chrisscott/Dockerfile

## Dockerfile
FROM openresty/openresty:alpine-fat
RUN mkdir /var/log/nginx
RUN apk add --no-cache openssl-dev
RUN apk add --no-cache git
RUN apk add --no-cache gcc
RUN luarocks install lua-resty-openidc
RUN luarocks install lua-resty-session
ENTRYPOINT ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]

## nginx.conf
events {
  worker_connections 128;
}

http {

  lua_package_path '~/lua/?.lua;;';

  resolver 8.8.8.8;

  lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
  lua_ssl_verify_depth 5;

  # cache for discovery metadata documents
  lua_shared_dict discovery 1m;

  # cache for JWKs
  lua_shared_dict jwks 1m;

  server {
    listen 8080;

    location / {

      access_by_lua '

          local opts = {
            redirect_uri_path = "/redirect_uri",
            discovery = "https://<AUTH0_TENANT_DOMAIN>/.well-known/openid-configuration",
            token_signing_alg_values_expected = "RS256",
            client_id = "<AUTH0_CLIENT_ID>",
            client_secret = "<AUTH0_CLIENT_SECRET>",
            redirect_after_logout_uri = "https://<AUTH0_TENANT_DOMAIN>/v2/logout?client_id=<AUTH0_CLIENT_ID>&redirectTo=<URL_TO_REDIRECT_AFTER_LOGOUT>",
            redirect_after_logout_with_id_token_hint = false
          }

          -- call bearer_jwt_verify for OAuth 2.0 JWT validation
          local res, err = require("resty.openidc").authenticate(opts)

          if err or not res then
            ngx.status = 403
            ngx.say(err and err or "no access_token provided")
            ngx.exit(ngx.HTTP_FORBIDDEN)
          end
      ';

       proxy_pass <URI>;
    }
  }
}
	FROM openresty/openresty:alpine-fat
	RUN mkdir /var/log/nginx
	RUN apk add --no-cache openssl-dev
	RUN apk add --no-cache git
	RUN apk add --no-cache gcc
	RUN luarocks install lua-resty-openidc
	RUN luarocks install lua-resty-session
	ENTRYPOINT ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"]
	events {
	worker_connections 128;
	}

	http {

	lua_package_path '~/lua/?.lua;;';

	resolver 8.8.8.8;

	lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
	lua_ssl_verify_depth 5;

	# cache for discovery metadata documents
	lua_shared_dict discovery 1m;

	# cache for JWKs
	lua_shared_dict jwks 1m;

	server {
	listen 8080;

	location / {

	access_by_lua '

	local opts = {
	redirect_uri_path = "/redirect_uri",
	discovery = "https://<AUTH0_TENANT_DOMAIN>/.well-known/openid-configuration",
	token_signing_alg_values_expected = "RS256",
	client_id = "<AUTH0_CLIENT_ID>",
	client_secret = "<AUTH0_CLIENT_SECRET>",
	redirect_after_logout_uri = "https://<AUTH0_TENANT_DOMAIN>/v2/logout?client_id=<AUTH0_CLIENT_ID>&redirectTo=<URL_TO_REDIRECT_AFTER_LOGOUT>",
	redirect_after_logout_with_id_token_hint = false
	}

	-- call bearer_jwt_verify for OAuth 2.0 JWT validation
	local res, err = require("resty.openidc").authenticate(opts)

	if err or not res then
	ngx.status = 403
	ngx.say(err and err or "no access_token provided")
	ngx.exit(ngx.HTTP_FORBIDDEN)
	end
	';

	proxy_pass <URI>;
	}
	}
	}