Question posted in
Some documentation to get you started can be found here.

Google OAuth Redirect Uri in Apache Reverse Proxy

I’m trying to setup a web server using Apache as reverse proxy connected to a ASP.NET CORE web application hosted by kestrel. I’ve followed the tutorial here: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-3.1

The website uses the Google Calendar Api to get a users calanedar information. This works fine when I host it with Kestrel through Visual Studio. However, when I try to authenticate and select a Google Account through the web server, I get redirected to

127.0.0.1:5000/signin-oidc

which is not the desired result. (127.0.0.1:5000 is configured as the ProxyPass and ProxyReverse for Apache).

Since the web application works when I run without the Apache reverse proxy, I suspect there is some issues with the apache configuration. However, it might as well be a problem with the Google.Apis.Auth.AspNetCore3 library I am using. I’ve used the the integrationtests as a guide on how to setup startup.cs and how to make the Api requests.

Edit:

So I asked the developers of the library that I’m using. The redirect uri is bound to the endpoint that kestrel I listening on. The question is here: https://github.com/googleapis/google-api-dotnet-client/issues/1680

So it can only work if I can somehow get kestrel to know the “actual” domain name or public IP of my server… From my research, this seems near if not impossible. I will be looking into other implementation options for authorization and authentication.

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    A solution was found!

    In my endless seach and noobiness I've found out that I've deleted the forward header for my VirtualHost for apache. I've also added the ProxyPreserveHost option.

    I changed the virtual host to include

    RequestHeader set X-Forwarded-Proto https
ProxyPreserveHost On
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
ServerName www.example.com
ServerAlias *.example.com

  2. 0 
    RequestHeader set X-Forwarded-Proto https
ProxyPreserveHost On

    Adding above two Directives does the job

    References:

    ProxyPreserveHost On

    RequestHeader set X-Forwarded-Proto https

    Login or Signup to reply.
  3. 0

    if you are using net core, adding the right configuration to virtual host is not enough, you need to add

        app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
        });
        
        app.Use((context, next) =>
        {
            if (context.Request.Headers.TryGetValue("X-Forwarded-Proto", out var protoHeaderValue) &&
                protoHeaderValue == "https")
            {
                context.Request.Scheme = "https";
            }
            return next();
        });

    and

    .AddGoogle(options =>
            {
                    OnRedirectToAuthorizationEndpoint = context =>
                    {
                        context.Response.Redirect(context.RedirectUri.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase));
                        return Task.CompletedTask;
                    },
                };
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search