Nginx Reverse Proxy Location Rewrite

断了今生、忘了曾经 提交于 2021-02-11 12:36:28

问题


Using Nginx as reverse proxy, authentication with facebook is not working as it should.

My proxy_pass is set to origin.example.com and main site is at main.example.com.

proxy_pass https://origin.example.com;
proxy_ssl_server_name on;
proxy_set_header Connection "";
proxy_set_header Host origin.example.com;
proxy_http_version 1.1; 
proxy_set_header   Upgrade $http_upgrade; 
proxy_set_header   Connection keep-alive; 
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

Redirection for facebook login happen using Location header which I want to modify and I found that it can be done using proxy_redirect. However, I am not getting an idea how to do that.

I have already used redirect URI main.example.com in Facebook. And I did already requested another change in origin app to make this change, however its not in our control and have to manage this by modifying this header value from nginx only.

Specifically, I want to modify this header value

https://www.facebook.com/v3.1/dialog/oauth?client_id=249911186056401&scope=email&response_type=code&redirect_uri=https%3A%2F%2F**origin.example.com**%2Fsignin-facebook&state=CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4

to

https://www.facebook.com/v3.1/dialog/oauth?client_id=249911186056401&scope=email&response_type=code&redirect_uri=https%3A%2F%2F**main.example.com**%2Fsignin-facebook&state=CfDJ8FXKlLU-VLlFryQdHqtwILDwFpBxeh1ZlS5hy7drEOaXtmdjBd8T8m4oyy7LvYttb8Ryyb894ZgCUGPINPQX_jWt-s1J2ZwtJirchyAWfsXXtqC69PYLxJNf84fbK_bXLrpd0eFE7Z0LAwq98gp-54lUwv3rZPNLZ4Jw1q3-3yjjFGTgAvJCDSgiTTxvIpY8E-3WlTlNPMfiFv4USoXHfYeKJaQ52EAAMdhA3dlAoALVsUkOl-0lNUjCP4xa4ZKcRuL1wJI1Gbk7Fg7Nyxzgqu4

I want to replace all instances of origin.example.com to main.example.com in Location header.

Here is my server block configurations

server {
  listen [::]:80;
  listen 80;
  server_name main.example.com;
  return 301 https://www.$host$request_uri;
  
}

server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name main.example.com;
  proxy_set_header Accept-Encoding "";
  sub_filter_types *;
  sub_filter_once off;
  sub_filter "http:" "https:";
  include https.conf;

}

回答1:


You should reconfigure the OAuth client in Facebook to use a redirect URI of https://main.example.com. In the actual app, do not send https://origin.example.com when performing the OAuth authorization request, but use this one that Facebook is reconfigured to use. This will ensure that Facebook accepts the request, and will effectively hide the origin server. After login and authorization, Facebook will send the callback response to the NGINX proxy, which it can pass through to the hidden origin server.



来源:https://stackoverflow.com/questions/63647067/nginx-reverse-proxy-location-rewrite

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!