1

I use nginx in my MacOS to test third-party authentications such as Google and Twitter in localhost. As a result, on my local website https://localhost:8000/..., I could engage with www.funfun.io for third-party authentications.

Here is the nginx configuration file:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    log_format my_log '{ "time": "$time_iso8601", '
        '"remote_addr": "$remote_addr", '
        '"status": "$status", '
        '"request": "$request", '
        '"request_method": "$request_method", '
        '"http_referrer": "$http_referer", '
        '"http_x_forwarded_for": "$http_x_forwarded_for", '
        '"host": "$host", '
        '"server_name": "$server_name", '
        '"upstream_address": "$upstream_addr", '
        '"upstream_status": "$upstream_status", }';

    access_log /usr/local/var/log/nginx/my_log_access.log my_log;

    upstream funfun {
        server 178.62.87.72:443;
    }

    server {
        listen              443 ssl;
        server_name localhost;
        ssl_certificate /etc/ssl/localhost/localhost.crt;
        ssl_certificate_key /etc/ssl/localhost/localhost.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 1d;
        ssl_stapling off;
        ssl_stapling_verify off;
        add_header Strict-Transport-Security max-age=15768000;
        add_header X-Frame-Options "";
        proxy_ssl_name "www.funfun.io";
        proxy_ssl_server_name on;

        location ~ /socialLoginSuccess {
            rewrite ^ '/#/socialLoginSuccess' redirect;
        }

        location ~ /auth/(.*) {
            proxy_pass  https://funfun/10studio/auth/$1?$query_string;
            proxy_set_header Host localhost;
        }
    }
    include servers/*;
}

Here is part of logs:

{ "time": "2021-11-11T01:02:44+01:00", "remote_addr": "127.0.0.1", "status": "204", "request": "OPTIONS /10studio/auth/logout HTTP/1.1", "request_method": "OPTIONS", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "204" }
{ "time": "2021-11-11T01:02:44+01:00", "remote_addr": "127.0.0.1", "status": "200", "request": "POST /10studio/auth/logout HTTP/1.1", "request_method": "POST", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "200" }
{ "time": "2021-11-11T01:02:47+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /10studio/auth/google HTTP/1.1", "request_method": "GET", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /auth/google/callback?code=4%2F0AX4XfWihw3erIiZok3Yk8jZ5hjcg4sT35YLuZAp5h3qIDZvC_BuHSlvbRiTSh4Sobo_Wbw&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=consent HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /auth/signinSuccess HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /socialLoginSuccess HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "-", "upstream_status": "-" }
{ "time": "2021-11-11T01:03:00+01:00", "remote_addr": "127.0.0.1", "status": "200", "request": "GET /10studio/10studio/auth/tokenTie?t=1636588979945 HTTP/1.1", "request_method": "GET", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "200" }
{ "time": "2021-11-11T01:03:00+01:00", "remote_addr": "127.0.0.1", "status": "200", "request": "GET /10studio/10studio/auth/tokenTie?t=1636588979993 HTTP/1.1", "request_method": "GET", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "200" }

I realize that, for normal requests (e.g., https://localhost:8000/#/home) without auth or socialLoginSuccess, there is no log recorded. Does anyone know how I could modify my nginx configuration file to record also their logs?

Additionally, what I would like to see from the logs, is that a request like https://localhost/10studio/auth/google is indeed past to the proxied server at https://178.62.87.72:443/10studio/auth/.... But from the current logs, it is not very obvious. Does anyone know how I could modify my nginx configuration file to make it more explicit?

SoftTimur
  • 307
  • 2
  • 5
  • 14

0 Answers0