Bug: GeoServer GeoNode oauth not correctly configured

[AlexGacon]

Bug Description

When deploying geonode-k8s on my Azure K8s with an external domain, the integration between geonode and geoserver does not work correctly (the upload of data does not complete and layers cannot be displayed on preview and on map).

The configuration of the GeoNode oauth services in GeoServer always points to a 8000 port, even when an external domain is defined. Thus some endpoints point to a URL like http://my_nice_domain:8000 which is not allowed by the external domain.

Reproduction Steps

Behavior

At GeoServer level, the GEONODE_LB_PORT env variable must be set (setting it in the K8s deployment object solves the issue).

Two options:

• Either make a specific configuration point for the GeoServer tier
• Or put 443 if eq .Values.geonode.general.externalScheme "https" and 80 otherwise

Additional Information

Any additional information or context that may be helpful in resolving the bug.

[ridoo]

@AlexGacon Are you sure the error you got is related a missing GEONODE_LB_HOST_PORT configuration? I mean, that variable does not exist at all .. (you may relate to GEONODE_LB_PORT). Am I missing something essential here? Which property still contained the port 8000?

To what I see, configuration of the OAuth/GeoServer in the GeoNode setup is very confusing and error prone:

• Code resides in the geonode-project repository (which changed recently)
• Redundant URL variables (NGINX_BASE_URL, DOCKER_HOST_IP, GEONODE_LB_HOST_IP, .. ) which are composed by different other variables
• Messy code base, where sometimes port 80 and port 443 result in "port-less" URLs, but not always.

@mwallschlaeger I am hesitant to take over the dublication/redundancy parts from upstream here as long as we can. IMHO there is a lot to do on the upstream. What is your opinion on this issue?

[AlexGacon]

You're right, I mentionned the wrong variable: the one I meant is GEONODE_LB_PORT. I changed the text of my issue.

[ridoo]

@AlexGacon the PR you linked set these wrong parameter as well (you fixed them there as well already). Could you please double check, if setting those (or not) really does make a change?

GEONODE_LB_PORT (if set) becomes PUBLIC_PORT which in turn is used to set the SUBSTITUTION_URL for setting GeoServer oauth config. For what I can see, setting 80 or 443 would end up in a URL without any port at all.

[mwallschlaeger]

I was spinning my head about this topic some time ago. As @ridoo already mentioned this is a topic under construction in for the next geonode release 4.2 . If your proposed fix is working for geonode 4.1.3 i would suggest to add it to geonode-k8s. But with the the upcomming geonode 4.2 there are new changes required as the geoserver image entrypoint changes.

[AlexGacon]

Setting just GEONODE_LB_PORT is not enough, since we end up with a GEONODE URL mixing http schema and 443 port.

As pointed by @ridoo, using SUBSTITUTION_URL is indeed a better way and make all works. I will update my PR this way.