We upgraded to version 2.2.0, we are aware that this one is a beta.
We have a setup, where a loadbalancer monitoring.example.com is forwarding traffic to the check-mk instance, to internal ip (docker container).
Since version 2.2.0 we are unable to login through the load balancer anymore. Login is only possible through the internal instance IP.
Problem:
After entering the credentials in the login screen:
Looking at the chrome dev console, it seems the post request is going well to the login.py, its redirecting with 302 to the login.py.
No error message, nothing, just not logged in afterwards.
Compare the http headers of a working login attempt with a failed attempt.
I guess some security related headers are now stricter.
Also compare the Cookies, perhaps there is a domain or path mismatch. Something in that direction. Might be that the LB has to append/alter headers to make it work.
Updated to 2.2.0 release. Same issue. MULTISITE seems enabled.
No other changes were made…
# grep "MULTISITE" etc/ -r
etc/dokuwiki/cookie_auth.php:// Created by OMD hook MULTISITE_COOKIE_AUTH
etc/omd/site.conf:CONFIG_MULTISITE_AUTHORISATION='on'
etc/omd/site.conf:CONFIG_MULTISITE_COOKIE_AUTH='on'
etc/pnp4nagios/config.d/cookie_auth.php:// Created by OMD hook MULTISITE_COOKIE_AUTH
checkmk 2.2 does not like the “authorization” header, stripping it after the auth on the load balancer, before forwarding the request to check-mk fixes the issue…
Sadly nothing mentioned in the changelog about that.