search

sidebase / nuxt-auth

🔐 Nuxt user authentication and sessions via authjs (next-auth), local and refresh providers. nuxt-auth wraps NextAuth.js to offer the reliability & convenience of a 12k star library to the nuxt 3 ecosystem with a native developer experience (DX)
https://sidebase.io/nuxt-auth/
MIT License
1.13k stars 134 forks source link

baseURL is not working for a reverse proxy that forwards to localhost #764

Closed andre-silva9975 closed 1 hour ago

andre-silva9975 commented 4 weeks ago

Environment

Reproduction

https://github.com/sidebase/nuxt-auth-example

Describe the bug

I have a nuxt app that runs on a remote server. The server acts as a reverse proxy and forwards requests to http://localhost:3000 which is where the app is running. The problem that I am facing is that when a user tries to access app via the domain url (let's suppose is https://example.com:8000) the server can not resolve and after some time, it appears in the browser a nuxt error message like this:

500 [GET] "https://example.com:8000/api/auth/session?callbackUrl=http:%2F%2Fexample.com%2F": fetch failed

I thought the problem was in my project so I decided to try testing with the nuxt-auth example provided in the git repository (https://github.com/sidebase/nuxt-auth-example). But the error is the same. I believe the error is in the AUTH_ORIGIN. This variable is set to AUTH_ORIGIN=https://example.com:8000 where "example.com is the domain of the server. I also tried changing this variable to http://localhost:3000 and everything seems fine except the authentication like sign in. However, I believe this is not the right value though. I am using nginx and the configuration file is the following:

`server { listen 80 default_server; listen [::]:80 default_server;

# SSL configuration
#
listen 8000 ssl default_server;
listen [::]:8000 ssl default_server;

server_name         example.com;

ssl_certificate     /etc/ssl/certs/example.pem;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_protocols       TLSv1.2 TLSv1.3;
#ssl_ciphers        !aNULL:!MD5

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

#server_name _;

location / {
    #proxy_redirect off;
    #proxy_set_header Host $host;
    #proxy_set_header X-Real-IP $remote_addr;
    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://localhost:3000/; 
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}`

Do I need to change my nginx configuration file? What do you think it should be the AUTH_ORIGIN value?

Thank you for your time.

Additional context

No response

Logs

No response

MilesWuCode commented 1 week ago

i use nginx-proxy-manager and deny:all and allow: my ip address

layout.vue is show , but pages/index.vue is Forbidden

custom error.vue

<script setup lang="ts">
import type { NuxtError } from '#app'

defineProps({
  error: {
    type: Object as () => NuxtError,
    default: undefined,
  },
})
</script>

<template>
  <NuxtLayout name="default">
    <h1>Error</h1>
    <p>{{ error?.statusCode }}</p>
    <p>{{ error?.statusMessage }}</p>
  </NuxtLayout>
</template>
agantelin commented 2 hours ago

I am not using proxy. But I faced the same problem when upgrading from 0.7.2 to 0.8.0. Solved by removing leading slash from endpoints path in auth config in nuxt.config.ts.

BEFORE (error exists):

auth: {
    isEnabled: true,
    baseURL: process.env.API_BROWSER_BASE_URL,
    provider: {
      type: 'local',
      endpoints: {
        signIn: {
          path: '/auth/login', // ← SLASH HERE
          method: 'post'
        },
...

AFTER:

auth: {
    isEnabled: true,
    baseURL: process.env.API_BROWSER_BASE_URL,
    provider: {
      type: 'local',
      endpoints: {
        signIn: {
          path: 'auth/login', // ← REMOVED LEADING SLASH
          method: 'post'
        },
...

ENV file: API_BROWSER_BASE_URL=https://somesitename.dev:8443/api/v1

andre-silva9975 commented 1 hour ago

I don't know if by changing the version to 0.8.0 the problem will go away but I changed to local provider instead of authjs and now everything seems working. Thank you all for all the help.