在Nginx反向代理之后配置IdentityServer4 [英] Configure IdentityServer4 behind nginx reverse-proxy
本文介绍了在Nginx反向代理之后配置IdentityServer4的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的WebApi在nginx反向代理之后受IdentityServer4保护. 代理通过配置:
I have WebApi protected by IdentityServer4 behind nginx reverse-proxy. Proxy pass config:
location /api/ {
proxy_pass http://127.0.0.1:3110/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
expires 0;
}
如果转到 https://www.example.com/api /.wellknown/openid-configuration 它会向我返回此配置:
If go to https://www.example.com/api/.well-known/openid-configuration it returns me this configuration:
{
"issuer": "http://www.example.com",
"jwks_uri": "http://www.example.com/.well-known/openid-configuration/jwks",
"authorization_endpoint": "http://www.example.com/connect/authorize",
"token_endpoint": "http://www.example.com/connect/token",
"userinfo_endpoint": "http://www.example.com/connect/userinfo",
"end_session_endpoint": "http://www.example.com/connect/endsession",
"check_session_iframe": "http://www.example.com/connect/checksession",
"revocation_endpoint": "http://www.example.com/connect/revocation",
"introspection_endpoint": "http://www.example.com/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"WebAPI",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role",
"firm"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}
但是我希望所有网址都应从 https://www.example.com/api/<开始/a> 如何正确配置?
But I expect that all urls should start from https://www.example.com/api/ How to configure it right?
推荐答案
@Rem
如果您使用的是Nginx
,请按照以下步骤操作
If you used Nginx
then follow steps below
location /api/ {
proxy_pass http://localhost:3110;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
并将中间件放入您的代码中
And put the middleware in your code
var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();
app.UseForwardedHeaders(fordwardedHeaderOptions);
希望获得帮助.
这篇关于在Nginx反向代理之后配置IdentityServer4的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文