Having a very strange problem when trying to run an Anvil app (on my own Anvil appserver) that uses Microsoft Single Signon behind either an Apache2 or Nginx web server configured for reverse proxying.
I have the reverse proxy set up and working correctly, digital certs installed and tested working for both Anvil and the webserver. And I actually get the Microsoft login popup, everything works fine and authenticates with the Azure AD… until the authorization call back. I just see the anvil spinner animation and it sits there until it times out.
The last two entries in the webserver log are:
"POST /_/microsoft_auth_callback HTTP/1.1" 200 723 "https://login.microsoftonline.com/"
"GET /_/service-worker HTTP/1.1" 200 572091 "https://MYSERVER/_/service-worker"
(I just edited out the FQDN of the server Anvil is running on and replaced it with MYSERVER)
The strange thing is if I run Anvil on 443 without the webserver/reverse proxying, it works ok… Looks like something to do with the final callback and maybe headers getting stripped or mangled? Or maybe a bug in the server_worker? Not sure how to troubleshoot this further. It doesn’t seem to be related to a basic configuration problem with the webserver, since I’ve tried it with both Apache2 and Nginx and their configs are quite different.
Has anyone at Anvil seen something like this before, or have specific recommendations when reverse proxying with Apache2 or Nginx? This is the last hurdle to get my app up and usable, been banging my head against a wall for a day straight
Thanks!
Ken