FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Nginx SSL Proxy Error

    Scheduled Pinned Locked Moved Solved
    Q&A
    2
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      taylor
      last edited by

      Below is my nginx ssl config. Im running into an a return error when trying to log in. Im not sure what im missing or needing to remove since i can get to the website just fine.

      {
      "error" : "invalid_request",
      "error_description" : "The request is missing a required parameter: redirect_uri",
      "error_reason" : "missing_redirect_uri"
      }

      server
      {
      listen 80;
      server_name auth.domain.com;
      return 301 https://auth.domain.com$request_uri;
      }

      server {

      listen 443 ssl;
server_name auth.domain.com$request_uri;

# SSL Configuration

ssl_certificate /opt/ssl/fullchain.pem; 
ssl_certificate_key /opt/ssl/privkey.pem; 
ssl_session_cache  builtin:1000  shared:SSL:10m;
ssl_protocols TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;

# Set the access log location

access_log            /var/log/nginx/fusion.access.log;

location / {

   # Proxy Headers
   proxy_pass http://127.0.0.1:9011;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection 'upgrade';
   proxy_set_header Host $host;
   proxy_cache_bypass $http_upgrade;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-Host $host;
   proxy_set_header X-Forwarded-Port $server_port;


  # Security headers
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Referrer-Policy "origin";

  # Add the trailing slash
  rewrite ^([^.]*[^/])$ $1/ permanent;
}

      }

      joshuaJ 1 Reply Last reply Reply Quote 0
      • joshuaJ
        joshua @taylor
        last edited by

        @taylor

        I might start with our community repo when debugging this (maybe you already have)

        • https://github.com/FusionAuth/fusionauth-contrib/tree/master/Reverse Proxy Configurations
        • https://github.com/FusionAuth/fusionauth-containers/tree/master/proxy-docker

        The error that you are receiving there is indicative of a OAuth2 authorize endpoint error. When you are calling the authorize endpoint, regardless of with a proxy, or just a local install, the redirect uri parameter needs to be provided.

        I hope this gives you some ideas for troubleshooting further.

        Thanks,
        Josh

        T 1 Reply Last reply Reply Quote 0
        • T
          taylor @joshua
          last edited by

          @joshua ended up using haproxy to solve my problem.

          joshuaJ 1 Reply Last reply Reply Quote 0
          • joshuaJ
            joshua @taylor
            last edited by joshua

            @taylor

            Good to hear!

            Josh

            1 Reply Last reply Reply Quote 0
            • T taylor has marked this topic as solved on
            • J johnmiller referenced this topic on
            • First post
              Last post