0

I would ask for help on my specific configuration: I have a Django application executed by gunicorn with an Nginx reverse proxy. Everything runs on the same Docker instance, run by Supervisord. Gunicorn runs on port 8000, Nginx runs on port 80. Note: If I run only the Django application (no Nginx proxy) everything works properly and OAuth from Google works.

The Nginx config is

server {
    listen      80;

    location /static/ {
        alias /home/app/static/static_assets/;
    }

    location /media-files/ {
        internal; # only the django instance can access this url directly
        alias /home/app/media/media_assets/;
    }

    location / {
        proxy_pass http://localhost:8000;
    }
}

I am trying to use the above solution to make OAuth2 work with Google. With the original configuration the error is as follows:

Error 400: redirect_uri_mismatch The redirect URI in the request, http://localhost:8000/accounts/google/login/callback/, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/${your_client_id}?project=${your_project_number}

If I add the configuration snippet I get the error below:

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Forwarded-Proto $scheme;

Code: unknown, Error: HTTPSConnectionPool(host='accounts.google.com', port=443): Max retries exceeded with url: /o/oauth2/token (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f79207eb640>: Failed to establish a new connection: [Errno -2] Name or service not known')))

Bozidar Spirovski
  • 71
  • 8
  • I've seen some research on this done by @onlyphantom on the link below, but no resolution.https://stackoverflow.com/questions/57589663/oauth-callback-url-incompatible-with-nginx-proxy-server-behavior – Bozidar Spirovski Dec 10 '20 at 20:58
  • 1
    Your OAuth client setup with google redirect url points to port 8000, but your nginx port is 80, you will get the first error, try change the redirect url on google to port 80. – James Lin Dec 10 '20 at 21:15
  • @JamesLin the port redirect is part of the problem. This compounds on the 'localhost' path since Gunicorn runs on localhost - everything public is handled by Nginx and then proxied to Gunicorn. But I don't know how to reconfigure Nginx to mask/rewrite the conversation with Gunicorn for the OAuth URI. The proxy parameters above were one proposal but didn't do much. – Bozidar Spirovski Dec 11 '20 at 08:14
  • Your second error is your django cannot access to `accounts.google.com:443`, it has nothing to do with nginx. – James Lin Dec 11 '20 at 10:18

0 Answers0