在Nginx反向代理之后配置IdentityServer4

本文介绍了在Nginx反向代理之后配置IdentityServer4的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我的WebApi在nginx反向代理之后受IdentityServer4保护. 代理通过配置:

I have WebApi protected by IdentityServer4 behind nginx reverse-proxy. Proxy pass config:

location /api/ { proxy_pass 127.0.0.1:3110/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; proxy_buffering off; expires 0; }

如果转到 www.example/api /.wellknown/openid-configuration 它会向我返回此配置:

If go to www.example/api/.well-known/openid-configuration it returns me this configuration:

{ "issuer": "www.example", "jwks_uri": "www.example/.well-known/openid-configuration/jwks", "authorization_endpoint": "www.example/connect/authorize", "token_endpoint": "www.example/connect/token", "userinfo_endpoint": "www.example/connect/userinfo", "end_session_endpoint": "www.example/connect/endsession", "check_session_iframe": "www.example/connect/checksession", "revocation_endpoint": "www.example/connect/revocation", "introspection_endpoint": "www.example/connect/introspect", "frontchannel_logout_supported": true, "frontchannel_logout_session_supported": true, "scopes_supported": [ "openid", "profile", "roles", "WebAPI", "offline_access" ], "claims_supported": [ "sub", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "role", "firm" ], "grant_types_supported": [ "authorization_code", "client_credentials", "refresh_token", "implicit", "password" ], "response_types_supported": [ "code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token" ], "response_modes_supported": [ "form_post", "query", "fragment" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post" ], "subject_types_supported": [ "public" ], "id_token_signing_alg_values_supported": [ "RS256" ], "code_challenge_methods_supported": [ "plain", "S256" ] }

但是我希望所有网址都应从 www.example/api/ 如何正确配置?

But I expect that all urls should start from www.example/api/ How to configure it right?

推荐答案

@Rem

如果您使用的是Nginx，请按照以下步骤操作

If you used Nginx then follow steps below

location /api/ { proxy_pass localhost:3110; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; }

并将中间件放入您的代码中

And put the middleware in your code

var fordwardedHeaderOptions = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto }; fordwardedHeaderOptions.KnownNetworks.Clear(); fordwardedHeaderOptions.KnownProxies.Clear(); app.UseForwardedHeaders(fordwardedHeaderOptions);

希望获得帮助.