mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
7128970a53
Before this fix, the redirection URL was stored in the user session, but this has a big drawback since user could open several pages in browser and thus override the redirection URL leading the user to be incorrectly redirected.
93 lines
2.6 KiB
Nginx Configuration File
93 lines
2.6 KiB
Nginx Configuration File
# nginx-sso - example nginx config
|
|
#
|
|
# (c) 2015 by Johannes Gilger <heipei@hackvalue.de>
|
|
#
|
|
# This is an example config for using nginx with the nginx-sso cookie system.
|
|
# For simplicity, this config sets up two fictional vhosts that you can use to
|
|
# test against both components of the nginx-sso system: ssoauth & ssologin.
|
|
# In a real deployment, these vhosts would be separate hosts.
|
|
|
|
#user nobody;
|
|
worker_processes 1;
|
|
|
|
#error_log logs/error.log;
|
|
#error_log logs/error.log notice;
|
|
#error_log logs/error.log info;
|
|
|
|
#pid logs/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
|
|
http {
|
|
server {
|
|
listen 443 ssl;
|
|
server_name auth.test.local localhost;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/ssl/server.crt;
|
|
ssl_certificate_key /etc/ssl/server.key;
|
|
|
|
|
|
location / {
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_pass http://authelia/;
|
|
|
|
proxy_intercept_errors on;
|
|
|
|
if ($request_method !~ ^(POST)$){
|
|
error_page 401 = /error/401;
|
|
error_page 403 = /error/403;
|
|
error_page 404 = /error/404;
|
|
}
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
root /usr/share/nginx/html;
|
|
|
|
server_name secret1.test.local secret2.test.local secret.test.local
|
|
home.test.local mx1.mail.test.local mx2.mail.test.local
|
|
public.test.local;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/ssl/server.crt;
|
|
ssl_certificate_key /etc/ssl/server.key;
|
|
|
|
location /auth_verify {
|
|
internal;
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_pass http://authelia/verify;
|
|
}
|
|
|
|
location = /secret.html {
|
|
auth_request /auth_verify;
|
|
|
|
auth_request_set $redirect $upstream_http_redirect;
|
|
proxy_set_header Redirect $redirect;
|
|
|
|
auth_request_set $user $upstream_http_x_remote_user;
|
|
proxy_set_header X-Forwarded-User $user;
|
|
|
|
auth_request_set $groups $upstream_http_remote_groups;
|
|
proxy_set_header Remote-Groups $groups;
|
|
|
|
auth_request_set $expiry $upstream_http_remote_expiry;
|
|
proxy_set_header Remote-Expiry $expiry;
|
|
|
|
error_page 401 =302 https://auth.test.local:8080?redirect=$redirect;
|
|
error_page 403 = https://auth.test.local:8080/error/403;
|
|
}
|
|
}
|
|
}
|
|
|