Login does not work if Web UI is behind reverse proxy

[jacotec]

Describe the bug
I run the Defguard VM using my subdomain "vpn.mydomain.com". Port 443 can't be used as this is required on this VM for OpenVPN traffic, so I've changed the web UI of Defguard to use port 8443.

Access using "https://vpn.mydomain.com:8443" works without issues.

To access the UI with a "normal" URL without special port number, I've configured my HAPROXY reverse proxy for accessing the UI with "https://wireguard.mydomain.com".

Using "https://wireguard.mydomain.com" correctly serves the Defguard UI, but after entering the credentials the button "Sign in" does nothing.

The core container gives the error log message:

core-1 | 2024-08-21T14:19:02.222209Z ERROR http_request{method=GET path=/api/v1/info}: defguard::handlers: msg="Session is required"

In this case.

Expected behavior
I want to be able to run the Web UI behind a reverse proxy.

Version information

• Defguard Core version: v0.11.0
• Defguard Gateway version: No idea, latest and greatest Docker version
  • Operating system and version running the gateway: Ubuntu 22.04
• Your browser and version [e.g. chrome 99, safari] All browsers affected: Chrome, Edge, Firefox, Safari

[jacotec]

Looking at the network traffic in the browser dev tools it turns out that Defguard wants to set a cookie with the domain

vpn.mydomain.com

Although in the .ENV file I've added the line:

DEFGUARD_COOKIE_DOMAIN=wireguard.mydomain.com

Looks like the DEFGUARD_COOKIE_DOMAIN is not used here ...?!?

[jacotec]

If further turns out that the DEFGUARD_COOKIE_DOMAIN needs to be passed in the environment: section in the docker-compose file.

Adding the line

DEFGUARD_COOKIE_DOMAIN: ${DEFGUARD_COOKIE_DOMAIN}

under

core:
  environment:

in the docker-compose solves the issue.

I'm leaving this open as this is a potential issue with the setup script creating the docker-compose file.