We are migrating from Apache server to Nginx(Openresty). I am using the all configuration available in Apache config to Nginx config file. It is working except logout. It returns the below error in browser(chrome) on logout. Actually the location "/secret/redirect" is not exist in server only the folder secret is exists. Because according the gluu configuration **"Populate the OIDCRedirectURI with a value that is not used by the server. The apache-filter uses the redirect_uri to process the response from the OpenID Provider (Gluu Server)."** One more thing that redirect_uri is getting used at that time of login as well(noticed in browser console) but login is working fine. Please check it all and let me know your suggestions. Thank you. Ref: https://gluu.org/docs/ce/integration/sswebapps/openidc-rp/ **Browser error on logout:** ``` This site can’t be reached The web page at https://servername.com/secret/redirect?logout=https%3A%2F%2Fservername.com%2Fportal%2F might be temporarily down or it may have moved permanently to a new web address. ERR_INVALID_RESPONSE ``` **Nginx server configuration:** ``` lua_package_path '~/lua/?.lua;;'; resolver 8.8.8.8; lua_ssl_trusted_certificate /etc/nginx/ssl/cert.crt; lua_ssl_verify_depth 5; # cache for discovery metadata documents lua_shared_dict discovery 1m; # cache for JWKs lua_shared_dict jwks 1m; # NB: if you have "lua_code_cache off;", use: # set $session_secret xxxxxxxxxxxxxxxxxxx; # see: https://github.com/bungle/lua-resty-session#notes-about-turning-lua-code-cache-off server { listen 80; return 301 https://$host$request_uri; root /var/www/html; } server { listen 443; server_name iot.servername.com; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } location / { set $user_name ''; access_by_lua_block { local opts = { redirect_uri_path = "/secret/redirect", discovery = "https://hostname/.well-known/openid-configuration", client_id = "@!22A9 - my client id is here", client_secret = "password", scope = "openid user_name profile", redirect_uri_scheme = "https", token_endpoint_auth_method = "client_secret_basic", ssl_verify = "no", timeout = 7200, } -- call authenticate for OpenID Connect user authentication local res, err = require("resty.openidc").authenticate(opts) if err then ngx.status = 500 ngx.say(err) ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) end ngx.var.user_name = res.user.user_name #ngx.var.remote_user = res.user.user_name } } location /api/ { proxy_pass http://java-servie:8800/; proxy_set_header remote_user $user_name; proxy_set_header X-Forwarded-Proto "https"; } } ```