Heyo! I will admit, I don't know a lot about oauth, so I apologize if I am just missing something.
I am running portainer on a server. I currently have my portainer instance running on domain.com:9443. I use nginx reverse proxy to redirect portainer.domain.com to domain.com:9443 (with an A record too) using this config:
upstream portainer {
server ip:9443;
}
server {
listen 80;
server_name portainer.domain.com;
return 301 https://portainer.domain.com$request_uri;
}
server {
listen 443 http2 ssl;
server_name portainer.domain.com;
ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/key;
location / {
proxy_pass https://portainer/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
In google cloud console, I have to following for oath:
JS origins: https://portainer.domain.com
Redirect URI: https://portainer.domain.com/
The problem is, when I try to sign in with google in portainer, I get "Error 400: redirect_uri_mismatch"
The error details say the redirect URI is https://domain.com:9443/, not https://portainer.domain.com. If I add https://domain.com:9443/ to my redirect URIs, it works, but it redirects me to domain.com:9443 after oath instead of portainer.domain.com (therefore leading to the site being insecure, as the cert is for portainer.domain.com.)
What am I missing? Have I configured nginx wrong?
Thank you!
Hi @pupik12,
Welcome to Google Cloud Community!
Regarding your URI, please try excluding trailing slash (/) in redirect URI. However, if your NGINX configuration location block uses a trailing slash, then your URI must have it.
Here are documentations related to OAuth2 in Google that can help you:
I hope the above information is helpful.