Skip to content

Instantly share code, notes, and snippets.

@AlexVanderbist
Created June 15, 2021 11:58
Show Gist options
  • Save AlexVanderbist/012b000bf97ca0cdf25cde52e80864bb to your computer and use it in GitHub Desktop.
Save AlexVanderbist/012b000bf97ca0cdf25cde52e80864bb to your computer and use it in GitHub Desktop.
Spatie.be Satis NGINX config
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/satis.spatie.be/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name satis.spatie.be;
server_tokens off;
root /home/forge/satis.spatie.be/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/satis.spatie.be/xxxxx/server.crt;
ssl_certificate_key /etc/nginx/ssl/satis.spatie.be/xxxxx/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/satis.spatie.be/server/*;
location / {
# Satis UI stays availably publicly
try_files $uri $uri/ /index.php?$query_string;
}
location /dist {
# Downloads in dist directory are being authenticated using the internal
# endpoint found below.
auth_request /_oauth2_token_introspection;
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/satis.spatie.be-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location = /_oauth2_token_introspection {
internal;
proxy_method POST;
proxy_set_header Accept "application/json";
proxy_set_header X-Original-URI $request_uri;
proxy_pass https://spatie.be/api/satis/authenticate;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/satis.spatie.be/after/*;
@dasundev
Copy link

External api authentication is not working for me. I used this nginx config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment