nginx登录失败，post中缺少端口号等

KeyClope在进入页面时失去对传递的端口号的控制：30666

但是，“提交”按钮不包含ip+端口号，此处仅使用ip地址。因为帖子失败了

重定向失败了

我如何让KeyClope在代理后工作？

KeyClope在NGinx代理后面的kubernetes集群中运行，配置如下：

worker_processes  1;
error_log /dev/stderr warn;

events {
    worker_connections 1024;
}

# make sure to set plaintext JWT_SECRET environment variable
env JWT_SECRET;

http {

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /dev/stdout main;

    lua_package_path "/usr/local/openresty/lualib/?.lua;;";

    server {
        listen 8080;
        root /;

        # load index page from nginx implementing the KC javascript:
        location / {
            index index.htm index.html;
        }

        location /auth {
            proxy_pass http://idp:8080/auth;
            proxy_http_version 1.1; # this is essential for chunked responses to work
            proxy_buffering    off;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Scheme $scheme;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
        }

        # Secured endpoints
        location /secure/ {
            access_by_lua_file /bearer.lua;

            default_type text/plain;
            echo "<p>i am protected by jwt<p>";
        }
    }
}

---

问题是

proxy\u set\u头$host

，它应该是

$host:$server\u port

此外，不需要为代理URL添加后缀/auth URI。如果未指定，则Nginx将在不更改URI的情况下传输URI

配置应为：

location /auth {
        proxy_pass http://idp:8080;
        ...
        proxy_set_header Host $host:$server_port;

参考文献

注意：KeyClope客户端可能需要HTTPS URL。如果您在Nginx中启用了HTTPS，那么请记住也要使用x-forwarded-proto头将方案传递给keydape

        proxy_set_header x-forwarded-proto $scheme;

---

您还必须添加以下标题

proxy_set_header    X-Forwarded-Port   $server_port;

---

今天，我将在一个或类似的实例后面运行keydeport实例。这样配置就更容易了。

proxy_set_header    X-Forwarded-Port   $server_port;