搜索
搜索

使用NGINX反向代理后面的docker + kubernetes在带有Identity Server 4的Blazor Server应用程序中添加身份验证和授权

Mihaimyh 发表于 Dev
89
米海米

我现在尝试了几天,以找出为什么我无法使NGINX作为反向代理与在Docker容器中运行的Identity Server4和Blazor Server应用程序一起工作。

发生的事情是我能够浏览到Blazor应用程序,按登录按钮,我被重定向到Identity Server登录页面,输入用户名和密码,接受同意,但是重定向回Blazor应用程序不起作用。

尽管Blazor应用程序已设置为使用带有LetsEncrypt证书的HTTPS,但Nginx日志在下面的POST中显示400。

[06/Dec/2019:15:45:34 +0000] "GET /account/login HTTP/1.1" 302 0 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /connect/authorize?client_id=sdehelperwebui&redirect_uri=https%3A%2F%2Fdev.codescu.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk&state=CfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP/1.1" 302 0 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 200 2177 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 200 2176 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:35 +0000] "POST /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

Nginx配置:

server {

        server_name dev.codescu.com;

        location / {


#            add_header 'Access-Control-Allow-Origin' 'http://api.localhost';
#            add_header 'Access-Control-Allow-Credentials' 'true';
#            add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
#            add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

    if ($request_method = 'OPTIONS') {
      add_header 'Access-Control-Allow-Origin' 'http://api.localhost';
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
      add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;
      return 204;
}


                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header   Connection keep-alive;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-Proto $scheme;
                proxy_pass https://10.190.26.242;
                proxy_http_version 1.1;
                proxy_cache_bypass $http_upgrade;
                fastcgi_buffers 16 16k;
                fastcgi_buffer_size 32k;
        }

        real_ip_header proxy_protocol;
        set_real_ip_from 127.0.0.1;

    listen [::]:443 ssl proxy_protocol ipv6only=on; # managed by Certbot
    listen 443 ssl proxy_protocol; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/codescu.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/codescu.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = dev.codescu.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 proxy_protocol;

        server_name dev.codescu.com;
    return 404; # managed by Certbot

对Identity Server4虚拟主机进行了相同的设置。

在代码中,我添加了:

app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
            });

在Blazor和Identity Server项目中。

我尝试过运行带有或不带有TLS的Blazor和Identity Server应用程序。

值得一提的是,无需进行反向代理路由就可以在本地浏览。

当我尝试从“外部”浏览并且需要使用Nginx反向代理时,当我被重定向回Blazor应用程序时,它将停止工作。

任何想法将不胜感激。

来自火星的阿瓜

根据问题867Nginx proxy_set_header连接应该为空

使用以下命令更新您的Nginx配置:

proxy_set_header Connection '';

本文收集自互联网,转载请注明来源。

如有侵权,请联系 [email protected] 删除。

编辑于
0

我来说两句

0 条评论
登录 后参与评论

相关文章

TOP 榜单

  1. 1

    Android Studio Kotlin:提取为常量

  2. 2

    IE 11中的FormData未定义

  3. 3

    计算数据帧R中的字符串频率

  4. 4

    如何在R中转置数据

  5. 5

    如何使用Redux-Toolkit重置Redux Store

  6. 6

    Excel 2016图表将增长与4个参数进行比较

  7. 7

    在 Python 2.7 中。如何从文件中读取特定文本并分配给变量

  8. 8

    未捕获的SyntaxError:带有Ajax帖子的意外令牌u

  9. 9

    OpenCv:改变 putText() 的位置

  10. 10

    ActiveModelSerializer仅显示关联的ID

  11. 11

    算术中的c ++常量类型转换

  12. 12

    如何开始为Ubuntu开发

  13. 13

    将加号/减号添加到jQuery菜单

  14. 14

    去噪自动编码器和常规自动编码器有什么区别?

  15. 15

    获取并汇总所有关联的数据

  16. 16

    OpenGL纹理格式的颜色错误

  17. 17

    在 React Native Expo 中使用 react-redux 更改另一个键的值

  18. 18

    http:// localhost:3000 /#!/为什么我在localhost链接中得到“#!/”。

  19. 19

    TreeMap中的自定义排序

  20. 20

    Redux动作正常,但减速器无效

  21. 21

    如何对treeView的子节点进行排序

热门标签

归档