I'm trying to use nginx as a proxy server and use express+passport to authenticate user before showing private/static file(s).
I'm only working with http now (during the development stage). I found Express + Nginx. Can't serve static files and learned quite some from it but my code is not working.
My nginx settings:
http {
server {
listen 80;
root /var/www/html;
location /private {
proxy_pass http://myIP4:3000/private; #3000 is the port for express server
proxy_method GET;
}
}
}
My express(passport) code is like:
...
...
#simplified login, real code is longer
app.use('/login', passport.authenticated('local'),function(req, res){
res.redirect('/private/index.html'); #if authentication is OK
});
app.use(function(req,res,next){
if ((req.url !== '/login') && (!req.isAuthenticated()) ){ #not the login page and not authentication failed
res.redirect(301,'http://myIP4/login.html');
}
else {#if authenticated
console.log('authentication OK');
express.static("/var/www/html/private/");
}
});
My login API works fine, after I submit the username/password, I could see login successfully. But the redirect has some issues: the browser could not show the destination file: /private/index.html (after login) and /private/test.html (if I type the full url directly in my browser after login successfully).
Browser shows:
Cannot GET /private/index.html
Debug of Browser shows:
Content Security Policy: The page’s settings blocked the loading of a resource at http://myIP4/favicon.ico (“default-src”).
I found some posts about setting Content_Secrity_policy but I could not make it working after some try out.
Thanks for your time help!
