我的 WebApi 受 nginx 反向代理后面的 IdentityServer4 保护。
代理通行证配置:
location /api/ {
proxy_pass http://127.0.0.1:3110/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_buffering off;
expires 0;
}
如果去https://www.example.com/api/.well-known/openid-configuration https://www.example.com/api/.well-known/openid-configuration它返回给我这个配置:
{
"issuer": "http://www.example.com",
"jwks_uri": "http://www.example.com/.well-known/openid-configuration/jwks",
"authorization_endpoint": "http://www.example.com/connect/authorize",
"token_endpoint": "http://www.example.com/connect/token",
"userinfo_endpoint": "http://www.example.com/connect/userinfo",
"end_session_endpoint": "http://www.example.com/connect/endsession",
"check_session_iframe": "http://www.example.com/connect/checksession",
"revocation_endpoint": "http://www.example.com/connect/revocation",
"introspection_endpoint": "http://www.example.com/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"roles",
"WebAPI",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"role",
"firm"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}
但我希望所有的网址都应该从https://www.example.com/api/ https://www.example.com/api/如何正确配置呢?