NGINX redirect_uri 与 AWS Cognito
NGNIX redirect_uri with AWS Cognito
我在 localhost:8088 上有一项服务 (Apache Superset) 运行。我正在尝试使用 NGINX 作为网络服务器连接到 AWS Cognito。
我的 NGINX 配置是 /etc/ngnix/conf.d/superset.conf
server {
listen 80;
server_name in.welcome.com;
return 301 https://$host$request_uri;
}
server {
server_name in.welcome.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8088;
proxy_read_timeout 90;
proxy_redirect https://in.welcome.com http://localhost:8088;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/in.welcome.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/in.welcome.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
使用此配置,它传递以下查询字符串参数:
DEBUG:authlib.integrations.base_client.base_app:Saving authorize data:
{'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito',
'url': 'https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?
response_type=code&client_id=12345&
redirect_uri=http://in.welcome.com/oauthauthorized/Fcognito&scope=email+openid+profile&state=1234',
'state': '1234'}
Cognito 需要一个 HTTPS URI,但是我的这个配置正在发送:
'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito
而不是:
'redirect_uri': 'https://in.welcome.com/oauth-authorized/cognito
更新 superset_config.py 为:
# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True.
# When proxying to a different port, set "x_port" to 0 to avoid downstream issues.
ENABLE_PROXY_FIX = True
我在 localhost:8088 上有一项服务 (Apache Superset) 运行。我正在尝试使用 NGINX 作为网络服务器连接到 AWS Cognito。
我的 NGINX 配置是 /etc/ngnix/conf.d/superset.conf
server {
listen 80;
server_name in.welcome.com;
return 301 https://$host$request_uri;
}
server {
server_name in.welcome.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8088;
proxy_read_timeout 90;
proxy_redirect https://in.welcome.com http://localhost:8088;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/in.welcome.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/in.welcome.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
使用此配置,它传递以下查询字符串参数:
DEBUG:authlib.integrations.base_client.base_app:Saving authorize data:
{'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito',
'url': 'https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?
response_type=code&client_id=12345&
redirect_uri=http://in.welcome.com/oauthauthorized/Fcognito&scope=email+openid+profile&state=1234',
'state': '1234'}
Cognito 需要一个 HTTPS URI,但是我的这个配置正在发送:
'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito
而不是:
'redirect_uri': 'https://in.welcome.com/oauth-authorized/cognito
更新 superset_config.py 为:
# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True.
# When proxying to a different port, set "x_port" to 0 to avoid downstream issues.
ENABLE_PROXY_FIX = True