我的WebApi受到nginx反向代理后面的IdentityServer4的保护。 代理传递配置:
location /api/ {
proxy_pass http://127.0.0.1:3110/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
expires 0;
}
如果转到https://www.example.com/api/.well-known/openid-configuration 它返回我的配置:
{
"issuer": "http://www.example.com",
"jwks_uri": "http://www.example.com/.well-known/openid-configuration/jwks",
"authorization_endpoint": "http://www.example.com/connect/authorize",
"token_endpoint": "http://www.example.com/connect/token",
"userinfo_endpoint": "http://www.example.com/connect/userinfo",
"end_session_endpoint": "http://www.example.com/connect/endsession",
"check_session_iframe": "http://www.example.com/connect/checksession",
"revocation_endpoint": "http://www.example.com/connect/revocation",
"introspection_endpoint": "http://www.example.com/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"WebAPI",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role",
"firm"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}
但我希望所有网址都应该从https://www.example.com/api/开始 如何正确配置?
答案 0 :(得分:1)
@rem
如果您使用Nginx
,请按照以下步骤
location /api/ {
proxy_pass http://localhost:3110;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
将中间件放在代码中
var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();
app.UseForwardedHeaders(fordwardedHeaderOptions);
希望得到这个帮助。