TSphinxServer.BaseURL and TSparkleHttpSysDispatcher port

We are trying to map through IIS to our Sphinx server using IIS URL Rewrites. So

the path http://dev.smxi.com/svr/auth directs to http://localhost:2020/GASphinx/

this works but we really need to set the TSphinxServer.BaseURL to http://dev.smxi.com/svr/auth but obviously still need the server to listen on http://+:2020/GASphinx

Can anyone suggest the best way to do that? thanks.

Why do you need to do that?

As a general rule, if you have intermediate servers between your original client and your server, and those server remaps the request sent by the client (modify the URL, headers, etc.), the de-facto standard way to handle such redirections is to use `x-forwarded-* headers.

That is explained all over the internet, for example:

All popular proxy servers add those headers when doing such redirects. I'm not sure if IIS URL Rewrites do so, if not, you should do it yourself.

Point is, all TMS Sparkle servers (thus, XData, Sphinx, etc.) can automatically handle that information if you add a Forward middleware to it. So that's all you should do, add a Forward middleware to your Sphinx server and it should work fine with any proxy servers that properly add the forwarding headers.

Thanks Wagner. I have added this, although the pass through worked without it. The question is how I get Sphinx to return the issuer and endpoints when a call is made to http://dev.smxi.com/svr/auth/.well-known/openid-configuration which returns the paths based on the base url set in the Sphinx Server, rather than the external paths:

    "issuer": "http://localhost:2020/GASphinx",
    "authorization_endpoint": "http://localhost:2020/GASphinx/oauth/authorize",
    "token_endpoint": "http://localhost:2020/GASphinx/oauth/token",
    "response_types_supported": [
        "id_token token"

We have used an outbound rule to rewrite the http://localhost/GASphinx and that works.

All the paths seem correct except for the call to the login page. Working on that now.

No, it returns the URL based on the original URL the client requested, thus if the forward headers are correct and the Forward middleware is added, it should work fine.

I have it running with a few rewrites and a bit of structure. The forwarding middleware is installed and working as far as I can see

SphinxServer.BaseURL := 'http://+2020/gasphinx';

Inbound rewrite maps auth.smxi.com/gasphinx to http://localhost:2020/gasphinx
Outbound (for openid-configuration body) replaces localhost:2020/gasphinx with auth.smxi.com/gaspinx

The final problem was that the Issuer in the JWT was set to http://localhost:2020/gasphinx. This is now overwritten in TSphinxConfig.ConfigureToken. Not sure if that is right, but it works.

That's a valid option, yes.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.