From 561578dffc05c7aee0c8cdf3dae9ebc8e81f7735 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Sun, 27 Jan 2019 15:55:40 +0100 Subject: [PATCH] Remove generated nginx portal configuration. --- example/compose/nginx/portal/.gitignore | 2 + example/compose/nginx/portal/nginx.conf | 381 ------------------------ 2 files changed, 2 insertions(+), 381 deletions(-) create mode 100644 example/compose/nginx/portal/.gitignore delete mode 100644 example/compose/nginx/portal/nginx.conf diff --git a/example/compose/nginx/portal/.gitignore b/example/compose/nginx/portal/.gitignore new file mode 100644 index 00000000..49dfdc98 --- /dev/null +++ b/example/compose/nginx/portal/.gitignore @@ -0,0 +1,2 @@ + +nginx.conf diff --git a/example/compose/nginx/portal/nginx.conf b/example/compose/nginx/portal/nginx.conf deleted file mode 100644 index b5fe3db1..00000000 --- a/example/compose/nginx/portal/nginx.conf +++ /dev/null @@ -1,381 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - server { - listen 443 ssl; - server_name _; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - return 301 https://home.example.com:8080/; - } - - - server { - listen 443 ssl; - server_name login.example.com; - - resolver 127.0.0.11 ipv6=off; - set $backend_endpoint http://192.168.240.1:9091; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - # Serves the portal application. - location / { - proxy_pass $backend_endpoint/index.html; - } - - location /static { - proxy_pass $backend_endpoint; - } - - # Serve the backend API for the portal. - location /api { - proxy_set_header Host $http_host; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_intercept_errors on; - - proxy_pass $backend_endpoint; - } - } - - - server { - listen 443 ssl; - server_name home.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_endpoint http://nginx-backend; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location / { - proxy_set_header Host $http_host; - proxy_pass $upstream_endpoint; - } - } - - server { - listen 443 ssl; - server_name public.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia:8080/api/verify; - set $upstream_endpoint http://nginx-backend; - set $upstream_headers http://httpbin:8000/headers; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location /auth_verify { - internal; - proxy_set_header Host $http_host; - - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - location / { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - proxy_set_header Host $http_host; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_endpoint; - } - - location /headers { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header Custom-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Custom-Forwarded-Groups $groups; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_headers; - } - } - - server { - listen 443 ssl; - server_name admin.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia:8080/api/verify; - set $upstream_endpoint http://nginx-backend; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location /auth_verify { - internal; - proxy_set_header Host $http_host; - - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - location / { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - proxy_set_header Host $http_host; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_endpoint; - } - } - - server { - listen 443 ssl; - server_name dev.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia:8080/api/verify; - set $upstream_endpoint http://nginx-backend; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location /auth_verify { - internal; - proxy_set_header Host $http_host; - - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - location / { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - proxy_set_header Host $http_host; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_endpoint; - } - } - - server { - listen 443 ssl; - server_name mx1.mail.example.com mx2.mail.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia:8080/api/verify; - set $upstream_endpoint http://nginx-backend; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location /auth_verify { - internal; - proxy_set_header Host $http_host; - - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - location / { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - proxy_set_header Host $http_host; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_endpoint; - } - } - - server { - listen 443 ssl; - server_name single_factor.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_verify http://authelia:8080/api/verify; - set $upstream_endpoint http://nginx-backend; - set $upstream_headers http://httpbin:8000/headers; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location /auth_verify { - internal; - proxy_set_header Host $http_host; - - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - # This header is required for basic authentication. - proxy_set_header Proxy-Authorization $http_authorization; - - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - - proxy_pass $upstream_verify; - } - - location / { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header X-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Remote-Groups $groups; - - proxy_set_header Host $http_host; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_endpoint; - } - - location /headers { - auth_request /auth_verify; - - auth_request_set $redirect $upstream_http_redirect; - - auth_request_set $user $upstream_http_remote_user; - proxy_set_header Custom-Forwarded-User $user; - - auth_request_set $groups $upstream_http_remote_groups; - proxy_set_header Custom-Forwarded-Groups $groups; - - error_page 401 =302 https://login.example.com:8080?rd=$redirect; - error_page 403 = https://login.example.com:8080/error/403; - - proxy_pass $upstream_headers; - } - } - - server { - listen 443 ssl; - server_name authelia.example.com; - - resolver 127.0.0.11 ipv6=off; - set $upstream_endpoint http://authelia:8080; - - ssl_certificate /etc/ssl/server.crt; - ssl_certificate_key /etc/ssl/server.key; - - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options "SAMEORIGIN"; - - location / { - proxy_set_header Host $http_host; - proxy_pass $upstream_endpoint; - } - } -} -