https://www.ory.sh/ logo
Join Slack
Powered by
Hi, i have this configuration for nginx: ```upstre...
# ory-selfhosting
w
Hi, i have this configuration for nginx:
Copy code
upstream public_api {
        server 127.0.0.1:4444;
        server 127.0.0.1:4444;
}

upstream admin_api {
        server 127.0.0.1:4445;
        server 127.0.0.1:4445;
}
server {
        listen 80;
        server_name <http://auth.ex.it|auth.ex.it>;
        if ($host = <http://auth.ex.it|auth.ex.it>) {
                return 301 https://$host$request_uri;
        }
}
server {
        server_name <http://auth.ex.it|auth.ex.it>;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/auth.ex.it/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/auth.ex.it/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location ~ ^/(.well-known|oauth2/auth|oauth2/token|oauth2/revoke|oauth2/fallbacks/consent|oauth2/fallbacks/error|userinfo)/? {
       proxy_pass <http://public_api>;
       proxy_redirect          off;
       proxy_set_header        Host            $host;
       proxy_set_header        X-Real-IP       $remote_addr;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;

   }
   location ~ ^/(clients|keys|health|metrics|version|oauth2/auth/requests|oauth2/introspect|oauth2/flush)/? {
       set $allow 0;
       if ($remote_addr ~* "172.28.0.*") {
           set $allow 1;
       }
       if ($arg_secret = "ABCDE2019") {
           set $allow 1;
       }
       if ($allow = 0) {
           return 403;
       }

       rewrite /admin/(.*) /$1  break;

       proxy_pass <http://admin_api>;
       proxy_redirect          off;
       proxy_set_header        Host            $host;
       proxy_set_header        X-Real-IP       $remote_addr;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
   }
}
and I cannot reach 
/admin/oauth2/introspect
. I tried also from ory sdk for javascript/typescript but it returns 404. Could you please help me?
3 Views
Open in Slack
PreviousNext
Powered by