Welcome! Log In Create A New Profile

Advanced

Nginx redirects .well-known endpoints

Posted by vahid 
Forum List Message List New Topic
vahid
Nginx redirects .well-known endpoints
May 11, 2017 04:54PM
I have a web application that runs on `WSGI` server. The application has OpenID Connect identity provider endpoints, for instance:

/oidc/.well-known/openid-configuration
/oidc/.well-known/simple-web-discovery
/oidc/.well-known/webfinger

Requests to these endpoints are mapped to some functions in my project, which run necessary tasks for each endpoint. I can run my application, and all requests are successfully mapped and handled by the defined functions.

The challenge starts when I host my application on a public IP behind https. For this I use `nginx` to proxy access to my application. `nginx` makes my application accessible over a public IP over https. Here is key sections of my `nginx` config file:

server {
listen 80;
listen [::]:80 default_server;
server_name localhost;
root /home/user/myApp;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://my_app;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-URL-SCHEME https;
}
}

server {
listen 443 ssl;
server_name localhost;
root /home/user/myApp;
ssl_certificate /home/user/cacert.pem;
ssl_certificate_key /home/user/privkey.pem;
include /etc/nginx/default.d/*.conf;
location ~ /\.well-known { allow all; }
location / {
proxy_pass http://my_app;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-URL-SCHEME https;
}
}


Every call is requested/posted correctly, except for the requests to `/.well-known/*` (actually `location ~ /\.well-known { allow all; }` in the config is an attempt to solve it), for which I get either `404` or `403` errors.

For instance, one error message in `nginx` error log reads:

`open() "/home/user/myApp/oidc/.well-known/openid-configuration" failed (13: Permission denied), client: X.X.X.X, server: localhost, request: "GET /oidc/.well-known/openid-configuration HTTP/1.1", host: "X.X.X.X"`

(IP addresses are masked out)

Few points:

- I'm running my application with `sudo` privileges, so the application has r/w access to all the paths.
- Actually, the path `/home/user/myApp/oidc/.well-known/openid-configuration` does not exist (and thats why I also get `404` error).

`/oidc/.well-known/openid-configuration` should be mapped to a function (as it happens when I host my application without `nginx`). So, I don't understand why `nginx` tries to access a non-existing `/oidc/.well-known/*` path/file ?!
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 218
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready