Ok I try
So when I've this error from angualr app console is referd to ngix api config or nginx signalr config? The same project works fine in IIS
I'm in abp 7.4.5.
I've a reverse proxy made via nginx on exposed sever and a second server, also in linux, with abp dotnet services. I've correctly pubblicated auth, app (agular) and api gateway but I've a signalr separed microservice but when try to start conncection i get an error:
Refused to connect to 'wss://signalr.mydomain.com/signalr-hubs/instant-message?id=***&access_token=****' because it violates the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
I remembre that was a specific configuration to use signalr with nginx but I did't find it in docs
And I need to set this only on Host and Gateway or in all microservices?
The last issue is relate to IP i see all operation came form 127.0.0.1
I found the correct path:
NGinx exposed: ng-01 (auth,api,app) -> reverse to -> mc-01 NGinx internal: mc-01
I set the host in mc-01 to route traffic to ng-01 beacuse the auth,api,app are configured in this host.
In the next days I try to change microservice to use local url on mc-01. For ex in idenitity I set the auth server not to auth....com but mc-01:43645 or mc-01:5001 I think it works as well
Now I do another test.
IdentityService if I try to open http://lnx-ngx-mc1:46388/api/abp/api-definition?IncludeTypes=false whituout autehntication it works
I do authentication I get this error on Identity logs
[13:39:30 ERR] Exception occurred while processing message. <s:Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler>
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
[13:39:30 ERR] Connection id "0HNDVKS5M639C", Request id "0HNDVKS5M639C:00000001": An unhandled exception was thrown by the application. <s:Microsoft.AspNetCore.Server.Kestrel>
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
[13:40:14 INF] Lock is acquired for TokenCleanupBackgroundWorker <s:Volo.Abp.OpenIddict.Tokens.TokenCleanupBackgroundWorker>
[13:40:14 INF] Start cleanup. <s:Volo.Abp.OpenIddict.Tokens.TokenCleanupService>
Ok, I add this code
app.Use(async (ctx, next) =>
{
ctx.Request.Scheme = "https";
await next();
});
In place the original and now the error on oAuth is disapear but on API and APP still not working.
API say if try to authenticate a single micro service (CORS work)
http://lnx-ngx-mc01:41367/abp/Swashbuckle/SetCsrfCookie -> 500
http://lnx-ngx-mc01:41367/api/abp/api-definition?IncludeTypes=false -> 500
If I try from gateway only auth works but all microservices say mix mode blocked http // https
I'll try on machine exposed I've an other auth, version v7.4.5, not microservice but angular with api and auth separeted. and it work with flag https set to true
I do a simple test in service with 9.1.3 a call
authserver/.well-known/openid-configuration
If I call from http not exposed port the auth service and do the same in https exposes port.
The result change
call from http http://lnx-ngx-app2:5001/.well-known/openid-configuration
{
"issuer": "https://uat.auth.myapp9.com/",
"authorization_endpoint": "http://lnx-ngx-app2:5001/connect/authorize",
"token_endpoint": "http://lnx-ngx-app2:5001/connect/token",
"introspection_endpoint": "http://lnx-ngx-app2:5001/connect/introspect",
"end_session_endpoint": "http://lnx-ngx-app2:5001/connect/endsession",
"revocation_endpoint": "http://lnx-ngx-app2:5001/connect/revocat",
"userinfo_endpoint": "http://lnx-ngx-app2:5001/connect/userinfo",
"device_authorization_endpoint": "http://lnx-ngx-app2:5001/device",
https://uat.auth.myapp9.com/.well-known/openid-configuration
{
"issuer": "https://uat.auth.myapp9.com/",
"authorization_endpoint": "https://uat.auth.myapp9.com/connect/authorize",
"token_endpoint": "https://uat.auth.myapp9.com/connect/token",
"introspection_endpoint": "https://uat.auth.myapp9.com/connect/introspect",
"end_session_endpoint": "https://uat.auth.myapp9.com/connect/endsession",
"revocation_endpoint": "https://uat.auth.myapp9.com/connect/revocat",
"userinfo_endpoint": "https://uat.auth.myapp9.com/connect/userinfo",
"device_authorization_endpoint": "https://uat.auth.myapp9.com/device",
"jwks_uri": "https://uat.auth.myapp9.com/.well-known/jwks",
"gran
in microservice 9 the appsettings is configured
"AuthServer": {
"Authority": "https://uat.auth.myapp9.com",
"RequireHttpsMetadata": true,
"SwaggerClientId": "SwaggerUI",
"CertificatePassPhrase": "...."
},
I sent to you Auth module, appsetings and nginx configuration
