https://datahubproject.io logo
Join Slack
Powered by
Hi all! I'm trying to setup a django application t...
# all-things-deployment
m
Hi all! I'm trying to setup a django application to serve as the OIDC provider for DataHub (using https://django-oidc-provider.readthedocs.io/en/latest/), with both applications running through the same docker-compose YML file. I'm allowing my django containers to be on the same docker network as DataHub. However, whenever I try to log into DataHub, the redirect to django fails. I tried allowing containers to access localhost for testing (by adding 
extra_hosts: "host.docker.internal:host-gateway"
to the containers and adding the localhost=host.docker.internal alias in my /etc/hosts) but the redirect still fails saying "Connection Refused". Any idea what I might be doing wrong? Alternatively, is there a better way of achieving the same thing? Here's what my frontend container looks like:
Copy code
datahub-frontend-react:
    container_name: datahub-frontend-react
    depends_on:
      - datahub-gms
    environment:
      - DATAHUB_GMS_HOST=datahub-gms
      - DATAHUB_GMS_PORT=8080
      - DATAHUB_SECRET=YouKnowNothing
      - DATAHUB_APP_VERSION=1.0
      - DATAHUB_PLAY_MEM_BUFFER_SIZE=10MB
      - JAVA_OPTS=-Xms512m -Xmx512m -Dhttp.port=9002 -Dconfig.file=datahub-frontend/conf/application.conf
        -Djava.security.auth.login.config=datahub-frontend/conf/jaas.conf -Dlogback.configurationFile=datahub-frontend/conf/logback.xml
        -Dlogback.debug=false -Dpidfile.path=/dev/null
      - KAFKA_BOOTSTRAP_SERVER=broker:29092
      - DATAHUB_TRACKING_TOPIC=DataHubUsageEvent_v1
      - ELASTIC_CLIENT_HOST=elasticsearch
      - ELASTIC_CLIENT_PORT=9200
      - AUTH_OIDC_ENABLED=true
      - AUTH_OIDC_CLIENT_ID=some-client-id
      - AUTH_OIDC_CLIENT_SECRET=some-client-secret
      - AUTH_OIDC_DISCOVERY_URI=<http://localhost:8000/openid/.well-known/openid-configuration/>
      - AUTH_OIDC_BASE_URL=<http://localhost:9002>
    hostname: datahub
    image: linkedin/datahub-frontend-react:${DATAHUB_VERSION:-head}
    ports:
      - 9002:9002
    extra_hosts:
      - "host.docker.internal:host-gateway"
And here's the error present in the docker logs:
Copy code
datahub-frontend-react    | 09:53:02 [application-akka.actor.default-dispatcher-22] ERROR application - 
datahub-frontend-react    | 
datahub-frontend-react    | ! @7mp05igbp - Internal server error, for (GET) [/authenticate?redirect_uri=%2F] ->
datahub-frontend-react    |  
datahub-frontend-react    | play.api.UnexpectedException: Unexpected exception[TechnicalException: java.net.ConnectException: Connection refused (Connection refused)]
n
hi! the problem is the AUTH_OIDC_DISCOVERY_URI and AUTH_OIDC_BASE_URL
for the frontend container, “localhost” is that same container, not the oidc container
so you have to give the django container a hostname and then plug that name into the configuration
m
hi Alberto, thanks for the prompt response! I already tried that earlier but faced an issue of "mismatching redirect_uri" even though the URI is the same on both ends
n
that is because when you are using the redirect url
you are on your host, not inside any container
one workaround is to add the container hostnames to your local dns /etc/hosts
something like
Copy code
127.0.0.1	django-container-hostname
but I dont know if there is a better way to do it
b
i'll rather use the ip address of the container directly, but it might change when you bring the entire docker network down and up
n
that’s another way to do so, yes
m
I tried your suggestions, added a hostname for the django container and added the container's IP to my host DNS. It still faces the mismatching URI issue. django container:
Copy code
django:
    build:
      context: .
      dockerfile: ./compose/local/django/Dockerfile
    image: dqt
    container_name: dqt
    hostname: dqt
    platform: linux/x86_64
    depends_on:
      - postgres
    volumes:
      - .:/app:z
    environment:
      - DJANGO_READ_DOT_ENV_FILE=true
    env_file:
      - ./.envs/.local/.django
      - ./.envs/.local/.postgres
    ports:
      - 8000:8000
    extra_hosts:
      - "host.docker.internal:host-gateway"
    command: /start
DataHub frontend container:
Copy code
datahub-frontend-react:
    container_name: datahub-frontend-react
    depends_on:
      - datahub-gms
    environment:
      - DATAHUB_GMS_HOST=datahub-gms
      - DATAHUB_GMS_PORT=8080
      - DATAHUB_SECRET=YouKnowNothing
      - DATAHUB_APP_VERSION=1.0
      - DATAHUB_PLAY_MEM_BUFFER_SIZE=10MB
      - JAVA_OPTS=-Xms512m -Xmx512m -Dhttp.port=9002 -Dconfig.file=datahub-frontend/conf/application.conf
        -Djava.security.auth.login.config=datahub-frontend/conf/jaas.conf -Dlogback.configurationFile=datahub-frontend/conf/logback.xml
        -Dlogback.debug=false -Dpidfile.path=/dev/null
      - KAFKA_BOOTSTRAP_SERVER=broker:29092
      - DATAHUB_TRACKING_TOPIC=DataHubUsageEvent_v1
      - ELASTIC_CLIENT_HOST=elasticsearch
      - ELASTIC_CLIENT_PORT=9200
      - AUTH_OIDC_ENABLED=true
      - AUTH_OIDC_CLIENT_ID=778948
      - AUTH_OIDC_CLIENT_SECRET=some-client-secret
      - AUTH_OIDC_DISCOVERY_URI=<http://dqt:8000/openid/.well-known/openid-configuration/>
      - AUTH_OIDC_BASE_URL=<http://localhost:9002>
    hostname: datahub
    image: linkedin/datahub-frontend-react:${DATAHUB_VERSION:-head}
    ports:
      - 9002:9002
    extra_hosts:
      - "host.docker.internal:host-gateway"
Host DNS:
Copy code
172.21.0.8      dqt
172.21.0.12     datahub
OIDC redirect_uri in django:
Copy code
<http://datahub:9002/callback/oidc/>
Is there something I'm missing? Sorry I'm new to this 😅
n
I had to debug a OIDC Issue recently 
SAML Tracer
chrome plugin was very helpful in debugging the requests. Try if it gives you a better insight
4 Views
Open in Slack
PreviousNext
Powered by