0

I use nginx in my MacOS to test third-party authentications such as Google and Twitter in localhost. As a result, on my local website https://localhost:8000/..., I could engage with www.funfun.io for third-party authentications.

Here is the nginx configuration file:

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    log_format my_log '{ "time": "$time_iso8601", '
        '"remote_addr": "$remote_addr", '
        '"status": "$status", '
        '"request": "$request", '
        '"request_method": "$request_method", '
        '"http_referrer": "$http_referer", '
        '"http_x_forwarded_for": "$http_x_forwarded_for", '
        '"host": "$host", '
        '"server_name": "$server_name", '
        '"upstream_address": "$upstream_addr", '
        '"upstream_status": "$upstream_status", }';

    access_log /usr/local/var/log/nginx/my_log_access.log my_log;

    upstream funfun {
        server 178.62.87.72:443;
    }

    server {
        listen 443 ssl;
        server_name localhost;
        ssl_certificate /etc/ssl/localhost/localhost.crt;
        ssl_certificate_key /etc/ssl/localhost/localhost.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 1d;
        ssl_stapling off;
        ssl_stapling_verify off;
        add_header Strict-Transport-Security max-age=15768000;
        add_header X-Frame-Options "";
        proxy_ssl_name "www.funfun.io";
        proxy_ssl_server_name on;

        location ~ /socialLoginSuccess {
            rewrite ^ '/#/socialLoginSuccess' redirect;
        }

        location ~ /auth/(.*) {
            proxy_pass  https://funfun/10studio/auth/$1?$query_string;
            proxy_set_header Host localhost;
        }
    }
    include servers/*;
}

Here is the logs of signing-in.

{ "time": "2021-11-11T01:02:47+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /10studio/auth/google HTTP/1.1", "request_method": "GET", "http_referrer": "https://localhost:8000/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /auth/google/callback?code=4%2F0AX4XfWihw3erIiZok3Yk8jZ5hjcg4sT35YLuZAp5h3qIDZvC_BuHSlvbRiTSh4Sobo_Wbw&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=consent HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /auth/signinSuccess HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "178.62.87.72:443", "upstream_status": "302" }
{ "time": "2021-11-11T01:02:50+01:00", "remote_addr": "127.0.0.1", "status": "302", "request": "GET /socialLoginSuccess HTTP/1.1", "request_method": "GET", "http_referrer": "https://accounts.google.com/", "http_x_forwarded_for": "-", "host": "localhost", "server_name": "localhost", "upstream_address": "-", "upstream_status": "-" }

The process of signing in is as follows:

  • I start with a webpage https://localhost:8000/#/start, where there is a button to sign in by Google.
  • I click on that button, whose url is https://localhost/10studio/auth/google.
  • The webpage of https://accounts.google.com/... is displayed where we could choose a Google account
  • After successful signing-in, the webpage of https://localhost/#/socialLoginSuccess is displayed.

All the steps work fine except the last one; the final https://localhost/#/socialLoginSuccess displays the webpage of Welcome to nginx!. The correct url should be https://localhost:8000/#/socialLoginSuccess.

Does anyone know how I could modify the nginx configuration file such that the final url leads to https://localhost:8000/#/socialLoginSuccess?

Edit 1:

Here is some code of funfun.io:

(* under app.js *)

var _10studio = require('./routes/10studio');
app.use('/10studio', _10studio);

(* under routes/10studio.js *)

router.get('/auth/google', passport.authenticate('10studio-google', {
    scope: ['https://www.googleapis.com/auth/userinfo.profile',
        'https://www.googleapis.com/auth/userinfo.email']
}));

router.get('/auth/google/callback', passport.authenticate('10studio-google', {
    successRedirect: '/auth/signinSuccess',
    failureRedirect: '/auth/signinFailure',
    failureFlash: true
}))

router.get('/auth/signinSuccess', function (req, res, next) {
    res.redirect("/socialLoginSuccess");
})
SoftTimur
  • 307
  • 2
  • 5
  • 14
  • I think you want to reverse proxy all traffic via port 443 and not use non-standard ports to outside. Also, I think that nginx cannot modify the URL where visitor is sent after succesful authentication. You should modify the entity that generates the URL after authentication. – Tero Kilkanen Nov 11 '21 at 14:44
  • @TeroKilkanen I added some code of funfun.io to the OP. I don't see how to modify the entity such that it leads to `https://localhost:8000/#/socialLoginSuccess`. – SoftTimur Nov 11 '21 at 17:37
  • I tried to replace `proxy_set_header Host localhost;` with `proxy_set_header Host localhost:8000;` in nginx, but it did not help. – SoftTimur Nov 11 '21 at 17:58

0 Answers0