Hi all,
I am trying to get Auth0 working under an NGINX reverse proxy and Docker with Auth0’s free plan. It was working without any issues on my old setup with NGINX (no proxy) and CloudFlare. I am also still using CloudFlare with the new setup.
At the moment, any time I attempt to log in, it redirects to /
and doesn’t actually log me into the website itself. The Auth0 logs indicate there is a successful login, though.
{
"date": "2022-12-08T04:25:58.619Z",
"type": "s",
"connection_id": "",
"client_id": "xxxxxxxxx",
"client_name": "Best Mods",
"ip": "xxxxxxxx",
"user_agent": "Chrome 108.0.0 / Linux 0.0.0",
"details": {
"prompts": [],
"completedAt": 1670473558618,
"elapsedTime": null,
"session_id": "xxxxxxxxxx"
},
"hostname": "xxxxxxxx.us.auth0.com",
"user_id": "yyyyyy|xxxxxxxx",
"user_name": "christian@moddingcommunity.com",
"log_id": "x",
"_id": "x",
"isMobile": false,
"id": "x",
"description": "Successful login"
}
My NGINX reverse proxy config is the following.
server {
listen 443;
ssl_certificate /opt/bestmods.crt;
ssl_certificate_key /opt/bestmods.key;
server_name bestmods.io;
client_max_body_size 512M;
access_log /var/log/nginx/bestmods_access;
error_log /var/log/nginx/bestmods_error.log;
location / {
proxy_pass_request_headers on;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header auth0-forwarded-for $proxy_add_x_forwarded_for;
proxy_pass http://localhost:xxxxx;
}
}
This redirects to another NGINX server within a Docker container that handles the Laravel application with PHP. If you believe it may be the configuration on the end-point NGINX server, please let me know and I will post that config as well (I’ll need to strip sensitive information out).
I am utilizing Laravel and the source code is open source here. Though, I don’t think it’d be the source code in this case.
I haven’t been able to find any documents or guides relating to using an NGINX reverse proxy solely for Auth0 (I saw a document on NGINX Plus, but that is not what I’m using). I’ve found reverse proxies with external services, but those documents weren’t of any help in this case as well. I’ve also confirmed the headers are being passed (I used tcpdump
in this case since I was within the terminal already).
sudo tcpdump -i br-xxxxxxx -nne port 80 -XX -vv | grep "auth"
tcpdump: listening on br-xxxxxxx, link-type EN10MB (Ethernet), snapshot length 262144 bytes
auth0-forwarded-for: xxxxxxx, xxxxxxx
0x00c0: 746f 3a20 6874 7470 730d 0a61 7574 6830 to:.https..auth0
auth0-forwarded-for: xxxxxxx, xxxxxxx
0x00b0: 2068 7474 7073 0d0a 6175 7468 302d 666f .https..auth0-fo
^C40 packets captured
40 packets received by filter
0 packets dropped by kernel
Turning on brute force protection did not help (where I believe the auth0-forwarded-for
header comes into play).
I feel like I am missing something super simple here and I’ve been banging my head against the wall over this issue
If you need any other information, please let me know!
Any help would be appreciated and thank you for your time!
P.S. I made another thread, but the formatting broke due to the ending code indicator (```) not being on a single line. When that post was made, there was no way to edit the post (there were only three buttons under the post, share, bookmark, and delete topic). However, when I made this thread, the edit button is now available along with the flag post button. Not sure what that was about, but wanted to mention it here since I deleted the other thread.