[BUG] <title>Can't Use Domain URL to Login Bookstack

[nakroy]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I use kubernetes deployments to deploy bookstack, and I set APP_URL as a domain name for https visit. But the problem is that after I use default username "admin@admin.com" and default password "password" to login. the problem occurs with error code like this:
419 Page Expired

Expected Behavior

user can succesfully login bookstack by domain name with https protocol

Steps To Reproduce

1. My deployments yaml file is set like this:

apiVersion: v1
kind: Service
metadata:
  name: bookstack
spec:
  selector:
    app: bookstack
  type: ClusterIP
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: bookstack-ingress
  annotations:
    cert-manager.io/cluster-issuer: "ca-cluster-issuer"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
  ingressClassName: "nginx"
  tls:
    - hosts:
        - my-bookstack.com
      secretName: bookstack-certs
  rules:
    - host: my-bookstack.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: bookstack
                port:
                  number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bookstack-pvc
  labels:
    app: bookstack
spec:
  storageClassName: nfs-fpt-storage
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 100Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bookstack
  namespace: bookstack
  labels:
    app: bookstack
spec:
  replicas: 1
  selector:
    matchLabels:
      app: bookstack
  template:
    metadata:
      labels:
        app: bookstack
    spec:
      containers:
        - name: bookstack
          image: linuxserver/bookstack:24.05.2
          ports:
            - name: http
              containerPort: 80
          envFrom:
          - configMapRef:
              name: bookstack-config
          resources:
            limits:
              cpu: "2"
              memory: "2Gi"
          volumeMounts:
          - name: bookstack-storage
            mountPath: /config
      volumes:
        - name: bookstack-storage
          persistentVolumeClaim:
            claimName: bookstack-pvc

I use cert-manager to create tls secret for ingress automatically.

The mariadb I use for deployments is:

apiVersion: v1
kind: Service
metadata:
  name: mariadb
  labels:
    app: bookstack
spec:
  ports:
    - port: 3306
      protocol: TCP
  selector:
    app: bookstack
    tier: mariadb
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: bookstack-db-pvc
  labels:
    app: bookstack
spec:
  storageClassName: nfs-fpt-storage
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 30Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: bookstack-db
  labels:
    app: bookstack
spec:
  selector:
    matchLabels:
      app: bookstack
      tier: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: bookstack
        tier: mariadb
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            preference:
              matchExpressions:
              - key: server-type
                operator: In
                values: 
                - database
      containers:
      - image: linuxserver/mariadb:10.11.8
        name: bookstack-mariadb
        env:
        - name: PUID
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: PUID
        - name: PGID
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: PGID
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_PASSWORD
        - name: MYSQL_DATABASE
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_DATABASE
        - name: MYSQL_USER
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_USERNAME
        - name: MYSQL_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: bookstack-config
              key: DB_PASSWORD
        ports:
        - containerPort: 3306
        volumeMounts:
        - name: bookstack-db-storage
          mountPath: /config
      volumes:
      - name: bookstack-db-storage
        persistentVolumeClaim:
          claimName: bookstack-db-pvc

And I use configMap for env variable:

apiVersion: v1
kind: ConfigMap
metadata:
  name: bookstack-config
data:
  PUID: "1000"
  PGID: "1000"
  DB_DATABASE: bookstack
  DB_HOST: mariadb
  DB_PORT: "3306"
  DB_PASSWORD: "bookstack123"
  DB_USERNAME: "admin"
  APP_URL: "https://my-bookstack.com"
  APP_KEY: "base64:xxxxxx"
 

2. I deploy the resources, and use URL https://my-bookstack.com to visit the website, and after I use default user and password for logging, it returns an error code with a page like this:
   

3. It's all fine if I use LoadBalancer type of Service and set up a static IP, such as 192.168.1.2, and change APP_URL=http://192.168.1.2, but this is under HTTP protocol which is not safe and can't use domain URL to visit.

Environment

- OS: Ubuntu 22.04
- How docker service was installed: use deployments yaml file in Kubernetes

CPU architecture

x86-64

Docker creation

The creation file is mentioned above with deployments yalm file.

Container logs

No error log in pod

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[nakroy]

Another question I want to ask is that is this docker image supporting multi replicas?

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[drizuid]

We do not test or support kubernetes. I am unable to reproduce this issue using docker, which is our supported platform. You're welcome to join our discord and seek best-effort help in #other-support, but we do not entertain out of scope support requests via github.