After deploying our IdentityServer to a VPS with a subroute of /identity the discovery document no longer loads and always returns a 404 error. When running the server without nginx the discovery document loads fine.
We have tried using the following nginx configuration:
Startup.cs
var identityServer = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.PublicOrigin = "[Public facing URL]";
})
app.Map("/identity", authApp =>
{
app.UseStaticFiles("/identity");
app.UsePathBase("/identity");
authApp.UsePathBase(new PathString("/identity"));
authApp.UseIdentityServer();
app.UseMvcWithDefaultRoute();
});
NGINX
location /identity {
root /var/www/identityserver/wwwroot;
proxy_pass https://[path]:5021;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
The above configuration should result in the discovery document loading. However, we always get a 404 not found error. Are we lacking additional configuration in nginx or our identity server code?
It has been awhile since I posted this question. Since then the solution that worked for me was to remove the
app.Map("/identity", authApp =>
{
app.UseStaticFiles("/identity");
app.UsePathBase("/identity");
authApp.UsePathBase(new PathString("/identity"));
authApp.UseIdentityServer();
app.UseMvcWithDefaultRoute();
});
We replaced the above code with
authApp.UseIdentityServer();
app.UseMvcWithDefaultRoute();
Once we uploaded the changes we changed the nginx configuration to
server {
root /var/www/[location];
index index.php index.html index.htm;
server_name [SERVER_NAME];
location / {
proxy_pass https://127.0.0.1:[PORT];
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
One last change we made was to the nginx.conf file. We added the following to overcome the signin-oidc 502 bad gateway issue.
##
# signin-oidc 502 bad gateway
##
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
large_client_header_buffers 4 16k;
Once we made all these changes everything worked fine from there. I hope this helps someone else.