Cannot login anymore after switch to OIDC in latest update

Hello, it is still not working. Is there a step by step guide for OIDC in Bookstack? We are using a wildcard certificate.
We have internal DNS entries for my.domain.de and bookstack.domain.de. The addresses aren't reachable from the internet. The error is the "OIDC Discovery Error" as shown above.

The first steps are working. I get this error when trying the curl command. I am in vacation for the next week. I will text you afterwards.

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@b2c17152-3055-4792-bf0a-5d814fe31739:/app/code#

@girish
I changed my unbound config. I restarted the unbound service. Still get this error when trying to login.

@girish In our environment everything ist working fine now.

@girish
a) yes
b) same error as in the 4th post. See above.
c) it is not self signed. Its from geotrust.

We had the same problem in our environment. It was an misconfiguration of our reverse proxy (from the firewall).
In the environment of the customer the dashboards are note accessible from the internet. In that case the traffic does not run over the reverse proxy. The connection is established locally.

Hello,

Now, I have the same problem at a customer. Cloudron and bookstack are not accessible from the internet. It is used only internal. I created a custom.conf for the unbound dns. But it is still not working. How do I have to configure the dns setting that OpenID Connect is working? We use a wildcard certificate.

Hello, we solved the problem. It was a wrong configuration in our firewall.

We are using an Securepoint firewall with integrated reverse proxy. I will talk to the support.

Where can I change the dns settings? I would like to resolve the local address for my.<your cloudron domain>. I want to bypass my firewall. Maybe it should work then.

@nebulon It isnt even reachable from a local system, which uses the local address for my.<your cloudron domain>. The webinterface is still reachable. Do I have to set the well known location as I asked before?

@nebulon It returns the public IP address. The system is behind a reverse proxy. The webinterface is reachable over the internet. Should I be able to open https://my.<your cloudron domain>/.well-known/openid-configuration from a browser?
I only get a server error.

@nebulon said in Cannot login anymore after switch to OIDC in latest update:

curl -v https://my.<your cloudron domain>/.well-known/openid-configuration

I cannot reach this URL. Not from bookstack and not from any other sytem.
Do I have to configure something under Domain & Certs before?

Hello,

after updating to 1.32.0 we are not able to log in anymore.
We get this error.

What should we do? I have checked the configs and it seems like oidc is configured correctly.
I have rolled back to version 1.31.2. Now, we can work again.