TSphinxServer.BaseURL and TSparkleHttpSysDispatcher port

Weetch_Russell · January 16, 2024, 6:55pm

We are trying to map through IIS to our Sphinx server using IIS URL Rewrites. So

the path http://dev.smxi.com/svr/auth directs to http://localhost:2020/GASphinx/

this works but we really need to set the TSphinxServer.BaseURL to http://dev.smxi.com/svr/auth but obviously still need the server to listen on http://+:2020/GASphinx

Can anyone suggest the best way to do that? thanks.

wlandgraf · January 16, 2024, 10:24pm

Why do you need to do that?

As a general rule, if you have intermediate servers between your original client and your server, and those server remaps the request sent by the client (modify the URL, headers, etc.), the de-facto standard way to handle such redirections is to use `x-forwarded-* headers.

That is explained all over the internet, for example:

All popular proxy servers add those headers when doing such redirects. I'm not sure if IIS URL Rewrites do so, if not, you should do it yourself.

Point is, all TMS Sparkle servers (thus, XData, Sphinx, etc.) can automatically handle that information if you add a Forward middleware to it. So that's all you should do, add a Forward middleware to your Sphinx server and it should work fine with any proxy servers that properly add the forwarding headers.

Weetch_Russell · January 17, 2024, 2:43am

Thanks Wagner. I have added this, although the pass through worked without it. The question is how I get Sphinx to return the issuer and endpoints when a call is made to http://dev.smxi.com/svr/auth/.well-known/openid-configuration which returns the paths based on the base url set in the Sphinx Server, rather than the external paths:

{
    "issuer": "http://localhost:2020/GASphinx",
    "authorization_endpoint": "http://localhost:2020/GASphinx/oauth/authorize",
    "token_endpoint": "http://localhost:2020/GASphinx/oauth/token",
    "response_types_supported": [
        "code",
        "id_token",
        "id_token token"
    ]
}

Weetch_Russell · January 17, 2024, 10:57am

We have used an outbound rule to rewrite the http://localhost/GASphinx and that works.

All the paths seem correct except for the call to the login page. Working on that now.

wlandgraf · January 17, 2024, 1:55pm

No, it returns the URL based on the original URL the client requested, thus if the forward headers are correct and the Forward middleware is added, it should work fine.

Weetch_Russell · January 18, 2024, 11:04am

I have it running with a few rewrites and a bit of structure. The forwarding middleware is installed and working as far as I can see

so:
SphinxServer.BaseURL := 'http://+2020/gasphinx';

Inbound rewrite maps auth.smxi.com/gasphinx to http://localhost:2020/gasphinx
Outbound (for openid-configuration body) replaces localhost:2020/gasphinx with auth.smxi.com/gaspinx

The final problem was that the Issuer in the JWT was set to http://localhost:2020/gasphinx. This is now overwritten in TSphinxConfig.ConfigureToken. Not sure if that is right, but it works.

wlandgraf · January 18, 2024, 12:35pm

That's a valid option, yes.

system · January 19, 2024, 12:36pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.