Nginx proxy with Google OAuth 2.0

Question

I have an Ubuntu 14.04 server and I have a meteor application that runs at localhost:3000 on this server. The public FQDN of my server is sub.example.com. The meteor application uses Google OAuth 2.0, I have the following configured in the Google API Console:

URI REDIRECTION  
http://sub.example.com/_oauth/google
http://sub.example.com/_oauth/google?close
 ORIGINES JAVASCRIPT 
http://sub.example.com

My Nginx config file looks like this:

server {
    listen 80 default_server;
    server_name sub.example.com www.sub.example.com;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://localhost:3000;
    }
}

The proxy works and I can access my meteor application when I go to sub.example.com. But when in this application I try to use Google OAuth 2.0, a pop up opens as it should and I get :

Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/_oauth/google?close did not match a registered redirect URI.

I have played with the header in the nginx config file with no luck.

I'm obviously missing something.

Answer 1

You should rewrite the Location headers that your backend sends to Nginx described in http://wiki.nginx.org/HttpProxyModule#proxy_redirect, so:

proxy_redirect http://localhost:3000/_oauth/google http://sub.example.com/_oauth/google;

the other option, that would work for popup-style login as well is to set the ROOT_URL environment variable for Meteor at startup as follows:

ROOT_URL="http://sub.example.com" PORT=3000 node main.js