Redirection not HTTPS - Githubissues

ghost commented 1 year ago

I have been stuck on this for like 10 days and more already

I have an app which uses OPENID with Microsoft but the redirection URI sent to Microsoft is not working it seems

below is my application.yaml file

server: forward-headers-strategy: native useForwardHeaders: true

proxy: title: Sites logo-url: "file:///opt/shinyproxy/assets/logo.png" template-path: /opt/shinyproxy/templates port: 3939 heartbeat-rate: 10000 heartbeat-timeout: 60000 hide-navbar: false container-log-path: /container-logs container-wait-time: 60000 container-backend: ${SHINYPROXY_BACKEND} docker: internal-networking: true container-network: "net" authentication: openid ; admin-groups: admin openid: auth-url: https://login.microsoftonline.com/28c6c543-8422-41cf-8bea-a257eddcd88c/oauth2/authorize token-url: https://login.microsoftonline.com/28c6c543-8422-41cf-8bea-a257eddcd88c/oauth2/token jwks-url: https://login.microsoftonline.com/common/discovery/keys client-id: SSSSSb client-secret: SSSSS ; users: ; - name: public ; password: public ; groups: public ; - name: staff-beginner ; password: lantuble321 ; groups: public, private, staff-beginner ; - name: staff-advanced ; password: granyurt678 ; groups: public, private, staff-beginner, staff-advanced ; - name: admin ; password: dronort432 ; groups: public, private, staff-beginner, staff-advanced, admin specs:

id: wheretowork_beginner display-name: "Where To Work (beginner mode)@@G-9WV07KGLQ0" description: "The Where To Work application helps identify priority areas for conservation. It provides an interactive interface for conducting systematic conservation planning exercises, and uses math> ; logo-url: "file:///opt/shinyproxy/assets/wheretowork_beginner.png" access-groups: [public] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/wheretowork container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-volumes: ["${WHERE_TO_WORK_PROJECT_DIRECTORY}:/projects"] container-env: user: "shiny" R_CONFIG_ACTIVE: "beginner" PROJECT_DIRECTORY: "${WHERE_TO_WORK_PROJECT_DIRECTORY}" FORCE_DEFAULT_PROJECTS: "${WHERE_TO_WORK_FORCE_DEFAULT_PROJECTS}"
id: wheretowork_advanced display-name: "Where To Work (advanced)@@G-LYTGKHP9M2" description: "The Where To Work application helps identify priority areas for conservation. It provides an interactive interface for conducting systematic conservation planning exercises, and uses math> ; logo-url: "file:///opt/shinyproxy/assets/wheretowork_advanced.png" access-groups: [public] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/wheretowork container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-volumes: ["${WHERE_TO_WORK_PROJECT_DIRECTORY}:/projects"] container-env: user: "shiny" R_CONFIG_ACTIVE: "advanced" PROJECT_DIRECTORY: "${WHERE_TO_WORK_PROJECT_DIRECTORY}" FORCE_DEFAULT_PROJECTS: "${WHERE_TO_WORK_FORCE_DEFAULT_PROJECTS}"
id: whattodo display-name: "What To Do@@G-8R09PXSQ51" description: "The What To Do application is a decision support tool to help prioritize management actions. It provides an interactive interface for conducting conservation planning exercises aim to ide> ; logo-url: "file:///opt/shinyproxy/assets/whattodo.png" access-groups: [public] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/whattodo container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-volumes: ["${WHAT_TO_DO_PROJECT_DIRECTORY}:/projects"] container-env: user: "shiny" R_CONFIG_ACTIVE: "production" PROJECT_DIRECTORY: "${WHAT_TO_DO_PROJECT_DIRECTORY}" FORCE_DEFAULT_PROJECTS: "${WHAT_TO_DO_FORCE_DEFAULT_PROJECTS}"
id: whattemplatemaker display-name: "What Template Maker@@G-YXJE1502CD" description: "The What Template Maker is a tool that creates data templates for the What To Do application. Since the What To Do app requires data in a specific format, this application is designed to > ;logo-url: "file:///opt/shinyproxy/assets/whattemplatemaker.png" access-groups: [public] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/whattemplatemaker container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-env: user: "shiny" R_CONFIG_ACTIVE: "production"
id: impact display-name: "Project Evaluation@@G-9999999999" description: "The Project Evaluation tool is designed for NCC staff to: A) view current property achievements and national conservation themes within project management plan boundaries, B) upload new p> ;logo-url: "file:///opt/shinyproxy/assets/impact.png" access-groups: [admin] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/impact container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-volumes: ["${IMPACT_DATA_DIRECTORY}:/appdata", "${IMPACT_TILE_DIRECTORY}:/appdata/tiles"] container-env: user: "shiny" R_CONFIG_ACTIVE: "production" DATA_DIRECTORY: "/appdata" TILE_DIRECTORY: "/appdata/tiles"
id: impactdev display-name: "Project Evaluation (development)@@G-9999999999" description: "This is the developer version intended for prototyping new features and getting feedback from users. Admin only." ; logo-url: "file:///opt/shinyproxy/assets/impactdev.png" access-groups: [admin] container-cmd: ["/usr/local/bin/Rscript", "/home/shiny/app/app.R"] container-image: naturecons/impact:dev container-wait-time: 60000 container-network: "${proxy.docker.container-network}" container-volumes: ["${IMPACT_DATA_DIRECTORY}:/appdata", "${IMPACT_TILE_DIRECTORY}:/appdata/tiles"] container-env: user: "shiny" R_CONFIG_ACTIVE: "production" DATA_DIRECTORY: "/appdata" TILE_DIRECTORY: "/appdata/tiles"

logging: level: root: WARN file: name: /log/shinyproxy.log

;server: ; forward-headers-strategy: native ; useForwardHeaders: true

below is my nginx configuration erver { listen 80; server_name prio.itncc.org; return 301 https://$server_name$request_uri; ; rewrite ^(.*) https://$server_name$1 permanent; }

server {

listen 443 ssl; server_name prio.itncc.org;

ssl on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_timeout 10m;

    ssl_certificate /etc/letsencrypt/live/prio.itncc.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/prio.itncc.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/prio.itncc.org/chain.pem;

access_log /var/log/nginx/ncc.carleton.ca-access.log; error_log /var/log/nginx/ncc.carleton.ca-error.log error;

; ; web application launcher ; location / { proxy_pass http://127.0.0.1:3939/; ; ProxyPassReverse http://127.0.0.1:3939/; proxy_http_version 1.1; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_read_timeout 20d; proxy_buffering off;

proxy_redirect      off;
proxy_set_header    Host                 $http_host;
proxy_set_header    X-Real-IP            $remote_addr;
proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
proxy_set_header    X-Forwarded-Protocol $scheme;
proxy_set_header    X-Forwarded-Host $server_name;

}

LEDfan commented 1 year ago

Hi Please see this FAQ entry on how to debug this issue: https://shinyproxy.io/faq/#invalid-redirect_uri-when-using-openid-connect-or-keycloak

LEDfan commented 5 months ago

Hi, I think this question has been answered (and it seems your account was removed), therefore I'll close this issue, please open a new issue or re-open this issue if you are still experiencing an issue.

openanalytics / shinyproxy

Redirection not HTTPS #391