问题描述
我有一个在localhost:8088上运行的服务(Apache Superset)。我正在尝试使用Nginx作为Web服务器连接到AWS Cognito。
我的Nginx配置为/etc/ngnix/conf.d/superset.conf
server {
listen 80;
server_name in.welcome.com;
return 301 https://$host$request_uri;
}
server {
server_name in.welcome.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8088;
proxy_read_timeout 90;
proxy_redirect https://in.welcome.com http://localhost:8088;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/in.welcome.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/in.welcome.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-Nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
通过此配置,它将传递以下查询字符串参数:
DEBUG:authlib.integrations.base_client.base_app:Saving authorize data:
{'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito','url': 'https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/authorize?
response_type=code&client_id=12345&
redirect_uri=http://in.welcome.com/oauthauthorized/Fcognito&scope=email+openid+profile&state=1234','state': '1234'}
Cognito需要HTTPS URI,但是我的此配置正在发送:
'redirect_uri': 'http://in.welcome.com/oauth-authorized/cognito
代替:
'redirect_uri': 'https://in.welcome.com/oauth-authorized/cognito
解决方法
使用以下命令更新superset_config.py:
# Use all X-Forwarded headers when ENABLE_PROXY_FIX is True.
# When proxying to a different port,set "x_port" to 0 to avoid downstream issues.
ENABLE_PROXY_FIX = True