Closed paulmilbank closed 2 months ago
We have been setting up Opserver to use Okta groups and noticed the generated ReturnURL is using http. It is behind a load balancer that has an https connection and then nginx as a reverse proxy. Because https is terminated at the load balancer and then forwarded to nginx over https and finally Opserver over http, the ReturnUrl for an OIDC request is generated as http://<url> by the code here: https://github.com/opserver/Opserver/blob/ed00e4e930e9fb22c0ed65a1b24c9dfb774da4ca/src/Opserver.Web/Controllers/AuthController.OIDC.cs#L77.
http
http://<url>
Would you take a PR to use the x-forwarded-proto header if it exists to generate the scheme? Or should this be a config setting? Do you know of any other ways to solve this?
x-forwarded-proto
EDIT: it looks like all the headers should be forwarded currently already in the middleware, so according to https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0 the scheme should be being set automatically from the x-forwarded-proto header. Need to do some more digging.
We have been setting up Opserver to use Okta groups and noticed the generated ReturnURL is using
http
. It is behind a load balancer that has an https connection and then nginx as a reverse proxy. Because https is terminated at the load balancer and then forwarded to nginx over https and finally Opserver over http, the ReturnUrl for an OIDC request is generated ashttp://<url>
by the code here: https://github.com/opserver/Opserver/blob/ed00e4e930e9fb22c0ed65a1b24c9dfb774da4ca/src/Opserver.Web/Controllers/AuthController.OIDC.cs#L77.Would you take a PR to use the
x-forwarded-proto
header if it exists to generate the scheme? Or should this be a config setting? Do you know of any other ways to solve this?EDIT: it looks like all the headers should be forwarded currently already in the middleware, so according to https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0 the scheme should be being set automatically from the x-forwarded-proto header. Need to do some more digging.