I'm trying to get a Node.js UI application using Azure OIDC/MSAL running locally under HTTPS using Nginx to get through the authentication process. This application is using the code from this Microsoft tutorial: Tutorial: Sign in users and acquire a token for Microsoft Graph in a Node.js & Express web app. The problem is the application fails with a 502 Bad Gateway error locally when trying to serve using HTTPS. We're using this article as a basis for setting Nginx up. Here is what the nginx.conf looks like:
events { worker_connections 1024;}http { map $http_upgrade $connection_upgrade { default upgrade;'' close; } access_log /tmp/nginx-access.log; error_log /tmp/nginx-error.log; server { listen 80; listen [::]:80; server_name admin.local.myserver.com; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; listen [::]:443 ssl; server_name admin.local.myserver.com; ssl_certificate /usr/local/etc/nginx/ssl/admin.local.myserver.com.pem; ssl_certificate_key /usr/local/etc/nginx/ssl/admin.local.myserver.com-key.pem; access_log /tmp/nginx.local-access.log; error_log /tmp/nginx.local-error.log; # Proxy for the client (port 3000) location / { proxy_pass http://localhost:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Proxy for the backend (port 3001) location /auth { proxy_pass http://localhost:3001/auth; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }}A couple of things to note. We have deployed the application with this code to our QA environment, and it works fine there. We are trying to get our local development machines (MacOS) set up to run the code locally, but having issues. The application starts up as it should, providing our company-branded login screens as expected. I can enter my credentials, appear to get logged in, and the step that happens after I make my choice for "Stay logged in?" is where the code crashes. The requests get into the handleRedirect() function in the code, and it crashes because it is expecting to have data in the session from previous steps in the process to be there, but it's not there, as it seems to be "losing" the cookies.
handleRedirect(options = {}) { return async (req, res, next) => { if (!req.body || !req.body.state) { return next(new Error('Error: response not found')); } const authCodeRequest = { ...req.session.authCodeRequest, <--- fails here code: req.body.code, codeVerifier: req.session.pkceCodes.verifier, };It appears the cookies aren't being persisted from previous steps because of the HTTPS. The body of the POST redirect has the data that is expected to be there.
Our local Azure admin has verified the configuration has been set up for local development just like it was for our QA environment. And the code I am trying to run locally is the same branch that has been deployed to QA.
I am new to Nginx and SSL and trying to get all that set up for local development, and that appears to be where the issue is, because as mentioned above, the same code is running in both places. Here are a couple of entries from the Nginx errors logs:
2024/11/07 14:37:10 [error] 26645#0: *142 kevent() reported that connect() failed (61: Connection refused) while connecting to upstream, client: 127.0.0.1, server: admin.local.myserver.com, request: "GET /static/js/vendors~main.chunk.js HTTP/1.1", upstream: "http://[::1]:3000/static/js/vendors~main.chunk.js", host: "admin.local.myserver.com", referrer: "https://admin.local.myserver.com/"2024/11/07 14:37:47 [error] 26645#0: *143 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: admin.local.myserver.com, request: "POST /auth/redirect HTTP/1.1", upstream: "http://127.0.0.1:3001/auth/redirect", host: "admin.local.myserver.com", referrer: "https://login.microsoftonline.com/"What am I missing here? Any suggestions?