Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] Redirect URI passed as HTTP not HTTPS via OAuth2

  • 0
  • Self Hosted
  • Accounts
  • Web
View on Discord
Maksym Kryvoruchko
4 Jul, 2023, 07:24

My appwrite hosted at https://appwrite-domain.com/ and front-end app hosted at https://app-domain.com/, so both of them use "https". Front-end app use Web SDK and call "createOAuth2Session" with given provider, when I redirected to provider urls of Google or Facebook in "redirect_uri" param I see http://appwrite-domain.com/callback instead of "https".

As described above I used in both "https", so why it passed "http" instead. Can someone explain how Appwrite decide which protocol should be passed into this (attached screenshot from the code source).

TL;DR
Issue: The redirect URI passed as HTTP instead of HTTPS via OAuth2. Solution: The issue was resolved by changing the IP address of the host nginx proxy in the Traefik configuration. The incorrect IP address was causing the problem. To fix it, the nginx configuration needs to be changed to use HTTPS. Additional Notes: - The user had previously disabled Traefik's SSL generation and hosted both the front-end and Appwrite with ports 80/443 on the same server. - The user's Appwrite was hosted at https://appwrite-domain.com/ and the front-end app was hosted at https://app-domain.com
Maksym Kryvoruchko
4 Jul, 2023, 07:30

P.S. Maybe the reason with "Traefik" which used by Appwrite, before we have a problem with ports, because we need to host both front-end and appwrite with the 80/443 on the same server.

So for that we disabled traefik SSL generation, and transfer hosting to nginx and generate certificates for both of them here.

Binyamin
4 Jul, 2023, 14:59

Can you share your Nginx config, I think you'll need to change it to be also http.

Maksym Kryvoruchko
4 Jul, 2023, 20:07
Binyamin
4 Jul, 2023, 20:19

Good Try to change it so the internal revers proxy will go to an https one

TypeScript
    location / {
            proxy_pass  https://appwrite;
    ...
    }
Maksym Kryvoruchko
4 Jul, 2023, 20:55

@Binyamin, thanks for answer, I'm haven't direct access to server for changing this configuration, so I will comeback with answer if it helps me later.

Maksym Kryvoruchko
5 Jul, 2023, 07:57

Issue was resolved. For any one who stack with problem of nginx proxy to traefik (appwrite built-in), leave a description of problem:

It was in the wrong IP address of host nginx proxy in config of traefik.

services: traefik: image: traefik:2.7 container_name: appwrite-traefik <<: *x-logging command: - --entrypoints.appwrite_web.forwardedHeaders.trustedIPs=172.18.0.1 (here was missmatch)

This setting tells Traefik to trust X-Forwarded-* headers from nginx where IP address and Proto of real incoming connection is stored.

Maksym Kryvoruchko
5 Jul, 2023, 07:57

[SOLVED] Redirect URI passed as HTTP not HTTPS via OAuth2

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more