OH3 with NGinx reverse proxy and Auth: blank page when reconnecting

I’ve tried to find someone having the same problem, but, even if some are quite the same, the configuration are not exactly as mine.

Let me try to explain.
I’m using OH3.2 behind Nginx. I’m also using Vouch to provide SSO over different services (OH being one of them).

The configuration is pretty straightforward, nothing fancy I think.

Everything runs in its own Docker container, life is beautiful… except when my SSO token expires or if I logout (and invalidate it).

In this case, when I try to go back to OH, I can only see a blank page (black in my case as I use the dark theme).

Here is what can be observed in the dev tools:

The problem is the same no matter what web browser is used (tried with Brave, Chrome, FF).

If I force reload the page, it works.

My NGinx configuration is rather (too?) simple:

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''    close;
}

upstream openhab {
    server 192.168.0.10:9443;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name d*******************.info;

    access_log /var/log/nginx/openhab-access.log specialLog;
    include conf.d/include/ssl.inc;
    include conf.d/include/nginx-sso_auth.inc;

    large_client_header_buffers 10 512k;

    location / {
        auth_request_set $cookie $upstream_http_set_cookie;
        add_header Set-Cookie $cookie;

        auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
        proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;

        proxy_pass https://openhab/;

        proxy_set_header Host                 $http_host;
        proxy_set_header X-Real-IP            $remote_addr;
        proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto    $scheme;

        proxy_set_header Upgrade                $http_upgrade;
        proxy_set_header Connection             "Upgrade";
        proxy_http_version                      1.1;

It’s quite easy to reproduce, considering Vouch, NGinx and OH are running together.

I’ve tried many different things (trying to force no cache on all resources for example, just to force something to be loaded everytime I access OH and be properly redirected to Vouch…) but nothing works.

It’s quite annoying (to say the least) since I’ve created a shortcut to OH on my Android phone, which just open a web browser empty shell to display my instance. Of course, as it’s an empty shell, there is no ‘reload’ button or whatever, so when the screen is black (Vouch token expired), it just doesn’t work…

Any help appreciated.

I am not completely sure if it helps, but since your log provides a CORS error i wanted to share my additional headers, i am using for openHAB.

I am not using any sso service but had a (nearly) blank page problem too.
In my case only the sidebar and footer where rendered but nothing else.

I am not sure where i got those headers from exactly.
It was one of the many threads around here regarding nginx reverse proxy.
Those headers provide a pretty stable experience for me for some months now.

# Cross-Origin Resource Sharing.
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow_Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;

# openHAB 3 api authentication
add_header Set-Cookie X-OPENHAB-AUTH-HEADER=1;

I’ve tried your suggestions, but unfortunately, it didn’t work.