CODEWITHSUNDEEP
openidflask
patrickn
patrickn

Reputation: 2561

Flask-OpenID issues with proxy server

all - I'm having an issue trying to deploy a site that uses the Flask-OpenID extension. On localhost, I have no problems moving through the full login -> after login cycle - but on my production server, which is running an Nginx proxy in front of the Flask app (running with Gunicorn) I'm getting errors with the openid.realm and openid.return_to parameters of the response from any provider I connect to.

Basically, realm and return_to are pointing at my downstream Flask app instead of the proxy server. For example, for an intended "next" url of http://www.foo.com/login/ the Flask-OpenID machinery is making the provider instead target http://127.0.0.1:8000/login/?next=/login/, which is the localhost and port my Flask app is running on.

Is there any way to control this behavior and have Flask-OpenID correctly redirect through the proxy server?

Upvotes: 2

Views: 713

Answers (1)

DazWorrall
DazWorrall

Reputation: 14210

It sounds like your proxy server isnt passing on the HOST header, using nginx you can use proxy_set_header Host $host; in your location directive.

You may also want to look at setting the X-Forwarded-For and X-Forwarded-Proto headers so you can read the actual client IP and protocol correctly. Werkzeug provides a fixer to help with this, and there's an example detailed in the Flask docs, request.remote_addr should then be what you expect.

Here's a more complete nginx location directive:

location / {
    proxy_pass  http://localhost:8000/;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Upvotes: 1

Related Questions