Error: Failed to refresh authorization

Hello everyboy,

We are a very small team, and We are having a blast with youtrack so far.

But, we do have a recurring problem. Very often We do receive this error.

The funny thing is that, if We do refresh the page the error disappears, "Try again" does nothing, "Postpone" just closes the window.

Our setup:

Server side - Youtrack 2022.2.51283 as a docker container behind Traefik reverse proxy v2.8

Client side - Windows 10 , Microsoft Edge latest version

Any ideas?

Thank you for your attention

0
8 comments
Official comment

Hi!

I'm Sergey from the YouTrack team.

Thank you for contacting us. I'm happy to help you.

Firstly, regarding logouts, potential reasons and fixes — we have an article that covers a majority of the cases: https://youtrack-support.jetbrains.com/hc/en-us/articles/360000058770-I-keep-getting-logged-out-of-YouTrack

behind Traefik reverse proxy v2.8

One of the logout reasons is an incorrect proxy setup. We don't have any official documentation for Traefik, so I can't share specific instructions. However, I recommend taking a look at the following doc: https://www.jetbrains.com/help/youtrack/server/Reverse-Proxy-Configuration.html. Specifically, it provides details about headers and how to pass them correctly. You need to make sure that it's implemented in your reverse proxy config as well. Or just move to the reverse proxy server we have the instructions for and copy them as is, just replacing data with yours.

If any questions appear, please let me know.

Thank you very much Sergey, I did infact missed some of the details when I was configuring Traefik.

I will try to implement it all and get back to you with what was wrong in my configuration, for the sake of shared knowledge.

 

Giacomo

0

Sure, thanks! 

And if any questions appear, feel free to ask. 

0

So I think I figured it out.

I am testing the setup right now, but the mentioned authorization error is gone, and browsing it's way faster.

 

I assume that who is reading this is somewhat familiar with Traefik version2 and above.

Here is what I've done.

I do have global http to https redirection so you won't see a label specifing that aspect, anyway, theese are my youtrack labels:

      - "traefik.enable=true"
      - "traefik.http.routers.youtrack.rule=Host(`youtrack.domain.com`)"
      - "traefik.http.routers.youtrack.tls=true"
      - "traefik.http.routers.youtrack.middlewares=customHeaders@file"
      - "traefik.http.services.youtrack.loadbalancer.server.port=8080"
 
You see that "customHeaders@file" in the middlewares declaration for the youtrack router, it is defined in the dynamic.yml configuration file.
This is the bit about customHeaders in the dynamic.yml :
 
customHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        customFrameOptionsValue: "SAMEORIGIN"
        customRequestHeaders:
          X-Forwarded-Proto: "https"
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000
 
This took me a lot of time to figure it out, since Traefik it's very powerfull but it's documentation, imho, it's not very clear and lacks a lot of real world examples, leaving you with a set of options but it's unclear how to really use them.
 
Anyway
Thank you again Sergey.
 
0

Thanks for the update. Happy to hear that you've resolved the issue! 

0

Hello together,
sorry for reusing this thread.
I also try so setup a self hosted youtrack behind traefik.
But for some reason I don't get this to work.
At the dashboard of traefik I can see the route briefly, but then it just disappears.
The certificate has been created succesfully.
But if I access the page, I do get a 404 error.

This is my docker-compose of youtrack:
version: “3”
services:
    youtrack:

    image: jetbrains/youtrack:2023.3.22912

    restart: always

    volumes:

      - ./data:/opt/youtrack/data

      - ./conf:/opt/youtrack/conf

      - ./logs:/opt/youtrack/logs

      - ./backups:/opt/youtrack/backups

    labels:

      - "traefik.enable=true"

      - "traefik.http.routers.youtrack.rule=Host(`<url>`)"

      - "traefik.http.routers.youtrack.tls=true"

      - "traefik.http.services.youtrack.loadbalancer.server.port=8080"

    networks:

      - traefik_web

 

networks:

  traefik_web:

    external: true
 

I don't know how to setup the dynamic settings as described above, but as the site above was running without these settings,
I thought I can omit them in the first place.

I finally found out, that the youtrack container starts and fails 1 second later (as I see with docker ps).
Unfortunately the log directory is empty.
I'm running docker in rootless mode and this works, because traefik is running without problems.

Greetings,
Stephan

0

Hello,

the description indicates an issue with the infrastructure setup rather than the YouTrack app itself, as the app doesn't even register any logs. Unfortunately, we don't have instructions for traefik configuration nor expertise with setting it up. So I may suggest seeking help on specialized forums where you can ask questions about how you can set up your infrastructure correctly. On this forum, we are happy to help with questions and issues related to YouTrack itself, as we have expertise with it. 

0

Hello,

I have now tried to start the container directly from the command line.

docker run -it --name Youtrack-SF1 -v /home/sf-admin/youtrack/data:/opt/youtrack/data -v /home/sf-admin/youtrack/conf:/opt/youtrack/conf -v /home/sf-admin/youtrack/logs:/opt/youtrack/logs -v /home/sf-admin/youtrack/backups:/opt/youtrack/backups -p 8080:8080 --user 13001:13001 jetbrains/youtrack:2023.1.17429

Config directory is not writable: /opt/youtrack/conf

My directories are

drwxr-x---  2    13001    13001 4096 Jan 10 19:58 backups/

drwxr-x---  2    13001    13001 4096 Jan 10 19:58 conf/

drwxr-x---  2    13001    13001 4096 Jan 10 19:58 data/

drwxr-x---  2    13001    13001 4096 Jan 10 19:58 logs/

What is wrong with this?
The same happens when I start the container without the --user parameter.

Wenn I start the container without setting the directories, it starts without problems

docker run -it --name Youtrack-SF3 -p 8080:8080 jetbrains/youtrack:2023.1.17429

=== WARNING! WARNING! WARNING! ========================================================================== (start warning)

Non-anonymous volume should has been mapped to folder /opt/youtrack/conf inside container in non-demo environment.

(as well as non-anonymous volumes to directories /opt/youtrack/data, /opt/youtrack/logs and /opt/youtrack/backups)………

I'm running on Ubuntu 22.04 LTS with a rootless docker setting.

What can I do?

Greetings,
Stephan

0

Please sign in to leave a comment.