Endre | Blackr4t
Endre | Blackr4t•13mo ago

Configure Origin domain from Login Typescript application to Zitadel

How does the NextJS application determine what domain to send to Zitadel? As far as I can see it's not grabbint the Host header value of the incoming http request and forwarding that but the hostname of the Kubernetes Pod in k8s instead 
unable to set instance using origin &{id.foo.com login-ui-7c68c56964-gt42d:3000 https} (ExternalDomain is id.foo.com): ID=QUERY-1kIjX Message=Instance not found. Make sure you got the domain right. Check out https://zitadel.com/docs/apis/introduction#domains
unable to set instance using origin &{id.foo.com login-ui-7c68c56964-gt42d:3000 https} (ExternalDomain is id.foo.com): ID=QUERY-1kIjX Message=Instance not found. Make sure you got the domain right. Check out https://zitadel.com/docs/apis/introduction#domains
10 Replies
FFO
FFO•13mo ago
I guess you are talking about the new login page, right? Of the top of my head I would say it sends the configured domain from the app.
Endre | Blackr4t
Endre | Blackr4tOP•13mo ago
Yes indeed @FFO @FFO 
zitadel-f866f477d-dpmkk zitadel time="2024-09-19T22:09:54Z" level=error msg="unable to set instance" caller="/home/runner/work/zitadel/zitadel/internal/api/http/middleware/instance_interceptor.go:58" error="unable to get instance by host: instanceHost id.foo.com, publicHost login-ui-7c68c56964-gt42d:3000: ID=QUERY-1kIjX Message=Errors.IAM.NotFound" externalDomain=id.foo.com origin="https://login-ui-7c68c56964-gt42d:3000"
zitadel-f866f477d-dpmkk zitadel time="2024-09-19T22:09:54Z" level=error msg="unable to set instance" caller="/home/runner/work/zitadel/zitadel/internal/api/http/middleware/instance_interceptor.go:58" error="unable to get instance by host: instanceHost id.foo.com, publicHost login-ui-7c68c56964-gt42d:3000: ID=QUERY-1kIjX Message=Errors.IAM.NotFound" externalDomain=id.foo.com origin="https://login-ui-7c68c56964-gt42d:3000"
Unknown User
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Endre | Blackr4t
Endre | Blackr4tOP•13mo ago
@Erik I've added a Trusted Domain that I've already added to my instance though
FFO
FFO•13mo ago
Can you share the way you configured the login?
Endre | Blackr4t
Endre | Blackr4tOP•13mo ago
The Login UI / ts you mean ? 🤔 @FFO 
            - name: NEXT_HOSTNAME
              value: login.foo.com
            - name: ZITADEL_API_URL
              value: https://id.foo.com
            - name: ZITADEL_ORG_ID
              value: "xx"
            - name: ZITADEL_SERVICE_USER_TOKEN
              valueFrom:
                secretKeyRef:
                  name: login-ui-token
                  key: token
            - name: NEXT_HOSTNAME
              value: login.foo.com
            - name: ZITADEL_API_URL
              value: https://id.foo.com
            - name: ZITADEL_ORG_ID
              value: "xx"
            - name: ZITADEL_SERVICE_USER_TOKEN
              valueFrom:
                secretKeyRef:
                  name: login-ui-token
                  key: token
FFO
FFO•13mo ago
Yeah that is what i meant. To me it looks like your login ui sends the host login-ui-7c68c56964-gt42d:3000 to the api. @peintnermax do we already have docs around how we handle host headers, or how to configure that correctly?
Endre | Blackr4t
Endre | Blackr4tOP•13mo ago
Any idea on this would be a major help1 @FFO or @peintnermax ? 🤔 @FFO @peintnermax kind reminder! I'd be happy to help document it if it is missing 🙂
adlerhurst
adlerhurst•13mo ago
Hi Endre, we will come back to you as soon as possible
Endre | Blackr4t
Endre | Blackr4tOP•13mo ago
@adlerhurst afaik it seems that you already use X-Forwarded-Host ? :thonk:

Did you find this page helpful?