Unable to login to rundeck, fresh install

[TAYLOR HAMMERLING]

I am working on setting up rundeck on a test server using docker and docker-compose as a proof of concept.  The containers all start up fine, but when I try to log in to the web gui, I just get a spinning circle below the password box, and eventually everything stops responding (IE, if I refresh the page I get an error that the server refused the connection).  If I then `docker-compose down && docker-compose up` I can load the login page again.

Below are my docker-compose.yml, rundeck-config.properties and framework.properties

Any help you can provide would be extremely appreciated!

----------

Taylor Hammerling

WEI/GLBRC IS Support & Operations Manager

✉ thamm...@wisc.edu

☎ +1-608-890-1780

♂ preferred pronouns: he/him/his

♬ https://open.spotify.com/user/snarfsmojo/playlists

--------------------docker-compose.yml---------------------

version: '3'

services:
    rundeck:
        image: rundeck/rundeck:3.4.10
        #
        # adding in the container_name makes it possible to 'docker exec -it %containername% /bin/bash'
        # into the container, which gives you shell access
        container_name: rundeck
        ports:
          - '4440:4440'
        links:
          - mysql
        tty: true
        environment:
            RUNDECK_GRAILS_URL: http://rundeck-1.example.org
     
            #RUNDECK_SERVER_ADDRESS: rundeck-1.example.org
            #    When I set the rundeck server address I get a port already in use error for port 4440
            RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver
            RUNDECK_DATABASE_USERNAME: rundeck
            RUNDECK_DATABASE_PASSWORD: rundeck
            RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
        volumes:
          - ./data:/home/rundeck/server/data
    mysql:
        image: mysql:5.7
        expose:
          - 3306
        environment:
          - MYSQL_ROOT_PASSWORD=root
          - MYSQL_DATABASE=rundeck
          - MYSQL_USER=rundeck
          - MYSQL_PASSWORD=rundeck
        volumes:
          - ./mysql:/var/lib/mysql

--------------------------------------------------------------

----------------rundeck-config.properties---------------------

#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
rdeck.base=/home/rundeck

#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
rss.enabled=false

# Bind address and server URL
server.address=0.0.0.0

server.servlet.context-path=/
grails.serverURL=http://rundeck-1.example.org
rundeck.multiURL.enabled=false

server.servlet.session.timeout=3600

dataSource.url = jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
dataSource.username = rundeck
dataSource.password = rundeck
    dataSource.driverClassName = org.mariadb.jdbc.Driver

#Pre Auth mode settings
rundeck.security.authorization.preauthenticated.enabled=false
rundeck.security.authorization.preauthenticated.attributeName=REMOTE_USER_GROUPS
rundeck.security.authorization.preauthenticated.delimiter=,
# Header from which to obtain user name
rundeck.security.authorization.preauthenticated.userNameHeader=X-Forwarded-Uuid
# Header from which to obtain list of roles
rundeck.security.authorization.preauthenticated.userRolesHeader=X-Forwarded-Roles
# Redirect to upstream logout url
rundeck.security.authorization.preauthenticated.redirectLogout=false
rundeck.security.authorization.preauthenticated.redirectUrl=/oauth2/sign_in
# user sync
rundeck.security.authorization.preauthenticated.userSyncEnabled=false
rundeck.security.authorization.preauthenticated.userFirstNameHeader=X-Forwarded-User-FirstName
rundeck.security.authorization.preauthenticated.userLastNameHeader=X-Forwarded-User-LastName
rundeck.security.authorization.preauthenticated.userEmailHeader=X-Forwarded-User-Email

rundeck.api.tokens.duration.max=30d

rundeck.log4j.config.file=/home/rundeck/server/config/log4j.properties

rundeck.gui.startpage=projectHome

rundeck.clusterMode.enabled=true

rundeck.security.httpHeaders.enabled=true

rundeck.security.httpHeaders.provider.xcto.enabled=true

rundeck.security.httpHeaders.provider.xxssp.enabled=true

rundeck.security.httpHeaders.provider.xfo.enabled=true

rundeck.security.httpHeaders.provider.csp.enabled=true

rundeck.security.httpHeaders.provider.csp.config.include-xcsp-header=false

rundeck.security.httpHeaders.provider.csp.config.include-xwkcsp-header=false

rundeck.storage.provider.1.type=db
rundeck.storage.provider.1.path=keys

rundeck.projectsStorageType=db

--------------------------------------------------------

--------------framework.properties----------------------

# framework.properties -
#

# ----------------------------------------------------------------
# Server connection information
# ----------------------------------------------------------------

framework.server.name = 8944d3974f86
framework.server.hostname = 8944d3974f86
framework.server.port = 4440
framework.server.url = http://rundeck-1.example.org

# ----------------------------------------------------------------
# Installation locations
# ----------------------------------------------------------------

rdeck.base=/home/rundeck

framework.projects.dir=/home/rundeck/projects
framework.etc.dir=/home/rundeck/etc
framework.var.dir=/home/rundeck/var
framework.tmp.dir=/home/rundeck/var/tmp
framework.logs.dir=/home/rundeck/var/logs
framework.libext.dir=/home/rundeck/libext


# ----------------------------------------------------------------
# SSH defaults for node executor and file copier
# ----------------------------------------------------------------

framework.ssh.keypath = /home/rundeck/.ssh/id_rsa
framework.ssh.user = rundeck

# ssh connection timeout after a specified number of milliseconds.
# "0" value means wait forever.
framework.ssh.timeout = 0

# ----------------------------------------------------------------
# System-wide global variables.
# ----------------------------------------------------------------

# Expands to ${globals.var1}
#framework.globals.var1 = value1

# Expands to ${globals.var2}
#framework.globals.var2 = value2
rundeck.server.uuid = a14bc3e6-75e8-4fe4-a90d-a16dcc976bf6

[Xavier Humbert]

Hi Taylor,

What web browser do you use ? AFAIK, Chrome is not supported

HTH,

Xavier

Le 3/4/22 22:35, 'TAYLOR HAMMERLING' via rundeck-discuss a écrit :

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/bf5b343a-6fa1-4831-812f-58d42f64a9fan%40googlegroups.com.

-- 
Xavier Humbert
CRT Supervision et Exploitation de Niveau 1
Rectorat de Nancy-Metz
03 83 86 27 39

[TAYLOR J HAMMERLING]

Xavier, thanks for the reply!  Unfortunately I am seeing this behavior on all of the browsers I have tested.  Chrome, Edge, IE, Safari, Firefox

 

I think I have found a temporary solution, but it’s not ideal (as I know when I am ready to put this behind our haproxy it will break again)

 

In the docker-compose.yml file I changed the RUNDECK_GRAILS_URL from

RUNDECK_GRAILS_URL: http://rundeck-1.glbrc.org

to

RUNDECK_GRAILS_URL: http://rundeck-1.glbrc.org:4440

 

And then added in

RUNDECK_SECURITY_HTTPHEADERS_ENABLED: 0

 

And now everything appears to be working.

 

Would anybody be able to explain to me (or point me toward a good resource to read) what “RUNDECK_SECURITY_HTTPHEADERS_ENABLED” does, and why disabling made my logins work?

 

Thanks again, this group is fantastic!

 

Taylor

To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/b9bf32ff-ac65-7e26-0481-09f8f3b1efe7%40ac-nancy-metz.fr.

[Russell Jones]

Just wanted to say thank you for following up with the fix - I had the exact same problem and your above solution fixed it for me as well.