erral
(Mikel Larreategi)
May 24, 2023, 6:17am
21
Hi ramiroluz:
We use nginx to expose Volto and Plone to the public, and we use a configuration like this to do so: bobtemplates.cs/volto.tpl at master · codesyntax/bobtemplates.cs · GitHub
With this configuration we have both www.domain.com and www.domain.com/api pointing the first to Volto and the second to Plone, and we get to expose /api and make the OIDC login process work.
BR,
2 Likes
ramiroluz
(Ramiro Batista da Luz)
May 24, 2023, 1:40pm
22
Thank you @erral
We intend to adapt this conf to test local.
What is plone at the end? (Our site is Plone). We use backend and frontend as server names.
proxy_pass http://${buildout:projectname}plone;
Our default.conf:
upstream backend {
server backend:8080;
}
upstream frontend {
server frontend:3000;
}
server {
listen 80 default_server;
server_name plone.localhost;
location ~ /\+\+api\+\+($|/.*) {
rewrite ^/(\+\+api\+\+\/?)+($|/.*) /VirtualHostBase/http/$server_name/Plone/++api++/VirtualHostRoot/$2 break;
proxy_pass http://backend;
}
location ~ / {
location ~* \.(js|jsx|css|less|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
expires +1y;
proxy_pass http://frontend;
}
location ~* static.*\.(ico|jpg|jpeg|png|gif|svg)$ {
add_header Cache-Control "public";
expires +1y;
proxy_pass http://frontend;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://frontend;
}
}
erral
(Mikel Larreategi)
May 24, 2023, 3:56pm
23
We use this template to autogenerate the nginx configuration ${buildout:projectname}plone
is generated from buildout, and its definition is on the first lines of the file: bobtemplates.cs/volto.tpl at master · codesyntax/bobtemplates.cs · GitHub
In your case you would need to point to http://backend , because that's the name of the Plone backend service.
1 Like
ramiroluz
(Ramiro Batista da Luz)
May 24, 2023, 5:14pm
24
Thanks, I was wondering how the template was being rendered and the value. It unblocked me big. You have a beer if you like.
1 Like
ramiroluz
(Ramiro Batista da Luz)
June 6, 2023, 8:20pm
25
We have an issue with logout. When we go to localhost/api/acl_users/oidc/logout it fails complaining about the parameters. Maybe it relates to the keycloak version, 20.0.3.
The keycloak expects the folowing parameters:
* @param encodedIdToken Parameter "id_token_hint" as described in the specification.
* @param clientId Parameter "client_id" as described in the specification.
* @param postLogoutRedirectUri Parameter "post_logout_redirect_uri" as described in the specification with the URL to redirect after logout.
The plugin sends only redirect_uri as a parameter for the logout api endpoint.
redirect_uri = api.portal.get().absolute_url()
# Volto frontend mapping exception
if redirect_uri.endswith('/api'):
redirect_uri = redirect_uri[:-4]
args = {
# 'state': session.get('end_session_state'),
# TODO: ....
# 'post_logout_redirect_uri': api.portal.get().absolute_url(),
"redirect_uri": redirect_uri,
}
pas = getToolByName(self.context, "acl_users")
auth_cookie_name = pas.credentials_cookie_auth.cookie_name
# end_req = client.construct_EndSessionRequest(request_args=args)
end_req = EndSessionRequest(**args)
logout_url = end_req.request(client.end_session_endpoint)
self.request.response.setHeader("Cache-Control", "no-cache, must-revalidate")
# TODO: change path with portal_path
I may be able to create a pull request if I learn how to get the encoded id token for the id_token_hint parameter.
1 Like