TTN3 Webconsole - wrong redirect when pressing login button

Hello, everyone,

Thanks to the help of the forum I was able to install TTN 3 (with self-signed certificates). Unfortunately I still have a small problem which I cannot solve. The problem is as soon as I open the web console in my browser (at https://mydomain.com/console) and I press the login button I am automatically redirected to http://localhost:1885. If I change the URL manually it is possible for me to log in to the system and work with it normally. Nevertheless I would like to avoid having to change the URL manually. Does anybody have a hint how I could fix this error ?

You’re probably missing some config.

You could try printing the currently active config and find all options that still contain localhost:

ttn-lw-stack config | grep localhost

Then you can make sure that those options are properly set to mydomain.com instead of localhost.

Hi @htdvisser,

thanks for you reply. It seems like some configuration still points to localhost which is weird as in my config I use my domain:

docker-compose.yml

version: '3.7'
services:

  cockroach:
    image: cockroachdb/cockroach:latest
    command: start --http-port 26256 --insecure
    restart: unless-stopped
    volumes:
      - ${DEV_DATA_DIR:-.env/data}/cockroach:/cockroach/cockroach-data
    ports:
      - "127.0.0.1:26257:26257"
      - "127.0.0.1:26256:26256"

  redis:
    image: redis:latest
    command: redis-server --appendonly yes
    restart: unless-stopped
    volumes:
      - ${DEV_DATA_DIR:-.env/data}/redis:/data
    ports:
      - "127.0.0.1:6379:6379"

  stack:
    image: thethingsnetwork/lorawan-stack:latest
    entrypoint: ttn-lw-stack -c /config/ttn-lw-stack.yml
    command: start
    restart: unless-stopped
    depends_on:
      - redis
      - cockroach
    volumes:
      - ./blob:/srv/ttn-lorawan/public/blob
      - ./config/stack:/stack:ro
      - ./config:/config
    environment:
      TTN_LW_TLS_CERTIFICATE: /config/cert.pem
      TTN_LW_CA: /config/cert.pem
      TTN_LW_TLS_KEY: /config/key.pem

    ports:
      - "80:1885"
      - "443:8885"
      - "1881:1881"
      - "8881:8881"
      - "1882:1882"
      - "8882:8882"
      - "1883:1883"
      - "8883:8883"
      - "1884:1884"
      - "8884:8884"
      - "1885:1885"
      - "8885:8885"
      - "1887:1887"
      - "8887:8887"
      - "1700:1700/udp"

ttn-lw-stack.yml:
redis:
address: ‘redis:6379’

is:
  database-uri: 'postgres://root@cockroach:26257/ttn_lorawan?sslmode=disable'

  email:
    sender-name: 'The Things Stack'
    sender-address: 'noreply@mydomain.com'
    network:
      name: 'The Things Stack'
      console-url: 'https://mydomain.com/console'
      identity-server-url: https://mydomain.com//oauth'

  oauth:
    ui:
      canonical-url: 'https://mydomain.com/oauth'
      is:
        base-url: 'https://mydomain.com/api/v3'

http:
  cookie:
    block-key: '' # block key available in my file
    hash-key: '' # hash key available in my file
  metrics:
    password: '' # Password available in my original file
  pprof:
    password: '' # Password available in my original file

gs:
  mqtt:
    public-address: 'mydomain.com:1882'
    public-tls-address: 'mydomain.com:8882'
  mqtt-v2:
    public-address: 'mydomain.com:1881'
    public-tls-address: 'mydomain.com:8881'

gcs:
  basic-station:
    default:
      lns-uri: 'wss://mydomain.com:8887'
  the-things-gateway:
    default:
      mqtt-server: 'mqtts://mydomain.com:8881'

console:
  ui:
    canonical-url: 'https://mydomain.com/console'
    is:
      base-url: 'https://mydomain.com/api/v3'
    gs:
      base-url: 'https://mydomain.com/api/v3'
    ns:
      base-url: 'https://mydomain.com/api/v3'
    as:
      base-url: 'https://mydomain.com/api/v3'
    js:
      base-url: 'https://mydomain.com/api/v3'
    qrg:
      base-url: 'https://mydomain.com/api/v3'
    edtc:
      base-url: 'https://mydomain.com/api/v3'

  oauth:
    client-id: '' # In file an id has been specified
    client-secret: '' # In file an secret has been specified                 

The output of ttn-lw-stack config | grep localhost is as follows:

                                --as.mqtt.public-address="localhost:1883"
                            --as.mqtt.public-tls-address="localhost:8883"
                   --as.webhooks.downlink.public-address="http://localhost:1885/api/v3"
                           --console.oauth.authorize-url="http://localhost:1885/oauth/authorize"
                               --console.oauth.token-url="http://localhost:1885/oauth/token"
                                --console.ui.as.base-url="http://localhost:1885/api/v3"
                              --console.ui.canonical-url="http://localhost:1885/console"
                              --console.ui.edtc.base-url="http://localhost:1885/api/v3"
                                --console.ui.gs.base-url="http://localhost:1885/api/v3"
                                --console.ui.is.base-url="http://localhost:1885/api/v3"
                                --console.ui.js.base-url="http://localhost:1885/api/v3"
                                --console.ui.ns.base-url="http://localhost:1885/api/v3"
                               --console.ui.qrg.base-url="http://localhost:1885/api/v3"
                     --gcs.basic-station.default.lns-uri="wss://localhost:8887"
            --gcs.the-things-gateway.default.mqtt-server="mqtts://localhost:8881"
                             --gs.mqtt-v2.public-address="localhost:1881"
                         --gs.mqtt-v2.public-tls-address="localhost:8881"
                                --gs.mqtt.public-address="localhost:1882"
                            --gs.mqtt.public-tls-address="localhost:8882"
                          --is.email.network.console-url="http://localhost:1885/console"
                  --is.email.network.identity-server-url="http://localhost:1885/oauth"
                             --is.oauth.ui.canonical-url="http://localhost:1885/oauth"
                               --is.oauth.ui.is.base-url="http://localhost:1885/api/v3"

I found if you add the following to the env section of the docker-compose.yml it works properly:
> TTN_LW_CONSOLE_OAUTH_AUTHORIZE_URL: “http://your.domain.name:1885/oauth/authorize
> TTN_LW_CONSOLE_OAUTH_TOKEN_URL: “http://your.domain.name:1885/oauth/token
> TTN_LW_IS_OAUTH_UI_CANONICAL_URL: “http://your.domain.name:8080/oauth

Not sure if the last line is necessary, you may also be able to just put an IP address in there
cheers
H

Hey @hmilsom,

Thanks a lot that did the trick for me as well.

This topic was automatically closed after 30 days. New replies are no longer allowed.