Posts made by ronn316

@Alex-Patterson That did the trick! Enabled silent mode in the fusionauth.properties file and no more errors.

@Alex-Patterson Hi. It's not clear to me exactly how to do the system upgrade. I'm running in Production mode. It says the following on your link: "In a production runtime mode, or with silent configuration enabled, the upgrade will occur automatically during startup."

So I shouldn't need to do anything.

Hello,

I was running version 1.48.3 and am trying to upgrade to 1.51.2 because of the vulnerability. After upgrading the version in my Dockerfile, and restarting the container, I am getting an error in the log file. My database is a Postgres database on Azure.

 ---------------------------------------------------------------------------------------------------------
 --------------------------------- Starting FusionAuth version [1.51.2] ----------------------------------
 ---------------------------------------------------------------------------------------------------------

 2024-07-13 09:45:07.295 AM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
 2024-07-13 09:45:10.149 AM INFO  io.fusionauth.api.service.system.NodeService - Node [b936de13-c292-416e-acdb-8b18759cba97] started.
 2024-07-13 09:45:17.500 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
 2024-07-13 09:45:17.501 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://localhost:9011]
 2024-07-13 09:45:17.540 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [production]
  - Overriding default value of property [search.type] with value [database]
 
 2024-07-13 09:45:17.662 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://invoicingapi-db-server.postgres.database.azure.com:5432/fusionauth]
 2024-07-13 09:45:17.692 AM WARN  com.zaxxer.hikari.HikariConfig - HikariPool-1 - idleTimeout has been set but has no effect because the pool is operating as a fixed size pool.
 2024-07-13 09:45:17.711 AM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
 2024-07-13 09:45:20.528 AM INFO  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Added connection org.postgresql.jdbc.PgConnection@6579cdbb
 2024-07-13 09:45:20.577 AM INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
 2024-07-13 09:45:37.031 AM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
 2024-07-13 09:45:37.033 AM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
 2024-07-13 09:45:37.203 AM ERROR com.inversoft.scheduler.LogAndRetainFailureHandler - The scheduled service [class io.fusionauth.api.service.cache.ApplicationCacheLoader] failed but will be re-run.
 org.apache.ibatis.exceptions.PersistenceException: 
 ### Error querying database.  Cause: org.postgresql.util.PSQLException: ERROR: column a.userinfo_populate_lambdas_id does not exist
   Position: 3467
 ### The error may exist in io/fusionauth/api/domain/ApplicationMapper.xml
 ### The error may involve defaultParameterMap
 ### The error occurred while setting parameters

I'm not sure how to diagnose this issue. Is it obvious what has gone wrong?

@kasir-barati actually shortly after posting this thread I had the same idea and already implemented the robots.txt through my reverse proxy

Good idea about replacing the favicon through the proxy as well! I'll do that too.

Hello,

Is it possible to include a robots.txt file with my FusionAuth self-hosted community instance?

My website which is live has a robots.txt file at the root domain (https://rootdomain.com/robots.txt), and FusionAuth is running at subdomain auth.rootdomain.com.

In Google Search Console, it is complaining that there is no robots.txt file for my auth subdomain at https://auth.rootdomain.com/robots.txt. It's my understanding that for Google search indexing, you need to have a separate robots.txt file for each subdomain.

As a result, Google is crawling and indexing the FusionAuth authorize and forgot pages with the various parameters in the url, which I want to block them from indexing.

How can I add a robots.txt file to the root of my auth subdomain?

@mark-robustelli Ignore my last post. I managed to do it. Full code incase someone else wants to use this:

#google-login-button{
  background-color: white;
  border: 1px solid #c5c8ca;
}

.login-button-container .login-button.google .text {
    color: black;
}

@mark-robustelli That seems to do the trick. Since I want the background white, I need the text black but I can't seem to get it to work. I'm no expert with CSS but it seems setting the color property on the google-login-button style doesn't do it. Digging deeper into the browser html it looks like the class "text" on the div inside the button is controlling the color.

I've come across the same issue. FusionAuth and my webhook endpoint are both on the same network (docker compose). I've tried setting the webhook URL to the container name (invoicing.api) with the corresponding port, https://invoicing.api:5001. The call never reaches my api. Testing through Postman or Swagger which are running on the same machine but outside the docker network works fine using https://localhost:5001/fusionauthwebhook.

I came across a similar issue with FusionAuth and my web app authority URL not working when using the container name in the URL, but this was solved by using the local machine IP in it's place. That doesn't seem to work for webhooks. Using the local machine IP in the webhook URL, i.e. https://192.168.0.110:5001/fusionauthwebhook, didn't solve it.

Maybe I'm missing something obvious, but I can't seem to adjust any of the button properties for the Google login button.

Having followed the documentation to setup my Google client Id and secret, everything is working great, but in the Option section it gives you a link to Google's documentation where you can see the possible values to use for the Button properties.

By default, the Theme in FusionAuth is set to 'outline'. This can be seen on Identity Providers > Google > Options.

In the Google documentation the outline theme has a white background.

Yet my app is using the 'filled_blue' theme.

By the way, when trying to change any other setting in the Button properties, the button is unaffected. Not sure what is going on.

@mark-robustelli So I managed to solve it finally. I ended up setting a reverse proxy in Azure App service. This is my Nginx server config:

server {
  listen 0.0.0.0:80;
  # this is the proxy host
  server_name auth.mydomain.com;

  location / {
      proxy_set_header        Host $proxy_host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        X-Forwarded-Port '443';
      proxy_set_header        X-Forwarded-Host auth.mydomain.com;
     
      # this is the server FusionAuth is hosted on
      proxy_pass https://mydomain.azurewebsites.net/;
  }
}

So there's two points to keep in mind.

1. Azure App Service HTTPS requests don't enter the container. They are terminated at the front end. So we need to configure Nginx to listen on port 80 and not 443. Also seems like we don't need to setup any of our own certificates.

2. All the sample FusionAuth reverse proxy configurations posted on the FusionAuth github seem to be for reverse proxies hosted on the same server as the FusionAuth instance. In my case I am proxying to a different server so I needed to set a proxy header "Host $proxy_host;" instead of "Host $host;".

I hope this will be helpful for somebody else trying to set this up in Azure.

@mark-robustelli Just an FYI I opened a ticket with Azure support so I'll post back here when I have some updates.

@mark-robustelli After a bit more research, it looks like Fusionauth with HTTPS enabled won't be able to work in Azure:

https://stackoverflow.com/questions/66806085/azure-app-service-for-containers-is-forwarding-https-requests-as-http-to-my-cont

I think I have no choice but to use a reverse proxy. I'll focus my attention on that now.

@mark-robustelli that thread is from 2020, and my understanding is that the new https properties were added in early 2023. So indeed using a proxy was the only way before but I don't see why using the new https properties shouldn't be a good route now.

In any case I also tried going the reverse proxy route by following some of the sample nginx configurations on the fusionauth github and I feel I was really close to getting it to work but not quite. I was getting some redirect errors. I may put more time into getting that to work instead of this route we've been trying.

I did not try kubernetes. I think it may be overkill. I may try using an apache server for the proxy and copying that code from your link. I struggled with nginx.

@robotdan does this mean a proxy is not required anymore? I've been trying to configure the new https properties without success.

@mark-robustelli Seems I didn't restart my container properly the first time. I did that again and I'm seeing some new errors in the docker logs regarding SSL.

So I think now the container is indeed listening on 443 since adding the new environmental variable WEBSITES_PORT, but something else is going wrong now. I need to look into what this error means:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

@mark-robustelli So you would need to either set the four environmental variables in Azure, or set the four properties in the .properties file. I chose the latter in the end.

@mark-robustelli Good catch, yes I see that too in my logs. I did a search and you can update the port that the container is listening on by adding an environmental variable WEBSITES_PORT.

After doing that and restarting the container, I can see in the log that port it is using 443 now.

But still I'm getting the same proxy warning in the dashboard But I think we're really close to figuring this out. It would be good to get the thoughts of Fusionauth engineer on this matter.

Btw I'm not sure if in your configuration you also setup the certificate environmental variables. I think in order to enable https, you need to set the port as well as the certificate files or the contents of the files.

@mark-robustelli Yeah seems like I'm getting closer but not sure what else to try regarding enabling HTTPS. Everything seems ok from my setup. I can't see any logs in Azure about incoming requests. I can only see startup logs.

So I made a bit more progress but it's disappointing news.

I managed to get the certificates to work correctly. I needed to convert the .pem private certificate to PKCS8. After doing that I don't get any error in the log when Fusionauth initializes, and I'm able to log into the dashboard unlike before, but disappointingly I'm still seeing the same Proxy Configuration Warning at the top of the page. I thought that using the inbuilt TLS listener would bypass the need for a proxy, or is that not correct? According to this request which has since been added, I'm given the impression that configuring HTTPS will bypass the need for a reverse proxy. Is there a way for me to confirm that the app is listening to https requests?

@mark-robustelli I came across a solution online. Changing the Authority in the webapp appsettings to the local machine IP address seemed to fix it.

"Authority": "http://10.1.20.69:9011",

I'm not sure I like this approach because my local IP probably isn't static. I would much rather localhost:9011 or fusionauth:9011 to work, but I don't understand networking enough to understand why they don't.

Anyway this issue will only be occurring in development so I can deal with it. In production each app will be hosted separately so using the public domain name as the authority should work.