Title
OIDC redirect_uri is using wrong scheme and port
Platform
Website - Other Browser
Server Installation Method
Docker
Version
dev-1.11.2
Troubleshooting
The Problem
I have Termix configured with PocketID as OIDC provider.
The configuration is as follows:
- Termix runs on my NAS which is a Linux machine. The docker container does not expose port to the host.
- A Zoraxy container runs on the same machine, and it joins the same docker network with Termix. It can reach Termix using
Termix:8080. The reverse proxy exposes https://termix.internal.example.com:8443 to LAN, and it has valid SSL certificate issued.
It worked with latest image. But in order to bypass #500 , I tried to use the dev-1.11.2 docker image. After switching, Termix began to redirect users to OIDC provider with redirect_uri set to http://termix.internal.example.com/users/oidc/callback. I think this is because SSL is terminated at the reverse proxy, and the proxy then connects to Termix using plain HTTP, so the scheme (protocol) Termix is seeing is http.
Previously Termix can correctly set redirect_uri to https://termix.internal.example.com:8443/users/oidc/callback. This is due to it using Origin instead of building a URL string out of different sources. I think the related code is here: https://github.com/Termix-SSH/Termix/blame/6abfd98f3d2d420539a986d58d1ff1e3f3965cfd/src/backend/database/routes/users.ts#L822
How to Reproduce
- Configure a reverse proxy to use HTTPS and a different port than Termix.
- Configure OIDC.
- Try to login.
Additional Context
If I manually change redirect_uri to the correct URI my OIDC provider requires, I can correctly login.
Title
OIDC redirect_uri is using wrong scheme and port
Platform
Website - Other Browser
Server Installation Method
Docker
Version
dev-1.11.2
Troubleshooting
The Problem
I have Termix configured with PocketID as OIDC provider.
The configuration is as follows:
Termix:8080. The reverse proxy exposeshttps://termix.internal.example.com:8443to LAN, and it has valid SSL certificate issued.It worked with
latestimage. But in order to bypass #500 , I tried to use thedev-1.11.2docker image. After switching, Termix began to redirect users to OIDC provider withredirect_uriset tohttp://termix.internal.example.com/users/oidc/callback. I think this is because SSL is terminated at the reverse proxy, and the proxy then connects to Termix using plain HTTP, so the scheme (protocol) Termix is seeing ishttp.Previously Termix can correctly set
redirect_uritohttps://termix.internal.example.com:8443/users/oidc/callback. This is due to it usingOrigininstead of building a URL string out of different sources. I think the related code is here: https://github.com/Termix-SSH/Termix/blame/6abfd98f3d2d420539a986d58d1ff1e3f3965cfd/src/backend/database/routes/users.ts#L822How to Reproduce
Additional Context
If I manually change
redirect_urito the correct URI my OIDC provider requires, I can correctly login.