Permission to add GoogleDrive to WorkplaceSearch

It's tough for me to tell if that's a Google oauth error or a Workplace Search error. Do you receive this error during the oauth step with Google, or while you're still in Workplace Search? It's possible Google oauth doesn't allow IP addresses for redirect_uri values, and instead wants a hostname.

Did Google cloud console let you enter just an IP address as a redirect URI? The docs describe this at step 12 here.

Do you receive this error during the oauth step with Google, or while you're still in Workplace Search?

The timing of the error is when I click "Connect GoogleDrive" in WorkplaceSearch, but the message is so abstract that I don't really know how to deal with it.

It's possible Google oauth doesn't allow IP addresses for redirect_uri values, and instead wants a hostname.

You are right about this.
The documentation said Unsecured, but IP addresses were explicitly not allowed to be entered.
Hence, I am using NGINX reverse proxy to specify the hostname.

Did Google cloud console let you enter just an IP address as a redirect URI?

I am also referring to that document.
However, there seems to be a big gap between "Step 3" and "Step 4" of "Connecting Google Drive to Workplace Search".

Does your ent_search.external_url config value in config/enterprise-search.yml match the hostname you're using? I'm now confident Google's developer console wont allow raw IP addresses as you mention. I'm wondering if your Enterprise Search configuration isn't properly using your hostname, such that it still presents a raw IP address to Google Drive's oauth flow when attempting to create the connection.

Does your ent_search.external_url config value in config/enterprise-search.yml match the hostname you're using?

It is my belief that they probably match.

I am using NGINX reverse proxy to assign the URL.
Specifically, I have the following settings.

$ vi /etc/nginx/conf.d/ssl.conf
server {
    listen       443 ssl;
    server_name  MY_SERVER;

... snip ...
    location /kibana/ {
        proxy_pass   http://127.0.0.1:5601/;
    }

    location /workplacesearch/ {
        proxy_pass   http://127.0.0.1:3002/;
    }
... snip ...
}
$ vi /usr/share/enterprise-search/config/enterprise-search.yml
... snip ...
ent_search.external_url: https://MY_SERVER/workplacesearch
... snip ...

I'm wondering if your Enterprise Search configuration isn't properly using your hostname, such that it still presents a raw IP address to Google Drive's oauth flow when attempting to create the connection.

Is there anything else that needs to be configured?

Is it possible that the ent_search.external_url in my enterprise-search.yml is not well written?

I have seen the following error message.

$ /usr/share/enterprise-search//bin/enterprise-search reload
Found java executable in PATH
Java version detected: 1.8.0_282 (major version: 8)
Enterprise Search is starting...

--------------------------------------------------------------------------------

Invalid config file (/usr/share/enterprise-search/config/enterprise-search.yml):
The setting '#/ent_search/external_url' cannot have a path: 'https://MY_SERVER/workplacesearch'

--------------------------------------------------------------------------------

That setting can't contain a url path. It needs to be just https://MY_SERVER. It can also include a port.

Thanks for the advice.

Do you suggest me to write the following ?

$ vi /usr/share/enterprise-search/config/enterprise-search.yml
... snip ...
ent_search.external_url: https://MY_SERVER/
... snip ...

It seemed to work, but at the end I get the following error
What does this mean? What else am I missing?

$ /usr/share/enterprise-search/bin/enterprise-search reload
... snip ...
Error: Failed to bind to /MY_SERVER:3002 at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(org/eclipse/jetty/server/ServerConnector.java:349)
        org.eclipse.jetty.server.ServerConnector.open(org/eclipse/jetty/server/ServerConnector.java:310)
        org.eclipse.jetty.server.AbstractNetworkConnector.doStart(org/eclipse/jetty/server/AbstractNetworkConnector.java:80)
        org.eclipse.jetty.server.ServerConnector.doStart(org/eclipse/jetty/server/ServerConnector.java:234)
        org.eclipse.jetty.util.component.AbstractLifeCycle.start(org/eclipse/jetty/util/component/AbstractLifeCycle.java:72)
        org.eclipse.jetty.server.Server.doStart(org/eclipse/jetty/server/Server.java:401)
        org.eclipse.jetty.util.component.AbstractLifeCycle.start(org/eclipse/jetty/util/component/AbstractLifeCycle.java:72)
        java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)
        org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:426)
        org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:293)
        RUBY.start(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/jetty_server.class:42)
        RUBY.start_application_server(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/app_server_command.class:61)
        RUBY.run(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/app_server_command.class:31)
        RUBY.run_and_exit(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/command.class:10)
        RUBY.run_supported_command(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:143)
        RUBY.run_command(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:125)
        RUBY.run!(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:112)
        bin.enterprise_minus_search_minus_internal.invokeOther11:run!(bin/enterprise-search-internal:15)
        bin.enterprise_minus_search_minus_internal.<main>(bin/enterprise-search-internal:15)
        java.lang.invoke.MethodHandle.invokeWithArguments(java/lang/invoke/MethodHandle.java:627)
        org.jruby.Ruby.runScript(org/jruby/Ruby.java:1205)
        org.jruby.Ruby.runNormally(org/jruby/Ruby.java:1128)
        org.jruby.Ruby.runNormally(org/jruby/Ruby.java:1146)
        org.jruby.Ruby.runFromMain(org/jruby/Ruby.java:958)
        org.jruby.Main.doRunFromMain(org/jruby/Main.java:412)
        org.jruby.Main.internalRun(org/jruby/Main.java:304)
        org.jruby.Main.run(org/jruby/Main.java:234)
        org.jruby.Main.main(org/jruby/Main.java:206)

Hi @its-ogawa,

I have a few questions for you.

First, are you really running bin/enterprise-search reload? That's not a command that I recognize for our executable - have you edited that file? Or is that a typo?

Second, I notice that this forum post has been going on for more than a week. We're happy to keep helping here, but do you have a support relationship with Elastic? If you're a paying customer, you may find that Elastic Support may be faster to help you work through this.

Third, the Failed to bind error may mean a number of things. It could mean that you already have something else running on port 3002 on your server. It could mean that you already have Enterprise Search up and running, and you need to stop/kill the running process before you try to start another one. Or it could mean that your server's network settings are such that processes are not allowed to bind to port 3002 at all. Might any of these apply?

Supporting Sean in what he said above. Also, it would be helpful to see how you rewrote that nginx ssl config file to get rid of the path in the workplace search URL? And could you make sure to provide the full stacktrace of the error?

@Sean_Story
Thank you for your answer.
Thank you in advance.

I will answer your question.

First, are you really running bin/enterprise-search reload? That's not a command that I recognize for our executable - have you edited that file? Or is that a typo?

I am getting the following output results with this command.

$ /usr/share/enterprise-search/bin/enterprise-search reload
Found java executable in PATH
Java version detected: 1.8.0_282 (major version: 8)
Enterprise Search is starting...
[2021-06-08T00:35:21.384+00:00][30889][2002][app-server][INFO]: Enterprise Search version=7.12.1, JRuby version=9.2.13.0, Ruby version=2.5.7, Rails version=4.2.11.3
[2021-06-08T00:35:21.393+00:00][30889][2002][app-server][INFO]: Performing pre-flight checks for Elasticsearch running on http://XXX.XXX.XXX.XXX:9200...
[2021-06-08T00:35:21.784+00:00][30889][2002][app-server][INFO]: [pre-flight] Successfully connected to Elasticsearch
[2021-06-08T00:35:21.816+00:00][30889][2002][app-server][INFO]: [pre-flight] Successfully loaded Elasticsearch plugin information for all nodes
[2021-06-08T00:35:21.846+00:00][30889][2002][app-server][INFO]: [pre-flight] Elasticsearch running with an active basic license
[2021-06-08T00:35:21.889+00:00][30889][2002][app-server][INFO]: [pre-flight] Elasticsearch API key service is enabled
[2021-06-08T00:35:21.891+00:00][30889][2002][app-server][INFO]: [pre-flight] ILM is enabled in Elasticsearch
[2021-06-08T00:35:21.893+00:00][30889][2002][app-server][INFO]: Elasticsearch looks healthy and configured correctly to run Enterprise Search
[2021-06-08T00:35:32.150+00:00][30889][2002][app-server][INFO]: [db_lock] [installation] Status: [Starting] Ensuring migrations tracking index exists
[2021-06-08T00:35:32.227+00:00][30889][2002][app-server][INFO]: [db_lock] [installation] Status: [Finished] Ensuring migrations tracking index exists
[2021-06-08T00:35:33.767+00:00][30889][2002][app-server][INFO]: Enterprise Search indices are ready
2021-06-08 09:35:35.068:INFO::main: Logging initialized @27552ms to org.eclipse.jetty.util.log.StdErrLog
[2021-06-08T00:35:35.301+00:00][30889][2002][app-server][INFO]: Starting HTTP server...
2021-06-08 09:35:35.309:INFO:oejs.Server:main: jetty-9.4.33.v20201020; built: 2020-10-20T23:39:24.803Z; git: 1be68755656cef678b79a2ef1c2ebbca99e25420; jvm 1.8.0_282-b08
2021-06-08 09:35:35.338:INFO:oejshC.ROOT:main: INFO: jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 25.282-b08 on 1.8.0_282-b08 +jit [linux-x86_64]
2021-06-08 09:35:35.339:INFO:oejshC.ROOT:main: INFO: using a shared (threadsafe!) runtime
[2021-06-08T00:35:40.906+00:00][30889][2150][app-server][INFO]: Enterprise Search version=7.12.1, JRuby version=9.2.13.0, Ruby version=2.5.7, Rails version=4.2.11.3
[2021-06-08T00:35:40.908+00:00][30889][2150][app-server][INFO]: Performing pre-flight checks for Elasticsearch running on http://XXX.XXX.XXX.XXX:9200...
[2021-06-08T00:35:41.194+00:00][30889][2150][app-server][INFO]: [pre-flight] Successfully connected to Elasticsearch
[2021-06-08T00:35:41.227+00:00][30889][2150][app-server][INFO]: [pre-flight] Successfully loaded Elasticsearch plugin information for all nodes
[2021-06-08T00:35:41.248+00:00][30889][2150][app-server][INFO]: [pre-flight] Elasticsearch running with an active basic license
[2021-06-08T00:35:41.300+00:00][30889][2150][app-server][INFO]: [pre-flight] Elasticsearch API key service is enabled
[2021-06-08T00:35:41.300+00:00][30889][2150][app-server][INFO]: [pre-flight] ILM is enabled in Elasticsearch
[2021-06-08T00:35:41.302+00:00][30889][2150][app-server][INFO]: Elasticsearch looks healthy and configured correctly to run Enterprise Search
[2021-06-08T00:35:51.204+00:00][30889][2150][app-server][INFO]:

#########################################################

Success! Elastic Enterprise Search is starting successfully.

In a few moments, you'll be able to login at the following address:

* URL: http://XXX.XXX.XXX.XXX:3002
  * If this is your first time starting Enterprise Search, check the console output above for your user authentication credentials.
  * Visit the documentation: https://www.elastic.co/guide/en/enterprise-search

Secret session key has been generated.

Set the key in your config file to persist user sessions through process restarts:

secret_session_key: 002383aa0f8211c3291876400e77cb665b22c4cbc4242e50eb7b8707c9d0ced15727a99fdfb1c266a27573e95e79013c6931af50c6b6fcda044afa47af7ae9e4


#########################################################



2021-06-08 09:35:52.219:INFO:oejshC.ROOT:main: INFO: [org.kares.jruby.rack.DefaultWorkerManager] started 4 worker(s)
[2021-06-08T00:35:52.224+00:00][30889][2306][app-server][INFO]: [workers] Starting EsqueuesMe background jobs...
[2021-06-08T00:35:52.224+00:00][30889][2304][app-server][INFO]: [workers] Configuring periodic background jobs...
[2021-06-08T00:35:52.224+00:00][30889][2300][app-server][INFO]: [workers] Starting EsqueuesMe background jobs...
[2021-06-08T00:35:52.230+00:00][30889][2306][worker][INFO]: Ensuring esqueues me queues exist
[2021-06-08T00:35:52.229+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job CleanupHeartbeatIndex: {:execution_interval=>300, :timeout_interval=>30, :run_now=>false}
2021-06-08 09:35:52.232:INFO:oejsh.ContextHandler:main: Started o.e.j.s.ServletContextHandler@62593536{/,file:///usr/share/enterprise-search/lib/war/,AVAILABLE}
[2021-06-08T00:35:52.232+00:00][30889][2300][worker][INFO]: Ensuring esqueues me queues exist
[2021-06-08T00:35:52.224+00:00][30889][2302][app-server][INFO]: [workers] Starting EsqueuesMe background jobs...
[2021-06-08T00:35:52.236+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job RefreshElasticsearchLicense: {:execution_interval=>60, :timeout_interval=>30, :run_now=>false}
[2021-06-08T00:35:52.236+00:00][30889][2302][worker][INFO]: Ensuring esqueues me queues exist
[2021-06-08T00:35:52.265+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job RefreshFritoPieContentSources: {:execution_interval=>360, :timeout_interval=>30, :run_now=>true}
Unexpected exception while running Enterprise Search:
Error: Failed to bind to /XXX.XXX.XXX.XXX:3002 at org.eclipse.jetty.server.ServerConnector.openAcceptChannel(org/eclipse/jetty/server/ServerConnector.java:349)
        org.eclipse.jetty.server.ServerConnector.open(org/eclipse/jetty/server/ServerConnector.java:310)
        org.eclipse.jetty.server.AbstractNetworkConnector.doStart(org/eclipse/jetty/server/AbstractNetworkConnector.java:80)
        org.eclipse.jetty.server.ServerConnector.doStart(org/eclipse/jetty/server/ServerConnector.java:234)
        org.eclipse.jetty.util.component.AbstractLifeCycle.start(org/eclipse/jetty/util/component/AbstractLifeCycle.java:72)
        org.eclipse.jetty.server.Server.doStart(org/eclipse/jetty/server/Server.java:401)
        org.eclipse.jetty.util.component.AbstractLifeCycle.start(org/eclipse/jetty/util/component/AbstractLifeCycle.java:72)
        java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)
        org.jruby.javasupport.JavaMethod.invokeDirectWithExceptionHandling(org/jruby/javasupport/JavaMethod.java:426)
        org.jruby.javasupport.JavaMethod.invokeDirect(org/jruby/javasupport/JavaMethod.java:293)
        RUBY.start(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/jetty_server.class:42)
        RUBY.start_application_server(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/app_server_command.class:61)
        RUBY.run(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/app_server_command.class:31)
        RUBY.run_and_exit(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli/command.class:10)
        RUBY.run_supported_command(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:143)
        RUBY.run_command(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:125)
        RUBY.run!(/usr/share/enterprise-search/lib/war/shared_togo/lib/shared_togo/cli.class:112)
        bin.enterprise_minus_search_minus_internal.invokeOther11:run!(bin/enterprise-search-internal:15)
        bin.enterprise_minus_search_minus_internal.<main>(bin/enterprise-search-internal:15)
        java.lang.invoke.MethodHandle.invokeWithArguments(java/lang/invoke/MethodHandle.java:627)
        org.jruby.Ruby.runScript(org/jruby/Ruby.java:1205)
        org.jruby.Ruby.runNormally(org/jruby/Ruby.java:1128)
        org.jruby.Ruby.runNormally(org/jruby/Ruby.java:1146)
        org.jruby.Ruby.runFromMain(org/jruby/Ruby.java:958)
        org.jruby.Main.doRunFromMain(org/jruby/Main.java:412)
        org.jruby.Main.internalRun(org/jruby/Main.java:304)
        org.jruby.Main.run(org/jruby/Main.java:234)
        org.jruby.Main.main(org/jruby/Main.java:206)
[2021-06-08T00:35:52.273+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job UpdateCustomSourcesConfig: {:execution_interval=>360, :timeout_interval=>30, :run_now=>true}
[2021-06-08T00:35:52.284+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job DeleteOldFritoPieContentSourceJobs: {:execution_interval=>86400, :timeout_interval=>30, :run_now=>false}
[2021-06-08T00:35:52.286+00:00][30889][2304][app-server][INFO]: [workers] Configuring background job KeepFilebeatAlive: {:execution_interval=>300, :timeout_interval=>30, :run_now=>true}
[2021-06-08T00:35:52.285+00:00][30889][2170][app-server][INFO]: Running task: RefreshFritoPieContentSources
[2021-06-08T00:35:52.287+00:00][30889][2304][app-server][INFO]: [workers] Configuring background jobs for Workplace Search Connectors...
[2021-06-08T00:35:52.292+00:00][30889][2304][app-server][INFO]: [workers] Enabling non-custom Workplace Search content sources...
[2021-06-08T00:35:52.296+00:00][30889][2314][app-server][INFO]: Running task: UpdateCustomSourcesConfig
[2021-06-08T00:35:52.302+00:00][30889][2316][app-server][INFO]: Running task: KeepFilebeatAlive

I have not made any edits to bin/enterprise-search.
Isn't this a recommended command?
Do you expect me to simply systemctl restart enterprise-search?

Second, I notice that this forum post has been going on for more than a week. We're happy to keep helping here, but do you have a support relationship with Elastic? If you're a paying customer, you may find that Elastic Support may be faster to help you work through this.

Unfortunately, I do not have a support relationship with Elastic yet.
I would like to know what features are available in the basic license first.

I have already implemented ELK and am currently testing its usability with members of my company.
If it is well received, I would like to obtain a license to have a support relationship.

We would also like to introduce WorkplaceSearch as well as ELK, but we are struggling. I need your help.
Any advice would be appreciated.

Third, the Failed to bind error may mean a number of things. It could mean that you already have something else running on port 3002 on your server. It could mean that you already have Enterprise Search up and running, and you need to stop/kill the running process before you try to start another one. Or it could mean that your server's network settings are such that processes are not allowed to bind to port 3002 at all. Might any of these apply?

I think port 3002 is occupied by EnterpriseSearch.
There are no other processes running.
I am checking with the following command.

$ lsof -i:3002
COMMAND   PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
java    29909 root  205u  IPv6 156588026      0t0  TCP XXX.XXX.XXX.XXX.ap.38ns.net:exlm-agent (LISTEN)

How can I find out about network limitations?
What I can tell you is that with the IP address + port configuration, you can access WorkplaceSearch from a browser.
I assume this means that http connections are possible, but doesn't this mean that the 3002 port is allowed to bind?

@maryna.cherniavska
Thank you for your answer.
Thank you in advance.

I will answer your questions.

Also, it would be helpful to see how you rewrote that nginx ssl config file to get rid of the path in the workplace search URL?

The only thing I edited in the nginx configuration file was to add the reverse proxy setting.
Newly added the following

    location /workplacesearch/ {
        proxy_pass   http://127.0.0.1:3002/;
    }

And could you make sure to provide the full stacktrace of the error?

Which stacktrace would be helpful?

The latest error we are presenting now is the following error that appears when you press the [ConnectGoogleDrive] button.
This will be displayed in your browser.

Authorization Error
Error 400: invalid_request
Invalid parameter value for redirect_uri: Raw IP addresses not allowed: http://MY_SERVER:3002/ws/org/sources/google_drive/create

In order to get the URLs by domain needed for GoogleDrive integration, I reviewed the proxy settings by NGINX.
Specifically, I changed the value of ent_search.listen_host.

I have seted the configuration in NGINX, expecting to access WorkplaceSearch at https://MY_SERVER/workplacesearch.
However, it redirects to http://XXX.XXX.XXX.XXX:3002.
This is probably due to the value you specified for ent_search.external_url.

What settings do I need to make in ent_search.external_url to enable URLs by domain (https://MY_SERVER/workplacesearch)?
Also, are there any other settings I need to do?

The following is a more accurate description of the settings I have described.

  • EnterpriseSearch
$ vi /usr/share/enterprise-search/config/enterprise-search.yml
# ---------------------------------- Secrets ----------------------------------
secret_management.encryption_keys: [REDACTED]

# ------------------------------- Elasticsearch -------------------------------
elasticsearch.host: http://XXX.XXX.XXX.XXX:9200
elasticsearch.username: [REDACTED]
elasticsearch.password: [REDACTED]
allow_es_settings_modification: true

# ------------------------------- Hosting & Network ---------------------------
ent_search.external_url: http://XXX.XXX.XXX.XXX:3002
#ent_search.listen_host: XXX.XXX.XXX.XXX # <- remove
ent_search.listen_host: 0.0.0.0          # <- add
ent_search.listen_port: 3002
  • NGINX
# cat /etc/nginx/conf.d/ssl.conf
server {
    listen       443 ssl;
    server_name  MY_SERVER;

    ssl_certificate      [REDACTED];
    ssl_certificate_key  [REDACTED];

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /kibana/ {
        proxy_pass   http://127.0.0.1:5601/;
    }

    location /workplacesearch/ {
        root         /usr/share/enterprise-search;
        proxy_pass   http://127.0.0.1:3002/;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

@its-ogawa I meant the stacktrace from the application log, but you're already posting it above.

This thread is becoming complicated and I want to take a step back. Let's make sure that all these are checked:

  1. You have your app deployed to somewhere (not on localhost I assume) that has a public IP and the port 3002 is exposed/available.
  2. You have nginx to provide a hostname (MY_SERVER) instead of an IP. This hostname is what you gave to the Google Oauth App.
  3. Enterprise Search config has the same URL:
ent_search.external_url: http://MY_SERVER
ent_search.listen_host: 0.0.0.0
ent_search.listen_port: 3002
  1. The previous app has been stopped (just kill the process)
  2. You're running the script with no parameters (reload is not a valid command):
bin/enterprise-search

Is that all correct?

1 Like

@maryna.cherniavska
Thank you for your comments.

All, yes.
As for 5., technically, it specifies ENT_SEARCH_DEFAULT_PASSWORD. (To make the password clear)

$ ENT_SEARCH_DEFAULT_PASSWORD=[REDACTED] bin/enterprise-search

But previously you provided this:

Which looks like it's an IP address and not a hostname?

Oh. I'm sorry. I made a mistake.

As mentioned above, I had specified the IP address and port.
I changed this to the server name and rebooted.

#ent_search.external_url: http://XXX.XXX.XXX.XXX:3002 # <- remove
ent_search.external_url: http://MY_SERVER                     # <- add

However, there are two problems in this case.

One is that my NGINX redirects the given URL to the following, which causes the page to be NotFound.
https://MY_SERVER/workplacesearch/ -> https://MY_SERVER/login
I am expecting it to go to https://MY_SERVER/workplacesearch/login.

Second, though, the page accessed by specifying https://MY_SERVER/workplacesearch/login shows EnterpriseSearch.
However, the login process cannot be executed because the root directory is configured incorrectly.

I think we're getting close.

If you still have:

Then I believe you need:

ent_search.external_url: http://MY_SERVER/workplacesearch

ent_search.external_url needs to be set to the URL that is public-facing. This same URL needs to be the prefix to your redirect-URI for google, as well.

Thank you for your comment.

ent_search.external_url: http://MY_SERVER/workplacesearch

I have tried this before and get the following error. (This was posted on June 6)

$ ENT_SEARCH_DEFAULT_PASSWORD=passwordexample bin/enterprise-search
Found java executable in PATH
Java version detected: 1.8.0_282 (major version: 8)
Enterprise Search is starting...

--------------------------------------------------------------------------------

Invalid config file (/usr/share/enterprise-search/config/enterprise-search.yml):
The setting '#/ent_search/external_url' cannot have a path: 'https://MY_SERVER/workplacesearch'

--------------------------------------------------------------------------------

ross.bell pointed this out to me.

That setting can't contain a url path. It needs to be just https://MY_SERVER. It can also include a port.

As Ross said above:

So, currently I see this.

  1. The external_url setting is supposed to contain no path parameters (but it can contain the port).
  2. nginx makes a redirect that goes to https://MY_SERVER:3002/workplacesearch which opens the login page, but the login page then doesn't work as the root path isn't supposed to contain workplacesearch

@its-ogawa I am no nginx expert, but could you try also this nginx config?

location = / {
        proxy_pass   http://127.0.0.1:3002/;
}

and see what happens?

Thanks for the advice.

Indeed, with this combination you mentioned, the redirects match and I can access WorkplaceSearch by typing https://MY_SERVER into my browser.

$ vi /usr/share/enterprise-search/config/enterprise-search.yml
... snip ...
# ------------------------------- Elasticsearch -------------------------------
elasticsearch.host: https://MY_SERVER
... snip ...
# cat /etc/nginx/conf.d/ssl.conf
server {
... snip ...
    location / {
        proxy_pass   http://127.0.0.1:3002/;
    }
... snip ...
}

Why can't the external_url include the path?
That seems to be a bit of a strict rule.