Nginx 反向代理位置重写 [英] Nginx Reverse Proxy Location Rewrite

问题描述

使用 Nginx 作为反向代理，facebook 身份验证无法正常工作.

Using Nginx as reverse proxy, authentication with facebook is not working as it should.

我的 proxy_pass 设置为 origin.example.com，主站点位于 main.example.com.

My proxy_pass is set to origin.example.com and main site is at main.example.com.

proxy_pass https://origin.example.com;
proxy_ssl_server_name on;
proxy_set_header Connection "";
proxy_set_header Host origin.example.com;
proxy_http_version 1.1; 
proxy_set_header   Upgrade $http_upgrade; 
proxy_set_header   Connection keep-alive; 
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

使用我想修改的位置标头进行 facebook 登录重定向，我发现它可以使用 proxy_redirect 完成.但是，我不知道该怎么做.

Redirection for facebook login happen using Location header which I want to modify and I found that it can be done using proxy_redirect. However, I am not getting an idea how to do that.

我已经在 Facebook 中使用了重定向 URI main.example.com.我确实已经请求在原始应用程序中进行另一次更改以进行此更改，但它不在我们的控制范围内，必须通过仅从 nginx 修改此标头值来管理此更改.

I have already used redirect URI main.example.com in Facebook. And I did already requested another change in origin app to make this change, however its not in our control and have to manage this by modifying this header value from nginx only.

具体来说，我想修改这个标题值

Specifically, I want to modify this header value

https://www.facebook.com/v3.1/dialog/的OAuth CLIENT_ID = 249911186056401&安培;范围=电子邮件&安培; RESPONSE_TYPE =代码&安培; REDIRECT_URI = HTTPS％3A％2F％2F ** origin.example.com **％2Fsignin-Facebook和安培;状态= CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4

到

https://www.facebook.com/v3.1/dialog/的OAuth CLIENT_ID = 249911186056401&安培;范围=电子邮件&安培; RESPONSE_TYPE =代码&安培; REDIRECT_URI = HTTPS％3A％2F％2F ** main.example.com **％2Fsignin-Facebook和安培;状态= CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4

我想将 Location 标头中的所有 origin.example.com 实例替换为 main.example.com.

I want to replace all instances of origin.example.com to main.example.com in Location header.

这是我的服务器块配置

server {
  listen [::]:80;
  listen 80;
  server_name main.example.com;
  return 301 https://www.$host$request_uri;
  
}

server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name main.example.com;
  proxy_set_header Accept-Encoding "";
  sub_filter_types *;
  sub_filter_once off;
  sub_filter "http:" "https:";
  include https.conf;

}

推荐答案

您应该重新配置 Facebook 中的 OAuth 客户端以使用 https://main.example.com 的重定向 URI.在实际应用中，执行 OAuth 授权请求时不要发送 https://origin.example.com，而是使用 Facebook 重新配置使用的这个.这将确保 Facebook 接受请求，并将有效地隐藏源服务器.登录和授权后，Facebook 会将回调响应发送给 NGINX 代理，它可以将其传递给隐藏的源服务器.

You should reconfigure the OAuth client in Facebook to use a redirect URI of https://main.example.com. In the actual app, do not send https://origin.example.com when performing the OAuth authorization request, but use this one that Facebook is reconfigured to use. This will ensure that Facebook accepts the request, and will effectively hide the origin server. After login and authorization, Facebook will send the callback response to the NGINX proxy, which it can pass through to the hidden origin server.

这篇关于Nginx 反向代理位置重写的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！