[英]ASP.NET Core 3.1 with google signin, nginx reverse proxy and docker Resource temporarily unavailable
I'm building an ASP.NET Core 3.1 web application with the goal to be hosted on an AWS EC2 instance.我正在构建一个 ASP.NET Core 3.1 web 应用程序,目标是托管在 AWS EC2 实例上。
My setup is as follows:我的设置如下:
The web application and SQL Server database are both running in containers and are described in a docker-compose.yml file: web 应用程序和 SQL 服务器数据库都在容器中运行,并在 docker-compose.yml 文件中进行了描述:
version: '3.5'
services:
db:
image: mcr.microsoft.com/mssql/server:2017-latest
deploy:
replicas: 1
environment:
- ACCEPT_EULA=y
- SA_PASSWORD=${SA_PASSWORD}
ports:
- 1433:1433
volumes:
-${MSSQL_STORAGE}:/var/opt/mssql
ui:
image: ${PRIVATE_DOCKER_REGISTRY}/${APPLICATION_NAME}/${SERVICE}:${TAG}
deploy:
replicas: 1
ports:
- 5000:80
environment:
ASPNETCORE_ENVIRONMENT: Development
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
GOOGLE_SECRET_ID: ${GOOGLE_SECRET_ID}
DB_HOST: db
DB_NAME: ${DB_NAME}
DB_PASSWORD: ${DB_PASSWORD}
DB_USER: ${DB_USER}
My application when running in local debug mode and in a local docker swarm runs as expected (accessed with http://localhost:5000
).我的应用程序在本地调试模式和本地 docker 群中运行时按预期运行(使用http://localhost:5000
访问)。 I'm able to log in with my google authentication and I'm redirected to the correct page after login.我可以使用我的谷歌身份验证登录,登录后我被重定向到正确的页面。
When I deploy to the ec2 instance however I'm unable to login.但是,当我部署到 ec2 实例时,我无法登录。
docker service logs -tf {service_name}
I see the following: docker service logs -tf {service_name}
我看到以下内容:
Microsoft.AspNetCore.Authentication.Google.GoogleHandler[4] Microsoft.AspNetCore.Authentication.Google.GoogleHandler[4]
Error from RemoteAuthentication: Resource temporarily unavailable.来自 RemoteAuthentication 的错误:资源暂时不可用。
fail:失败:
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1] Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]An unhandled exception has occurred while executing the request.执行请求时发生未处理的异常。 System.Exception: An error was encountered while handling the remote login. System.Exception:处理远程登录时遇到错误。
System.Net.Http.HttpRequestException: Resource temporarily unavailable System.Net.Http.HttpRequestException:资源暂时不可用
System.Net.Sockets.SocketException (11): Resource temporarily unavailable System.Net.Sockets.SocketException (11): 资源暂时不可用at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)在 System.Net.Http.ConnectHelper.ConnectAsync(字符串主机、Int32 端口、CancellationToken cancellationToken)
--- End of inner exception stack trace --- --- 内部异常堆栈跟踪结束 ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)在 System.Net.Http.ConnectHelper.ConnectAsync(字符串主机、Int32 端口、CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)在 System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage 请求,Boolean allowHttp2,CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)在 System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage 请求,CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)在 System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage 请求,CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)在 System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage 请求,Boolean doRequestAuth,CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)在 System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage 请求,CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)在 System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage 请求,CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler
1.ExchangeCodeAsync(OAuthCodeExchangeContext context)在 System.Net.Http.HttpClient.FinishSendAsyncBuffered(任务1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler
1.ExchangeCodeExchangeAsync(OtextCodeExchangeAsync)
at Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler1.HandleRemoteAuthenticateAsync() at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler
1.HandleRequestAsync()在 Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler1.HandleRemoteAuthenticateAsync() at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler
1.HandleRequestAsync()
--- End of inner exception stack trace --- --- 内部异常堆栈跟踪结束 ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()在 Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)在 Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext 上下文)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.Invoke(HttpContext context)在 Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.Invoke(HttpContext 上下文)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)在 Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)在 Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)在 Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext 上下文)
My nginx configuration is as follows:我的nginx配置如下:
server {
server_name mydomain.com;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I'm thinking maybe the reverse proxy configuration is incorrect somehow?我在想也许反向代理配置不正确? Incorrect headers maybe or something else?标题可能不正确或其他什么?
A common problem with Google Auth when your app is behind a reverse proxy is that the URL doesn't match the URL/domain name you supplied in the Google Developers Console.当您的应用位于反向代理之后时,Google Auth 的一个常见问题是 URL 与您在 Google Developers Console 中提供的 URL/域名不匹配。 When using a reverse proxy, you are changing the request URL from mydomain.com to http://127.0.0.1:5000 .使用反向代理时,您正在将请求 URL 从 mydomain.com 更改为http://127.0.0.1:5000 。
Adding the ForwardedHeaders in your code should fix this so the request keeps the original URL as well as the Forwarded Url在您的代码中添加 ForwardedHeaders 应该可以解决此问题,以便请求保留原始 URL 以及转发的 Url
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedProto }); // other Configure code here
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.