如何在本地环境中在 Nginx 后面配置 NextAuth?

如何在本地环境中在 Nginx 后面配置 NextAuth?

我希望你可以帮助我。

目前我正在使用 docker compose 使用本地环境,我使用 NextAuth 构建了一个 NextJS 站点。我已将 Nginx 配置为代理,但当我尝试登录我的应用程序时遇到问题,出现以下错误:

[next-auth][error][SIGNIN_OAUTH_ERROR] 
https://next-auth.js.org/errors#signin_oauth_error connect ECONNREFUSED 127.0.0.1:80 {
  error: {
    message: 'connect ECONNREFUSED 127.0.0.1:80',
    stack: 'Error: connect ECONNREFUSED 127.0.0.1:80\n' +
      '    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1159:16)',
    name: 'Error'
  },
  providerId: 'keycloak',
  message: 'connect ECONNREFUSED 127.0.0.1:80'
}

我尝试过配置NEXTAUTH_URL_INTERNAL=http://next-container:3000NEXTAUTH_URL_INTERNAL=http://localhost:3000但没有成功。

这是我的 Nginx 配置:

server {
listen 80;
listen \[::\]:80;
server_name test.site.com;

    access_log /var/log/nginx/app.log;
    error_log /var/log/nginx/app-error.log;
    
    # To allow special characters in headers
    ignore_invalid_headers off;
    
    # Set to a value such as 1000m; to restrict file size to a specific value
    client_max_body_size 5m;
    
    proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address
    proxy_set_header X-Forwarded-Proto $scheme; # to forward the  original protocol (HTTP or HTTPS)
    proxy_set_header Host $host; # to forward the original host requested by the client
    
    location / {
        proxy_pass http://next-container:3001/;
    }
    
    location /keycloak/ {
        rewrite /keycloak/(.*) /$1  break;
    
        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
    
    
        proxy_pass http://keycloak:8080/;

    }

}

这是我的下一个.env文件:

NEXTAUTH_URL=http://test.site.com
NEXTAUTH_URL_INTERNAL=http://next-container:3001
NEXTAUTH_SECRET=some-secret

KEYCLOAK_CLIENT_ID=my-realm
KEYCLOAK_CLIENT_SECRET=client-secret
KEYCLOAK_ISSUER=http://test.site.com/keycloak/realms/my-realm

我的/etc/hosts:

127.0.0.1   test.site.com

我正在使用 Keycloak 来验证我的用户,但我认为这不是问题。

感谢您的时间 :)

相关内容