balancer https acm issue

I have a website -- portaldevservices.com
The domain is managed by route 53 and works fine with http.
I have one ec2 instance.
I recently decided to move to https and put a load balancer in front of the ec2 instance.
From here I created a load balancer edited the A record and the Cname to the credentials of the load balancer. The health check is fine and the ec2 instance was added.
Using Amazon Certificate manager I created a cert and added it to the load balancer.
Here are some credentials/info:
When I try to access https://portaldevservices.com I get this:
Website screenshot
hosted zones
load balancer port config
load balancer basic config
load balancer listener
acm certificate
Thanks for the help. I'm a mobile dev so this is my first time really stepping into the backend world.
Solved:
Ok that was a lot easier than I thought. If anyone else experiences this issue all I had to do was add the "www." to the front of my A type
From portaldevservices.com -> www.portaldevservices.com
The https access now works well.
Ok that was a lot easier than I thought. If anyone else experiences this issue all I had to do was add the "www." to the front of my A type
From portaldevservices.com -> www.portaldevservices.com
The https access now works well.

mvc3, IIs 7.5, server behind load balancer/firewall, forms authentication redirects to http://[ipaddress of machine]

hundreds of hits for these keywords, but nothing that is totally relevant.
So my web server is behind a load balancer. The web site is exposed by SSL.
When I open my logon page https[mydomain]/app/somepage.aspx, I am redirected to http://[ip address of server]/app/somepage.aspx.
I tried the follwing
Setting the loginurl to https[mydomain]/app/somepage.aspx, doesnt work
tried fiddling with the binding in iis, but there's an issue that forces us to use appcmd to set the hostname, but nothing works after I set it.
Suggestions?
Thanks
This sounds more like a load balancer configuration error, or maybe your load balance just isn't capable of forwarding the request using the same url. It seems like your load balancer is mroe of a proxy, and is creating a new request using only the IP address. Most decent load balancers should have an option for forwarding the hostname.
This might be more of a Serverfault question because it has more to do with load balancer configuration.

Resources