Search code examples
nginxidentityserver4

Discovery document in IdentityServer4 returns 404 on Ubuntu nginx

After deploying our IdentityServer to a VPS with a subroute of /identity the discovery document no longer loads and always returns a 404 error. When running the server without nginx the discovery document loads fine.

We have tried using the following nginx configuration:

Startup.cs

var identityServer = services.AddIdentityServer(options =>
            {
                options.Events.RaiseErrorEvents = true;
                options.Events.RaiseInformationEvents = true;
                options.Events.RaiseFailureEvents = true;
                options.Events.RaiseSuccessEvents = true;
                options.PublicOrigin = "[Public facing URL]";
            })

app.Map("/identity", authApp =>
            {
                app.UseStaticFiles("/identity");
                app.UsePathBase("/identity");
                authApp.UsePathBase(new PathString("/identity"));
                authApp.UseIdentityServer();
                app.UseMvcWithDefaultRoute();
            });

NGINX 

location /identity {
        root /var/www/identityserver/wwwroot;

        proxy_pass         https://[path]:5021;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

The above configuration should result in the discovery document loading. However, we always get a 404 not found error. Are we lacking additional configuration in nginx or our identity server code?

Solution

  • It has been awhile since I posted this question. Since then the solution that worked for me was to remove the 

    app.Map("/identity", authApp =>
            {
                app.UseStaticFiles("/identity");
                app.UsePathBase("/identity");
                authApp.UsePathBase(new PathString("/identity"));
                authApp.UseIdentityServer();
                app.UseMvcWithDefaultRoute();
            });

    We replaced the above code with

    authApp.UseIdentityServer();
app.UseMvcWithDefaultRoute();

    Once we uploaded the changes we changed the nginx configuration to

    server {

    root /var/www/[location];
    index index.php index.html index.htm;

    server_name [SERVER_NAME];    


    location / {

        proxy_pass         https://127.0.0.1:[PORT];
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

    One last change we made was to the nginx.conf file. We added the following to overcome the signin-oidc 502 bad gateway issue.

        ##
    # signin-oidc 502 bad gateway
    ##
    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;
    large_client_header_buffers 4 16k;

    Once we made all these changes everything worked fine from there. I hope this helps someone else.