Failed to verify certificate of reverse proxy in front of kanidm (OIDC) #3063
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hello,
I am hosting kanidm and miniflux behind an nginx reverse proxy with a DIY certificate chain (Root CA, Signing CA, TLS certificate)
I am trying to setup OIDC with kanidm and I am getting an error that it fails to verify the certificate for kanidm.example.internal (The URL of kanidm service) when I try to
Sign in with OpenID Connect.level=ERROR msg=Failed to initialize OIDC provider error=oidc: failed to initialize provider "https://kanidm.example.internal/oauth2/openid/miniflux": Get "https://kanidm.example.internal/oauth2/openid/miniflux/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority level=ERROR msg=Unable to initialize OAuth2 provider provider=oidc error=oauth2 provider not foundI browsed the issues and found a few relevant ones where the feed can't be verified but in my case it is the redirect link to the reverse proxy. In the case where the feed can't be verified you can disable the verification IIRC.
I can see 2 possible solutions:
Redirect link goes straight from miniflux to kanidm without the reverse proxy URL. However, I tried this by using the docker container name or the docker container IP address and I couldn't get it to work. Got connection refused errors but maybe I didn't do it right.
Add the root CA to the miniflux container.
I don't know for sure how to do this without having to change the Dockerfile and I would appreciate if someone can show me where I should add the certificate and how I can update the trust by running something such as:
update-ca-certificate.Docker container IP's
User can access kanidm and miniflux.
kanidm can redirect to miniflux
Any other options and help appreciated.
Happy new year.
The text was updated successfully, but these errors were encountered: