I have an Ubuntu 14.04 server and I have a meteor application that runs at localhost:3000 on this server. The public FQDN of my server is sub.example.com. The meteor application uses Google OAuth 2.0, I have the following configured in the Google API Console:
URI REDIRECTION
http://sub.example.com/_oauth/google
http://sub.example.com/_oauth/google?close
ORIGINES JAVASCRIPT
http://sub.example.com
My Nginx config file looks like this:
server {
listen 80 default_server;
server_name sub.example.com www.sub.example.com;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:3000;
}
}
The proxy works and I can access my meteor application when I go to sub.example.com. But when in this application I try to use Google OAuth 2.0, a pop up opens as it should and I get :
Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/_oauth/google?close did not match a registered redirect URI.
I have played with the header in the nginx config file with no luck.
I'm obviously missing something.
You should rewrite the Location headers that your backend sends to Nginx described in http://wiki.nginx.org/HttpProxyModule#proxy_redirect, so:
proxy_redirect http://localhost:3000/_oauth/google http://sub.example.com/_oauth/google;
the other option, that would work for popup-style login as well is to set the ROOT_URL environment variable for Meteor at startup as follows:
ROOT_URL="http://sub.example.com" PORT=3000 node main.js
Related
How can I correctly configure nginx and phpmyadmin? I've configured nginx and can access phpmyadmin login page through nginx but unable to login, when I try to login it shows Failed to set session cookie. Maybe you are using HTTP instead of HTTPS to access phpMyAdmin.
I'm accessing through https://example.com/phpmyadmin/
and this is the nginx config
location /myphpadminroute/{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header host $host;
proxy_pass_request_headers on;
root path_to_phpmyadmin/phpMyAdmin/;
proxy_pass http://localhost:8080/phpmyadmin/; # apache is running on 8080
}
The login is working fine when using apache url either http://localhost:8080/phpmyadmin/ or https://localhost:8443/phpmyadmin/
I've also tried with proxy_pass https://localhost:8443/phpmyadmin/; in nginx but same error rises.
Whether it is nginx configuration problem or phpmyadmin I just couldn't figure it out.
Edit: The cookie path is not correct phpMyAdmin_https=utd7tbihn9qp9r4e0f0dvj6tpo; path=/phpmyadmin/; secure; HttpOnly and it's working fine if I change nginx path to /phpMyAdmin/ now how can I change cookie path in phpmyadmin
Finally it's working perfectly fine.
For those who are also facing this type of problem the trick is to just set variable in config.inc.php $cfg['PmaAbsoluteUri'] to the url that your user should see
for example $cfg['PmaAbsoluteUri'] = https://example.com/myphpadminroute
This is my first attempt to deploy a plotly dash python web app. I followed below tutorials to get going
digital ocean flask app with gunicorn and nginx
Okta authentication for flask app using OpenIdConnect
The app runs fine on an ec2 instance with nginx and gunicorn all in docker containers. The redirect to okta for authentication and back works fine (using ec2 instance public ip)
After setting redirect for domain name via aws load balancer (HTTPS) it started failing complaining 404 as url scheme returned was http instead of https.
First i added OVERWRITE_REDIRECT_URI config with https which fixed incorrect redirect uri problem on okta side
Then tried ProxyFix and all options in below SO posts but after redirect to /authorization-code/callback?code=<long code value>, the response always comes back with http://<my_website_name>/<page> instead of https
Make Flask's url_for use the 'https' scheme in an AWS load balancer without messing with SSLify
X-Forwarded-Proto and Flask
I'm stuck at this point, what am i missing here?
Thanks
nginx conf.d/conf
upstream app_server {
server dash:8050;
}
server {
listen 80;
server_name _;
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
gzip_static on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_redirect off;
proxy_pass http://app_server;
}
}
I've installed GitLab 8.0.2 on a VM, and I have an nginx reverse proxy set up to direct HTTP traffic to the VM. I am able to view the main login page for GitLab, but when I try to login using the Google OAuth2 method, the callback fails to log me in after entering my correct credentials. I simply get directed back to the GitLab login page.
Where might the problem be? The reverse proxy settings? GitLab settings (ie. Google OAuth config)?
Below is my nginx conf:
upstream gitlab {
server 192.168.122.134:80;
}
server {
listen 80;
server_name myserver.com;
access_log /var/log/nginx/gitlab.access.log;
error_log /var/log/nginx/gitlab.error.log;
root /dev/null;
## send request back to gitlab ##
location / {
proxy_pass http://gitlab;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Interestingly, the old setup I had used iptables to redirect port 81 on the host machine to port 80 on the GitLab VM, and, in that case, the Google OAuth callback worked. I'd prefer to have people simply use standard port 80 for accessing my GitLab instance, though, so I want this reverse proxy method to work.
GitLab 8.x has quite a few new things. Although I don't see anything specifically wrong with your nginx.conf file, it is pretty short compared to the example in the GitLab repository. Look through https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl to get an idea of the configuration you should consider adding.
Once your nginx.conf file is updated, read through GitLab OmniAuth documentation and the Google OAuth2 integration documentation under 'Providers' on that OmniAuth page. Make sure you provide the correct callback URL to Google when registering.
I have set up nginx as a reverse proxy for our jenkins server. Nginx is using proxy_pass to the jenkins server so it should just be forwarding the requests and responses.
When I go to my.domain.com/jenkins (hitting the nginx server) the url is fine. I can click on the url for each project and the url will still look like: my.domain.com/jenkins/job/myProject/. Even going to jenkins configure is fine.
The problem:
When I click on Configure Global Security the url changes to jenkin's sever IP. This wouldn't be such an issue but the Google Login Plugin is hitting it as well and my OAuth callbacks are set to hit the nginx server.
What I've Done:
I have set the Jenkins URL in configure to be my.domain.com/jenkins
Made sure the JENKINS_ARGS have the --prefix=/jenkins
Restarted Jenkins after setting the url in the configuration.
Verified jenkins.model.JenkinsLocationConfiguration.xml has the correct location
Any ideas or suggestions would be amazing! Thank You!
The issue was nginx and the way I was redirecting.
I was using:
location /jenkins/ {
proxy_pass $scheme://ip.address.to.server:port;
}
But needed:
location /jenkins/ {
proxy_pass $scheme://ip.address.to.server:port;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
I use nginx for my front web server to serve the static files like .js .css and .html.
However in my page,I have to use the ajax request.
So I tried to create the web service in java and deploy it use jetty.
Now my main application is ran under nginx:
location /mainapp{
alias /cygdrive/D/workspace/mainapp/;
autoindex on;
}
http://localhost/mainapp
Now in my page I have to do some ajax requst like :
http://localhost/mainapp/webservice.do/xxx
http://localhost/mainapp/utilservice.do/xxx
I have implement these services using java, and deploy them using jetty which can be accessed using:
http://localhost:8080/backup/webservice/xxx
http://localhost:8080/backup/utilservice/xxx
How to make the nginx dispatch the request to jetty?
Edit the configure file of nginx as following
vi /usr/local/etc/nginx/nginx.conf
location ~ \.(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}