I'm trying to make NGINX authenticate requests with OAuth2 server (authorization code flow) that will redirect client to the login page. Is it possible to use auth_request directive for that? Here is my nginx.conf:
server {
listen ${NGINX_PORT};
proxy_send_timeout 600;
proxy_connect_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
client_max_body_size 100m;
absolute_redirect off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
location / {
auth_request /authn;
gzip_static on;
index index.html;
root /usr/share/nginx/html;
try_files $uri $uri/ @index;
}
location @index {
root /usr/share/nginx/html;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires 0;
try_files /index.html =404;
}
location /api {
set $target http://gateway:8030/api;
proxy_pass http://gateway:8030/api;
}
location /authn {
set $target http://gateway:8030/authn;
proxy_pass http://gateway:8030/authn;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_pass_request_headers on;
proxy_intercept_errors on;
recursive_error_pages on;
error_page 301 302 303 307 308 @handle_redirect;
}
location @handle_redirect {
set $redirect_url $upstream_http_location;
proxy_pass $redirect_url;
}
}
But my oauth gateway returns redirects without schema://host:port, and I get
invalid URL prefix in "/oauth2/authorization/gateway" while sending to client
Why doesn't NGINX understand that it must preserve host and port information in redirects and how can I fix that?
