在反向代理后面部署 IdentityServer4
[英]Deploying IdentityServer4 behind reverse proxy
问题描述
We're trying to deploy IdentityServer4 behind a reverse proxy.
我们正在尝试在反向代理后面部署 IdentityServer4。 The discovery document returns local urls eg发现文档返回本地 url,例如
https://xxx.local/connect/token
Where we need我们需要的地方
https://xxx.domain.com/connect/token
The IdentityServerdocs point us to this github page. IdentityServer文档将我们指向这个github 页面。 However, when we configure the middleware as described we see no changes.但是,当我们按照描述配置中间件时,我们看不到任何变化。
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
app.UseForwardedHeaders(options);
A similar setup is found on this github page.在此github 页面上可以找到类似的设置。 The presented solution uses nginx, so perhaps our iis config is off.提出的解决方案使用 nginx,所以可能我们的 iis 配置是关闭的。
In IIS for the proxy:在代理的 IIS 中:
<serverVariables>
<set name="HTTP_X_ORIGINAL_REMOTE_ADDR" value="{REMOTE_ADDR}" />
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>
Any help would be appreciated.任何帮助将不胜感激。
2 个解决方案
解决方案1
5 2018-12-19 21:25:31
Inside of IDS start up where you initiate IDS try the following code在您启动 IDS 的 IDS 启动内部尝试以下代码
var builder = services.AddIdentityServer(options =>
{
...
options.PublicOrigin = "https://domainName.com";// <= try adding this!
...
})
This will force your discover endpoint to be your public IP.这将强制您的发现端点成为您的公共 IP。 Let me know if that works.让我知道这是否有效。 I我
解决方案2
2 2020-09-07 13:10:55
Update for 2020 (IdentityServer4 v4.x): PublicOrigin property was removed. 2020 年更新 (IdentityServer4 v4.x):已删除PublicOrigin属性。
See: https://github.com/IdentityServer/IdentityServer4/issues/4535请参阅: https : //github.com/IdentityServer/IdentityServer4/issues/4535
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.