I have FOSUserBundle and LexikJWTAuthenticationBundle installed in a small Symfony project.

When I send a POST request to http://localhost:8080/api/login_check using Postman on my laptop, I get a token back.

However, when I have a test send a similar request to http://web:8080/api/login_check, I get back the following response:

App\Tests\Acceptance\CreateUserTest::testCreateUserWithNonAdminFails GuzzleHttp\Exception\ClientException: Client error: POST http://web:8080/api/login_check resulted in a 404 Not Found response: <!-- Unable to find the controller for path "/api/login_check". The route is wrongly configured. (404 Not Foun (truncated...)

I've googled around a bit, it looks like all the fixes I've found are for Apache users. (I'm using nginx.)

My docker-compose.yml file looks like this:

version: '3'
services:
  web:
    image: 'nginx:latest'
    ports:
      - "8080:8080"
    volumes:
      - ./code:/var/www
      - ./docker/nginx/site.conf:/etc/nginx/conf.d/site.conf
    links:
      - php
  php:
    build: ./docker/php
    volumes:
      - ./code:/var/www/
    working_dir: /var/www/
    links:
      - database
    environment:
      - DATABASE_URL
      - MYSQL_ROOT_PASSWORD
  database:
    image: 'mariadb:latest'
    environment:
      MYSQL_ROOT_PASSWORD: dbpassword
      MYSQL_DATABASE: dbname
    ports:
      # To allow the host machine to access the ports below, modify the lines below.
      # For example, to allow the host to connect to port 3306 on the container, you would change
      # "3306" to "3306:3306". Where the first port is exposed to the host and the second is the container port.
      # See https://docs.docker.com/compose/compose-file/#ports for more information.
      - '3306'

... and my security.yaml file looks like this:

security:
    firewalls:
        login:
            pattern: ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path: /api/login_check
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

        api:
            pattern:   ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

        # Disabling the security for the web debug toolbar, the profiler and Assetic.
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # -> custom firewall for the admin area of the URL
        admin:
            pattern:            /admin(.*)
            context:            user
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check
                failure_path:   null
            logout:
                path:           /admin/logout
                target:         /admin/login
            anonymous:          true

        # -> end custom configuration

        # default login area for standard users

        # This firewall is used to handle the public login area
        # This part is handled by the FOS User Bundle
        main:
            pattern:             .*
            context:             user
            form_login:
                provider:       fos_userbundle
                login_path:     /login
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
            logout:             true
            anonymous:          true

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented

    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    providers:
        fos_userbundle:
            id: fos_user.user_provider.username

    access_control:
        # Admin login page needs to be accessed without credential
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured admin part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # API and JWT login
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

... while my nginx configuration looks like this:

server {
    listen 8080;
    server_name localhost;

    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /var/www/public;

    location / {
        try_files $uri /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(. \.php)(/.*)$;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

CodePudding user response：

I think you missed "Content-Type" header in your request - https://stackoverflow.com/a/57593076/10005692