Problem with zrok share public

zrok
1

I have got the same error.

Following this installation video (https://www.youtube.com/watch?v=870A5dke_u4&t=919s) exactly, but using candy as reverse server. I'm getting the same error.

I have successfully zrok enable on the client, but after running

zrok share public --headless -v -b web $PWD

the error is reported as follows:

[ 0.287] INFO main.(*sharePublicCommand).run: access your zrok share at the following endpoints.
 https://wcnlhye0j0pi.example.com
[ 0.295] DEBUG sdk-golang/ziti.(*ContextImpl).authenticate: attempting to authenticate
[ 0.644] ERROR main.(*sharePublicCommand).run.func3: error running http web backend: loading new config: http app module: start: listening on zrok/ wcnlhye0j0pi:0: failed to listen: no apiSession, authentication attempt failed: Get "https://ziti.example.com:8441/oidc/authorize?client_id= native&code_challenge=_EiroaDPPRMOlx_Q4OfbB_qUqbl1NsQOoZT6SmjAFTg&code_challenge_method=S256&method=cert&prompt=Welcome+back%21& redirect_uri=http%3A%2F%2F127.0.0.1%3A57316%2Fauth%2Fcallback&response_type=code&scope=openid+offline_access&state=a5851b06-0eca- 432f-acb9-c80b4964fb2d": redirect is not allowed as per DomainCheckRedirectPolicy
  • Where the domain name has been replaced with example.com.
  • oauth is not enabled
2

Hi @torworx, welcome to the community and to zrok! I've not tried OAuth on my own zrok instance to date, but I can give it a try to see if I can get it working. Are you looking to see this working with any provider at all or a certain provider?

3

@TheLumberjack I am not using oauth. Just try to use

zrok share

as normal according to the self-hosting tutorial.

4

Ah - if you don't mind then I'll move these last few posts into a new thread and try to help there...

5

Can you report what version of zrok are you using? Thanks

6

I think this is an issue a bug with versions 4.22+. Can you download and try versoin 4.20? I verified that version works with public shares

7

@TheLumberjack

Thank you very much for your positive response.

I installed the latest version of ziti before, I will try version 4.20 later.

Thanks again.

8

just confirming... zrok -- not ziti :slight_smile: oh and i meant 0.4.20 Release v0.4.20 · openziti/zrok · GitHub

9

Recent versions of ziti added an endpoint that's causing this issue. The fix for the ziti environment is merged. You have a few options, ranked in the order that I think makes most sense:

  1. open the controller yaml file (probably at $HOME/.ziti/quickstart/$(hostname)/$(hostname).yaml), go to the bottom of the file, remove or comment out these lines and use zrok 0.4.26 without a problem:

          - binding: edge-oidc
        options: { }

  2. use zrok 0.4.20 for now

  3. wait for a new ziti release and use that release

  4. use an older version of ziti (this is harder to do and i'd recommend you just do one of the above)

10

@TheLumberjack OK, got it.

11

@TheLumberjack You are my savior. I have verified that modifying $HOME/.ziti/quickstart/$(hostname)/$(hostname).yaml according to the first method you mentioned above works.

1 Like