Nginx Configuration for Custom ORDs with APEX features Google Authentication [updates on Nginx Proxy Manager]

Posted on

There are three things needed

  • Google Developer console API
  • APEX Social sign in Authentication method
  • Nginx Configuration

Google Settings, couple of things to watch out here

  • Search APIs & Services
  • Authorized redirect URIs (https://apex.chaoyu.nl/ords/apex_authentication_callback )
  • Client ID ( needed In APEX )
  • Client secret (needed In APEX)

APEX Social sign in Authentication method

  • Enable Google Authentication and Put in Client ID and secret

Make sure you have a user created in APEX with the same email as the username.

Nginx Configuration

Two settings here are important , they are needed for enable Google Oauth.

error_page 497 https://$host:$server_port$request_uri; link to read more

proxy_set_header Host $host:$server_port; link to read more 

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
#pid /run/nginx.pid;
events {
    worker_connections 1024;
}

http {
   # docker container ORDs servers
   upstream backend {
      server 192.168.178.68:8080;
      server 192.168.178.68:8081;
      server 192.168.178.68:8082;
   }
   # apex.chaoyu.nl
   server {
         listen 80;
         server_name apex.chaoyu.nl;
         return 301 https://$server_name$request_uri;
   }
   # Settings for a TLS enabled server.
    server {
        listen       443 ssl;
        server_name  apex.chaoyu.nl;
        error_page 497 https://$host:$server_port$request_uri;
        #root         /usr/share/nginx/html;
        ssl_certificate "/etc/letsencrypt/live/chaoyu.nl/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/chaoyu.nl/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        location / {
            client_max_body_size 15M;
            proxy_pass http://backend; # docker container backends
            proxy_set_header Origin "" ;
            proxy_set_header X-Forwarded-Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host:$server_port;
        }
    }
}

Try here https://apex.chaoyu.nl/

Recently I started to play around with Nginx Proxy Manager, it adds a UI on top of Nginx settings.

Here is the setting for my oci.chaoyu.nl settings. This is an apex domain running with a custom ORDs docker server (in an always free ARM docker server) and an always free ATP. Hier is the settings for apex with google authentication

Creates a redirect host
what it basically does is that it takes in 80 traffic and forward to 443 with a 301 response before it redirects
Nothing much to say here
syntax are almost the same as what you would do without ui, onlything I do differently is removing the server {}, ofc, dont forge to change to your ip address for the redirect

ORDs version 23

create a Proxy Host

# under Advanced Tab
# new orders has a now a new landing page... 
# this works directly with google authentication 

location / {
	rewrite ^/(.*)$ /ords/f?p=4500 last;
}
location /ords/ {
            proxy_pass http://192.168.178.70:8088/ords/;
            proxy_set_header Origin "" ;
            proxy_set_header X-Forwarded-Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host test003.chaoyu.nl:443;
}

Leave a Reply