Open cananda opened 7 years ago
Are you sure the 404 is not coming from the upstream?
Maybe you need to set --pass-host-header=False
, so that "links.test.com" instead of "oauthproxy.test.com" is sent in the Host header to the upstream?
404 is not coming from upstream as accessing the links directly is successful. Will test the host header and confirm
I read a bit more on multiple domain upstream support, looks like this is not possible. Path based routing will work for the same upstream. I was trying to use multiple upstreams with path based routing
The only reason for "routing" of any kind is to choose one of multiple upstreams for a request.
But, this may not work in a way that is useful to you. How it works is that a request to "oauth-proxy.example.com/links/a" is proxied to "http://links.test.com:8000/links/a" while a request to "oauth-proxy.example.com/sonar/b" is proxied to "http://sonar.test.com:9000/sonar/b" - the path is not translated in any way, it is passed through as-is, so the upstream applications themselves must be using unique path prefixes.
The further complication is that the request to "http://links.test.com:8000/links/a" will resolve "links.test.com" to an IP address like "1.2.3.4", and then make a tcp connection to "1.2.3.4:8000", and then finally send the request with the header Host: oauth-proxy.example.com
as it was in the original request, if you didn't configure oauth2_proxy with --pass-host-header=False
.
If the upstream application gets a host header or url path which it does not expect, it may return a 404 to oauth2_proxy
, even though it did not return a 404 to you when you test directly, because you're making a different direct request than you configured oauth2_proxy to make.
One way to see exactly what requests are being made and returned, is to enable debug logging in both oauth2_proxy and the upstream application, and very closely inspect the logs. Another way is to use a tool like wireshark or tcpdump on the server running oauth2_proxy.
I have oauthproxy on SSL with 2 upstreams (no nginx in the front) -
upstreams = [ "http://links.test.com:8000/links", "http://sonar.test.com:9000/sonar" ]
The upstreams are on http only on multiple servers:ports and different paths. I seem to get a 404 post authentication when I access oauthproxy with a path.
I see the following in the console -
Is this supposed to work as expected?