小贝子编程

在具有标识服务器 4 的 Blazor Server 应用中使用 NGINX 反向代理后面的 docker + kube



我现在尝试了几天,以找出为什么我无法将NGINX作为反向代理来与Identity Server4和在docker容器中运行的Blazor Server应用程序一起使用。

发生的情况是,我可以浏览到 Blazor 应用,按登录按钮,我被重定向到标识服务器登录页,输入用户和密码,接受同意,但重定向回 Blazor 应用不起作用。

Nginx日志在下面的POST中显示400,尽管Blazor应用设置为将HTTPS与LetsEncrypt证书一起使用。

[06/Dec/2019:15:45:34 +0000] "GET /account/login HTTP/1.1" 302 0 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /connect/authorize?client_id=sdehelperwebui&redirect_uri=https%3A%2F%2Fdev.codescu.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk&state=CfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP/1.1" 302 0 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 200 2177 "https://dev.codescu.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:34 +0000] "GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 200 2176 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[06/Dec/2019:15:45:35 +0000] "POST /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dsdehelperwebui%26redirect_uri%3Dhttps%253A%252F%252Fdev.codescu.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D637112439340098608.NGY4ZGY2MWQtNTQyNy00NWRlLThiNjUtOWFjYjJhMDE0MzhiMTFkYTc3NmUtMGRlMi00Y2MwLWI0MWYtNTY2MzUzOWFlOGVk%26state%3DCfDJ8KMZi0b-1bJCq1rFhJ3cRbHrbVT7oo9NFGXrRCXzkFjao9vVEBAMSvpBPimLtESIVXxpNOgMCQddEfRBwniwkNoDZzdVdQdViLWoSDdfm_Eftppnhnz77okwELuUANmR7DNixxpiSbDvSB8WhW-zrwrXjPjgDaja7tRST1Vvd_K-cDBiEu8ZsYXpkkNEhoMqhYHnBiD6JhYUIgto99pbUyjVtAFxDKvHBWEfwDVstQsLjh2ld4hPagk3jLYN0G0Od9aMQrkU5tqRf_B4_gZoYJgrjs8jkI7c3d2oksH0wACc%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

Nginx 配置:

server {
server_name dev.codescu.com;
location / {

#            add_header 'Access-Control-Allow-Origin' 'http://api.localhost';
#            add_header 'Access-Control-Allow-Credentials' 'true';
#            add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
#            add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'http://api.localhost';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header   Connection keep-alive;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme;
proxy_pass https://10.190.26.242;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;
listen [::]:443 ssl proxy_protocol ipv6only=on; # managed by Certbot
listen 443 ssl proxy_protocol; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/codescu.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/codescu.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = dev.codescu.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80 proxy_protocol;
server_name dev.codescu.com;
return 404; # managed by Certbot

对身份服务器 4 虚拟主机进行了相同的设置。

在我添加的代码中:

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

在 Blazor 和标识服务器项目中。

我尝试运行带有或不带有 TLS 的 Blazor 和 Identity Server 应用程序。

值得一提的是,本地浏览,无需通过反向代理路由流量,即可工作。

当我尝试从"外部"浏览并且需要使用 Nginx 反向代理时,当我被重定向回 Blazor 应用时,它会停止工作。

任何想法将不胜感激。

根据问题 867,Nginxproxy_set_header 连接应为空

通过以下方式更新您的 Nginx 配置:

proxy_set_header Connection '';

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium