mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
74 lines
2.1 KiB
Nginx Configuration File
74 lines
2.1 KiB
Nginx Configuration File
# nginx-sso - example nginx config
|
||
#
|
||
# (c) 2015 by Johannes Gilger <heipei@hackvalue.de>
|
||
#
|
||
# This is an example config for using nginx with the nginx-sso cookie system.
|
||
# For simplicity, this config sets up two fictional vhosts that you can use to
|
||
# test against both components of the nginx-sso system: ssoauth & ssologin.
|
||
# In a real deployment, these vhosts would be separate hosts.
|
||
|
||
#user nobody;
|
||
worker_processes 1;
|
||
|
||
#error_log logs/error.log;
|
||
#error_log logs/error.log notice;
|
||
#error_log logs/error.log info;
|
||
|
||
#pid logs/nginx.pid;
|
||
|
||
|
||
events {
|
||
worker_connections 1024;
|
||
}
|
||
|
||
|
||
http {
|
||
server {
|
||
listen 80;
|
||
root /usr/share/nginx/html;
|
||
|
||
error_page 401 = @error401;
|
||
location @error401 {
|
||
return 302 http://localhost:8085/auth/login?redirect=$request_uri;
|
||
}
|
||
|
||
location = /check-auth {
|
||
internal;
|
||
# proxy_pass_request_body off;
|
||
proxy_set_header X-Original-URI $request_uri;
|
||
proxy_set_header Host $http_host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
|
||
proxy_pass http://auth-server/_auth;
|
||
}
|
||
|
||
location /auth/ {
|
||
proxy_set_header X-Original-URI $request_uri;
|
||
proxy_set_header Host $http_host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
|
||
proxy_pass http://auth-server/;
|
||
}
|
||
|
||
location = /secret.html {
|
||
auth_request /check-auth;
|
||
|
||
auth_request_set $user $upstream_http_x_remote_user;
|
||
proxy_set_header X-Forwarded-User $user;
|
||
auth_request_set $groups $upstream_http_remote_groups;
|
||
proxy_set_header Remote-Groups $groups;
|
||
auth_request_set $expiry $upstream_http_remote_expiry;
|
||
proxy_set_header Remote-Expiry $expiry;
|
||
}
|
||
|
||
|
||
# Block everything but POST on _auth
|
||
location = /_auth {
|
||
if ($request_method != POST) {
|
||
return 403;
|
||
}
|
||
proxy_pass http://auth-server/_auth;
|
||
}
|
||
}
|
||
}
|