在nginx反向代理后面配置IdentityServer4

时间:2017-06-19 16:03:04

标签: c# nginx asp.net-core identityserver4

我的WebApi受到nginx反向代理后面的IdentityServer4的保护。 代理传递配置:

    location /api/ {
        proxy_pass http://127.0.0.1:3110/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect off;
        proxy_buffering off;
        expires           0;
    }

如果转到https://www.example.com/api/.well-known/openid-configuration 它返回我的配置:

{
    "issuer": "http://www.example.com",
    "jwks_uri": "http://www.example.com/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "http://www.example.com/connect/authorize",
    "token_endpoint": "http://www.example.com/connect/token",
    "userinfo_endpoint": "http://www.example.com/connect/userinfo",
    "end_session_endpoint": "http://www.example.com/connect/endsession",
    "check_session_iframe": "http://www.example.com/connect/checksession",
    "revocation_endpoint": "http://www.example.com/connect/revocation",
    "introspection_endpoint": "http://www.example.com/connect/introspect",
    "frontchannel_logout_supported": true,
    "frontchannel_logout_session_supported": true,
    "scopes_supported": [
        "openid",
        "profile",
        "roles",
        "WebAPI",
        "offline_access"
    ],
    "claims_supported": [
        "sub",
        "name",
        "family_name",
        "given_name",
        "middle_name",
        "nickname",
        "preferred_username",
        "profile",
        "picture",
        "website",
        "gender",
        "birthdate",
        "zoneinfo",
        "locale",
        "updated_at",
        "role",
        "firm"
    ],
    "grant_types_supported": [
        "authorization_code",
        "client_credentials",
        "refresh_token",
        "implicit",
        "password"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
    ],
    "response_modes_supported": [
        "form_post",
        "query",
        "fragment"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_basic",
        "client_secret_post"
    ],
    "subject_types_supported": [
        "public"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ]
}

但我希望所有网址都应该从https://www.example.com/api/开始 如何正确配置?

1 个答案:

答案 0 :(得分:1)

@rem

如果您使用Nginx,请按照以下步骤

location /api/ {
    proxy_pass http://localhost:3110;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection keep-alive;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_cache_bypass $http_upgrade;
}

将中间件放在代码中

var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();

app.UseForwardedHeaders(fordwardedHeaderOptions);

希望得到这个帮助。