Closed LEIRONGHUA closed 8 months ago
local nginx enviroment Discovery URLs are not HTTPs
Steps to reproduce the behavior:
nginx config
server { listen 80; server_name sts.ids.leironghua.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name sts.ids.leironghua.com; ssl_certificate /var/www/.ssl/sts.ids.leironghua.com.pem; ssl_certificate_key /var/www/.ssl/sts.ids.leironghua.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:5900; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } access_log /var/log/nginx/com.leironghua.ids.sts.access.log; error_log /var/log/nginx/com.leironghua.ids.sts.error.log; }
127.0.0.1 sts.ids.leironghua.com
UseSecurityHeaders config(The default settings do not work either)
var forwardingOptions = new ForwardedHeadersOptions() { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, RequireHeaderSymmetry = false }; forwardingOptions.KnownNetworks.Clear(); forwardingOptions.KnownProxies.Clear(); app.UseForwardedHeaders(forwardingOptions);
get https://sts.ids.leironghua.com/.well-known/openid-configuration
{ "issuer": "http://sts.ids.leironghua.com", "jwks_uri": "http://sts.ids.leironghua.com/.well-known/openid-configuration/jwks", "authorization_endpoint": "http://sts.ids.leironghua.com/connect/authorize", "token_endpoint": "http://sts.ids.leironghua.com/connect/token", "userinfo_endpoint": "http://sts.ids.leironghua.com/connect/userinfo", "end_session_endpoint": "http://sts.ids.leironghua.com/connect/endsession", "check_session_iframe": "http://sts.ids.leironghua.com/connect/checksession", "revocation_endpoint": "http://sts.ids.leironghua.com/connect/revocation", "introspection_endpoint": "http://sts.ids.leironghua.com/connect/introspect", "device_authorization_endpoint": "http://sts.ids.leironghua.com/connect/deviceauthorization", "backchannel_authentication_endpoint": "http://sts.ids.leironghua.com/connect/ciba" }
I use similar nginx configuration and UseSecurityHeaders configuration to use https correctly on other websites. Please tell me what is wrong. sincere thanks
Describe the bug
local nginx enviroment Discovery URLs are not HTTPs
To Reproduce
Steps to reproduce the behavior:
nginx config
UseSecurityHeaders config(The default settings do not work either)
get https://sts.ids.leironghua.com/.well-known/openid-configuration
I use similar nginx configuration and UseSecurityHeaders configuration to use https correctly on other websites. Please tell me what is wrong. sincere thanks