Identityserver4: Nginx with identity server

I'd suggest getting it working with a stand-alone ASP.NET Core app, then load IS into it. If you have problems with that then you should ask Microsoft or StackOverflow. If you find that it works, then something about IS then causes problems, then reopen this issue.

I tested this on a simple application and it's working fine, actually it's working on the identity server application for /.well-known/openid-configuration endpoint but not working when I try to get the token from endpoint /connect/token maybe the nginx change something on the header before forwarding it to the IS app, I am not sure

Check the logs and see what they say.

This are the logs I am getting, I am seeing a warning CorsPolicyService did not allow origin: chrome-extension I am using postman for testing

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST http://192.168.1.200/connect/token application/x-www-form-urlencoded 115
dbug: IdentityServer4.CorsPolicyProvider[0]
      CORS request made for path: /connect/token from origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
dbug: IdentityServer4.Services.DefaultCorsPolicyService[0]
      AllowedOrigins configured and origin chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop is not allowed
dbug: IdentityServer4.Services.DefaultCorsPolicyService[0]
      Exiting; origin chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop is not allowed
warn: IdentityServer4.CorsPolicyProvider[0]
      CorsPolicyService did not allow origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
dbug: IdentityServer4.Hosting.EndpointRouter[0]
      Request path /connect/token matched to endpoint type Token
dbug: IdentityServer4.Hosting.EndpointRouter[0]
      Mapping found for endpoint: Token, creating handler: IdentityServer4.Endpoints.TokenEndpoint
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
      Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
      Start token request.
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
      Start client validation
dbug: IdentityServer4.Validation.BasicAuthenticationSecretParser[0]
      Start parsing Basic Authentication secret
dbug: IdentityServer4.Validation.SecretParser[0]
      Parser found secret: BasicAuthenticationSecretParser
dbug: IdentityServer4.Validation.SecretParser[0]
      Secret id found: shoura
dbug: IdentityServer4.Validation.SecretValidator[0]
      Secret validator success: HashedSharedSecretValidator
dbug: IdentityServer4.Validation.ClientSecretValidator[0]
      Client validation success
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
      Start token request validation
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
      Start resource owner password token request validation
dbug: IdentityServer4.Validation.TokenRequestValidator[0]
      Resource owner password token request validation success.
info: IdentityServer4.Validation.TokenRequestValidator[0]
      Token request validation success
      {
        "ClientId": "shoura",
        "ClientName": "shoura",
        "GrantType": "password",
        "Scopes": "shoura-api-core",
        "UserName": "shoura",
        "Raw": {
          "client_id": "shoura",
          "client_secret": "shoura_0",
          "grant_type": "password",
          "scope": "shoura-api-core",
          "username": "shoura",
          "password": "***REDACTED***"
        }
      }
dbug: IdentityServer4.Services.DefaultClaimsService[0]
      Getting claims for access token for client: shoura
dbug: IdentityServer4.Services.DefaultClaimsService[0]
      Getting claims for access token for subject: 58baca278a3122133df70589
dbug: IdentityServer4.Endpoints.TokenEndpoint[0]
      Token request success.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 61302.0498ms 200 application/json
info: Microsoft.AspNetCore.Server.Kestrel[14]
      Connection id "0HL33126C6DIV" communication error.
Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -32 EPIPE broken pipe

I don't think postman is subject to same origin policy, so CORS is not pertinent.

I can't figure this out yet, I am not sure if it's caused by postman or my IS, any idea what does the log means??

Try something other than postman.

I tried using curl from my pi and I am getting the exact same results

And you're not getting any results? Just a timeout? Can you check the nginx logs? According to the IS log above, the token endpoint is working correctly.

Yes just timeout, the IS takes too much time before logging the result I sent above and then postman reply with timeout.
Here are the logs from the nginx

2017/03/04 19:44:33 [error] 4227#4227: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.5, server: shoura-authentication.com, request: "POST /connect/token HTTP/1.1", upstream: "http://[::1]:5000/connect/token", host: "192.168.1.200:3000"

You will have to debug it and let us know what you find. If there's a bug or problem in IS then we will fix it. But since we can't tell from this what the real problem is, then I don't know then. Sorry.

@brockallen Thanks so much for your help. I will try to figure it out and if I get something I will post it here

Ok I found the problem thanks to you @brockallen, It was in nginx configuration I had to remove this line from the config proxy_set_header Connection 'upgrade'; changed it into proxy_set_header Connection '';

Do you have a good document on how to deploy aspnet core to nginx that we can add to our docs?

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.