salmon-article-80089
04/17/2022, 3:50 AMsticky-guitar-94474
04/18/2022, 5:50 AMdamp-sunset-69236
04/18/2022, 6:28 AMaccess-rules
and oathkeeper.yml
. Consider removing any sensitive information.salmon-article-80089
04/18/2022, 7:57 AMsalmon-article-80089
04/18/2022, 7:57 AMsalmon-article-80089
04/18/2022, 8:48 AMsalmon-article-80089
04/18/2022, 8:48 AMsalmon-article-80089
04/18/2022, 8:48 AMsalmon-article-80089
04/18/2022, 8:58 AMsalmon-article-80089
04/18/2022, 8:58 AMdamp-sunset-69236
04/19/2022, 6:44 AMcookie_session
is correct way to write it.
However, I assume there can be a bug somewhere else. Do you receive headers in your remote authorizer?damp-sunset-69236
04/19/2022, 6:46 AM"accept-encoding":"gzip, deflate, br"
I assume that there can be a small bug with oathkeeper that it does not handle gzip responses from authenticators/authorizers. As a solution you can disable gzip/deflate encodings and check it.salmon-article-80089
04/19/2022, 7:11 AMsalmon-article-80089
04/24/2022, 4:12 AMdamp-sunset-69236
04/25/2022, 8:07 AMsalmon-article-80089
04/25/2022, 8:34 AMsalmon-article-80089
04/25/2022, 8:37 AMserver {
listen 443 ssl;
ssl_certificate /etc/nginx/nginx.crt;
ssl_certificate_key /etc/nginx/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH;
ssl_prefer_server_ciphers on;
charset utf-8;
server_name mail.iap.hamimco.ir;
location / {
gzip off;
aio threads;
auth_request /auth;
#auth_request_set $auth_status $upstream_status;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Authorization $http_authorization;
add_header Access-Control-Allow-Origin "*";
keepalive_timeout 70s;
proxy_set_header Accept-Encoding "";
proxy_http_version 1.1;
proxy_pass https://upstream_server/;
client_max_body_size 10240M;
proxy_pass_header Server;
proxy_redirect default;
proxy_intercept_errors off;
}
location = /auth {
gzip off;
internal;
aio threads;
#client_max_body_size 2056M;
#keepalive_timeout 70s;
proxy_pass http://matching_url:4456/decisions/;
# proxy_pass http://oathkeeper:4456/decisions/
proxy_pass_request_body off;
#proxy_http_version 1.1;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length "";
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
}
}damp-sunset-69236
04/25/2022, 8:38 AMdamp-sunset-69236
04/25/2022, 8:39 AMsalmon-article-80089
04/25/2022, 8:40 AMsalmon-article-80089
04/25/2022, 8:41 AMdamp-sunset-69236
04/25/2022, 8:42 AMsalmon-article-80089
04/25/2022, 8:42 AMsalmon-article-80089
04/26/2022, 3:59 AM