Identity Server 4 endpoints ports not filled

Question

Spec:

• .net core 2
• Identity Server 4

On local dev machine when I visit by Postman http://127.0.0.1:5000/.well-known/openid-configuration i can find for examply "jwks_uri" with address http: //127.0.0.1:5000/.well-known/openid-configuration/jwks

I can visit http: //127.0.0.1:5000/.well-known/openid-configuration/jwks and see result like:

{
    "keys": [
        {
            "kty": "RSA",
            "use": "sig",
            "kid": "6ca39c3dd4ffda97d502243e25fa4e54",
            "e": "AQAB",
            "n": "sZthlS0HE1pkbSnMlPyKNDkAqkQryeKG7YSRMeUbrDQARu-9f11iUFUblAdXUhuFRu0R77AQ-mhjy7kfjQMOT58gp3aMa17HTKcMxZRZEi-zcXZuxVA7Q0nuWrWp4_-0VAMV4OhGromZCFtUb26kRJXyKMNlHSM2irSJ9LWnx6NtSkHMrC_kv3kpciZWLx__9DkVM7wmYuGz9DMezoz7-FuwcJcGJHmVz7RNRwGNhdcvEG8nJE3fl8QQ16CjOim2X845gaIc9dWKi1MAA_LS1M2EK4aU8FZjVqgQgY472zrwGtUtwz25aUEZu130fthZabvOiWTDbztuYtOmrxP7BQ",
            "alg": "RS256"
        }
    ]
}

Port 5000 is the most important thing

DEV MACHINE SCREENSHOT

On local dev machine when I visit by Postman http://192.168.168.13:81/.well-known/openid-configuration i can find for examply "jwks_uri" with address http: //192.168.168.13/.well-known/openid-configuration/jwks

I cannot visit http://192.168.168.13/.well-known/openid-configuration/jwks beacuse i recieve error 404:

nginx error!
The page you are looking for is not found.

There is no port 81

I can visit http: //192.168.168.13:81/.well-known/openid-configuration/jwks and see result like:

{
    "keys": [
        {
            "kty": "RSA",
            "use": "sig",
            "kid": "6ca39c3dd4ffda97d502243e25fa4e54",
            "e": "AQAB",
            "n": "sZthlS0HE1pkbSnMlPyKNDkAqkQryeKG7YSRMeUbrDQARu-9f11iUFUblAdXUhuFRu0R77AQ-mhjy7kfjQMOT58gp3aMa17HTKcMxZRZEi-zcXZuxVA7Q0nuWrWp4_-0VAMV4OhGromZCFtUb26kRJXyKMNlHSM2irSJ9LWnx6NtSkHMrC_kv3kpciZWLx__9DkVM7wmYuGz9DMezoz7-FuwcJcGJHmVz7RNRwGNhdcvEG8nJE3fl8QQ16CjOim2X845gaIc9dWKi1MAA_LS1M2EK4aU8FZjVqgQgY472zrwGtUtwz25aUEZu130fthZabvOiWTDbztuYtOmrxP7BQ",
            "alg": "RS256"
        }
    ]
}

SERVER MACHINE SCREENSHOT

This is my Centos firewall settings:

 public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: ssh dhcpv6-client
  ports: 80/tcp 443/tcp 81/tcp 82/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

This is my nginx configuration for reverse proxy:

server {
    listen 81;
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

As far I have investigated the problem is that in .well-known/openid-configuration there is no proper ports (in that case 81) on server machine.

Endpoints exists, beacuse when I have manually added port 81 to endpoint, endpoint is avaiable.

Beacuse my application relly on .well-known/openid-configuration to autodiscover endpoints my authentication doesn't work. I don't know wether problem is on IdentityServer 4 configuration or on Centos configuration.

Answer 1

If anybody is facing the same issue, the following link will be helpful :)

http://amilspage.com/set-identityserver4-url-behind-loadbalancer/

Especially this part:

app.UseMiddleware<PublicFacingUrlMiddleware>