Reverse Proxy Sending 127.0.0.1 as URL, instead of external site-url.com to oauth callback

779 views Asked by At

I am transferring a site from the defunct OpenShift v2, to LightSail on AWS. I have the app up and running on LightSail at localhost:3333, forwarded externally. I am able to pull up the site using the site-url.com

However, when attempting to login to the app (using Passport Facebook). The callback url is getting set to 127.0.0.1, instead of the whitelisted (facebook dev) www.site-url.com

https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A3333%2Fauth%2Fwww.site-url.com%2Fauth%2Ffacebook%2Fcallback&scope=email&client_id=XXX

Relevant login code:

const appUrl = "www.site-url.com";
const callbackURL = appUrl + "/auth/facebook/callback";
passport.use(new FacebookStrategy({
                clientID: clientID,
                clientSecret: clientSecret,
                callbackURL: callbackURL,
                profileFields: ['id', 'displayName', 'email']
        },

...

app.get('/auth/facebook',
        passport.authenticate('facebook', { scope: ['email'] }));

app.get('/auth/facebook/callback',
        passport.authenticate('facebook',{
          successRedirect: appUrl + '/profile',
          failureRedirect: appUrl + '/?login-failed'}
        ));

I added appUrl, in an attempt to fix it via server code. However, I have a feeling Apache would be better suited at fixing this.

I setup the Proxy, following these instructions, and tried all variations of 127.x/site-url.com

ProxyPass / http://127.0.0.1:3333/
# ProxyPass / http://www.site-url.com/
ProxyPassReverse / http://127.0.0.1:3333/
# ProxyPassReverse / http://www.site-url.com/

Anyone have any ideas?

1

There are 1 answers

0
Vinnie James On BEST ANSWER

Turning on PreserveHost solved the issue, Facebook is now receiving the correct callback url

PreserveHost:

ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3333/
ProxyPassReverse / http://127.0.0.1:3333/

Apache config:

vim /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf

Append: Include "/home/bitnami/conf/httpd-app.conf

Start up the app using screen to avoid shutdown when SSH process is killed. Maybe try nodemon for resiliency

Thanks, @DusanBajic!