# nginx-sso - example nginx config # # (c) 2015 by Johannes Gilger # # This is an example config for using nginx with the nginx-sso cookie system. # For simplicity, this config sets up two fictional vhosts that you can use to # test against both components of the nginx-sso system: ssoauth & ssologin. # In a real deployment, these vhosts would be separate hosts. #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { # This is the vserver for the service that you want to protect. server { listen 80; error_page 401 = @error401; location @error401 { return 302 http://127.0.0.1:8085/login; } location = /_auth { internal; proxy_pass http://auth-server/_auth; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; } location /secret/ { auth_request /_auth; auth_request_set $user $upstream_http_x_remote_user; proxy_set_header X-Forwarded-User $user; # auth_request_set $groups $upstream_http_remote_groups; # proxy_set_header Remote-Groups $groups; # auth_request_set $expiry $upstream_http_remote_expiry; # proxy_set_header Remote-Expiry $expiry; rewrite ^/secret/(.*)$ /$1 break; proxy_pass http://secret; } location /login { proxy_set_header X-Original-URI $request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://auth-server/login; } location /logout { proxy_set_header X-Original-URI $request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://auth-server/logout; } } }