Hi,
I am trying to run a docker image on a Debian9 server which is also an Apache server. The WebApp which is located in the docker, will be reached via a HTTPS proxy serever. Which meansThe HTTPS requests comes to the proxy and then they ends there and the HTTP requests should be sent to Apache server which is redirecting to the docker.
Issue:
The issue is when I try to open the web page via browser it returns a 502 bad Gateway and cannot find anything which leads me to the issue.
The app needs to authenticate via Azure AD and ADFS. The WebApp is using an Azure App registration. The Reply URL which has been set there is https://mysite.com/signin-oidc
I have already added these code parts in the code:
`public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
// In ASP.NET Core 1.x, replace the following line with: app.UseIdentity();
app.UseAuthentication();
app.UseMvc();
I have added both since the detected Redirect URI by Kestrel was http and not https while thats the only scheme I can set on Azure. I have also tried just using the XForwardProto and not with XForwardFor. That also works but the results stays the same.
WORKDIR /my-app/myapp.CoreWeb/
RUN dotnet publish -c Release -o drop
FROM microsoft/dotnet:2.2-aspnetcore-runtime-alpine
RUN adduser --disabled-password --gecos "" appuser
RUN chown -R appuser:appuser /my-app
USER appuser
EXPOSE 5000
ENV ASPNETCORE_URLS http://+:5000
COPY --from=build-env /my-app/myapp.CoreWeb/drop ./
ENTRYPOINT ["dotnet", "myapp.CoreWeb.dll"]`
The Apache Vhost settings are:
`<VirtualHost :>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
<VirtualHost :80>
SetEnvIf SERVER_ENV ^(.)$ SERVER_ENV=stage
ServerName mysite.com
ServerAlias None
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
ProxyPreserveHost On
ProxyPass http://127.0.0.1:8081/
ProxyPassReverse http://127.0.0.1:8081/
Hi, I am trying to run a docker image on a Debian9 server which is also an Apache server. The WebApp which is located in the docker, will be reached via a HTTPS proxy serever. Which meansThe HTTPS requests comes to the proxy and then they ends there and the HTTP requests should be sent to Apache server which is redirecting to the docker. Issue: The issue is when I try to open the web page via browser it returns a 502 bad Gateway and cannot find anything which leads me to the issue. The app needs to authenticate via Azure AD and ADFS. The WebApp is using an Azure App registration. The Reply URL which has been set there is https://mysite.com/signin-oidc I have already added these code parts in the code: `public void ConfigureServices(IServiceCollection services) { services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { app.UseForwardedHeaders();
}`
And
app.Use((context, next) => { context.Request.Scheme = "https"; return next(); });I have added both since the detected Redirect URI by Kestrel was http and not https while thats the only scheme I can set on Azure. I have also tried just using the XForwardProto and not with XForwardFor. That also works but the results stays the same.
The Dockerfile is :
`FROM microsoft/dotnet:2.2-sdk AS build-env
RUN mkdir /myapp COPY ./ ./myapp WORKDIR /my-app
RUN apt-get update -yq && apt-get upgrade -yq && apt-get install -yq curl git nano RUN curl -sL https://deb.nodesource.com/setup_8.x | bash - && apt-get install -yq nodejs build-essential RUN npm install -g npm && npm install -g @angular/cli@latest
WORKDIR /my-app/myapp.CoreWeb/ RUN dotnet publish -c Release -o drop
FROM microsoft/dotnet:2.2-aspnetcore-runtime-alpine RUN adduser --disabled-password --gecos "" appuser RUN chown -R appuser:appuser /my-app USER appuser EXPOSE 5000 ENV ASPNETCORE_URLS http://+:5000 COPY --from=build-env /my-app/myapp.CoreWeb/drop ./ ENTRYPOINT ["dotnet", "myapp.CoreWeb.dll"]`
The Apache Vhost settings are:
`<VirtualHost :> RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
<VirtualHost :80> SetEnvIf SERVER_ENV ^(.)$ SERVER_ENV=stage ServerName mysite.com ServerAlias None ProxyRequests off <Proxy *> Order deny,allow Allow from all
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule (.) https://%{HTTP_HOST}$1 [R,L] SetEnvIf X-Forwarded-For "^.......*" forwarded CustomLog /apacheLogLocation/mysite.com.stage.access.log vhost_verbose env=!forwarded CustomLog /apacheLogLocation/mysite.com.stage.access.log vhost_verbose_lb env=forwarded ErrorLog /apacheLogLocation/mysite.com.stage.error.log `
When I check the fiddler to see if the redirect URI is correct, its https. When I check the docker logs I don't see anything suspicious and the I can also see the cookie signin which i guess means the authentication was fine(not sure!) and it also tries to open the dll and index file of the web app. Ehn I do the cURL in verbose it ends up in 302 (redirection). I am out of ideas and have already read the following threads but no success: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.2 https://github.com/aspnet/Security/issues/757 https://github.com/aspnet/Security/issues/1070 https://github.com/aspnet/AspNetCore.Docs/issues/2384 https://github.com/aspnet/Security/issues/929