我尝试使用 OAuth2 对服务器上的用户进行身份验证,但身份验证成功后,他们将被重定向到基本域而不是预期的子路径 /example/。我已经确定应该使用 add_header $proxy_add_x_forwarded_for 将重定向目标注入标头中,但是 auth_request /oauth2/auth 指令正在剥离所有自定义标头,包括这个标头。尽管多次尝试保留标头,但它们在身份验证过程中被删除。如何确保标头通过 OAuth2 保持完整,以便用户在身份验证后正确重定向到正确的子路径?我已经在网上搜索并尝试了两天的一切
location /example {
# Perform OAuth2 authentication
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# If the user is authenticated, attempt to preserve headers
auth_request_set $user $upstream_http_x_user;
# Debugging headers - we’ve tried setting them for troubleshooting
add_header X-Debug-User $user always;
add_header X-Debug-Redirect $upstream_http_x_auth_request_redirect always;
# Also tried sending the headers without the body
auth_request_set $auth_redirect $upstream_http_x_auth_request_redirect;
proxy_pass_request_body off; # This was used to pass only the headers
proxy_set_header Content-Length ""; # No content length since body is removed
# Attempted to add headers after authentication for custom redirection
proxy_set_header X-User $user;
proxy_set_header X-Auth-Request-Redirect $auth_redirect;
# Forward to the internal service after authentication
proxy_pass https://localhost:6521/;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /oauth2/ {
proxy_pass http://localhost:4180; # OAuth2 Proxy port
proxy_pass_request_body off; # Pass only headers
proxy_set_header Content-Length ""; # No content length since body is removed
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
client_id= "12345678901234567890.apps.googleusercontent.com"
client_secret= "abcde-abcdefghijklomn"
provider = "google"
redirect_url = "https://mydns/oauth2/callback"
pass_access_token = true
pass_host_header = true
pass_authorization_header = true
set_xauthrequest = true
cookie_secret = "1235467890abcdefghijkl"
cookie_secure = true
authenticated_emails_file = "/etc/oauth2_proxy/authorized_emails.txt"
upstreams = ["https://192.168.0.10:6521/"]
您可以通过修改 nginx 配置和 auth 配置来解决此问题: 配置如下。
location /example {
# Perform OAuth2 authentication
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Capture the user and redirection URL after authentication
auth_request_set $user $upstream_http_x_user;
auth_request_set $auth_redirect $upstream_http_x_auth_request_redirect;
# Add debugging headers to ensure they are being passed properly
add_header X-Debug-User $user always;
add_header X-Debug-Redirect $auth_redirect always;
# Pass the captured redirect URL and user headers to the backend
proxy_set_header X-User $user;
proxy_set_header X-Auth-Request-Redirect $auth_redirect;
# Forward to the internal service after authentication
proxy_pass https://localhost:6521/;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# OAuth2 callback handling
location /oauth2/ {
proxy_pass http://localhost:4180; # OAuth2 Proxy port
proxy_pass_request_body off; # Pass only headers
proxy_set_header Content-Length ""; # No content length since body is removed
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
对于 Auth 配置,您可以这样做:
provider = "google"
client_id = "12345678901234567890.apps.googleusercontent.com"
client_secret = "abcde-abcdefghijklomn"
redirect_url = "https://mydns/oauth2/callback"
# Ensure tokens and headers are passed
pass_access_token = true
pass_host_header = true
pass_authorization_header = true
set_xauthrequest = true
如果我错了请告诉我。
谢谢,