hlavki / g-suite-identity-sync

G Suite to LDAP identity synchronizer
Apache License 2.0
128 stars 29 forks source link

HTTPS instead of http #80

Closed pymenow closed 3 years ago

pymenow commented 3 years ago

Hello ,

thanks for this really good solution ! I have setup a docker container, and using Apache reverse proxy used https://ldap.domain.com as the URL. However I get an error -

Error 400: redirect_uri_mismatch The redirect URI in the request, http://ldap.domain.com/cxf/oidc/rp/complete, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit:

Ive used https while setting uo the URI in gsuite console.

how can I get Https to work ?

<VirtualHost *:80>
        ServerAdmin admin@domain.com
        ServerName ldap.domain.com
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =ldap.domain.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin admin@domain.com
        ServerName ldap.domain.com
        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        ProxyRequests           Off
        ProxyPreserveHost       On
        ProxyPass               /       http://10.10.0.3:8181/
        ProxyPassReverse        /       http://10.10.0.3:8181/

        SSLCertificateKeyFile /PATH/
        SSLCertificateFile /PATH/
        SSLCertificateChainFile /PATH/
</VirtualHost>
</IfModule>
hlavki commented 3 years ago

Hi, we use apache on some installations and configuration looks like this:

<VirtualHost *:80>
    ServerName ldap.domain.com
    Redirect permanent / https://ldap.domain.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName ldap.domain.com

  SSLEngine On
  SSLCertificateFile /path/to/ssl/ldap.domain.com.cer
  SSLCertificateKeyFile /path/to/ssl/ldap.domain.com.key
  SSLCertificateChainFile /path/to/ssl/ldap.domain.com.cer

  ProxyPreserveHost On 
  RewriteEngine     On 

  RequestHeader set X-Forwarded-Proto "https"

  ProxyPassMatch ^/.well-known/acme-challenge !

  ProxyPassMatch ^/cxf/(.*) http://identity:8181/cxf/$1
  ProxyPassMatch ^/(.*) http://identity:8181/$1
  ProxyPassReverse / http://identity:8181
</VirtualHost>
pymenow commented 3 years ago

Thank you - issue resolved.