default

default

server { 
  listen 80;
  server_name my-example.io;
  
  location ~ ^/(auth|login|logout|static) {
          proxy_pass http://vouch;
          proxy_set_header Host $http_host;
  }

  location /validate {
   # proxy_pass http://vouch/validate;
    #internal;
    proxy_pass http://vouch/validate;
    #proxy_set_header Host $http_host;
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    #proxy_set_param Host my-example.io

    # optionally add X-Vouch-User as returned by Vouch Proxy along with the request
    auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;

    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header X-Forwarded-Proto $scheme;
          # these return values are used by the @error401 call

    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
    auth_request_set $auth_user $upstream_http_x_vouch_user;
 }
 error_page 401 = @error401;

location @error401 {
        # redirect to Vouch Proxy for login
        return 302 $scheme://$http_host/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
        # you usually *want* to redirect to Vouch running behind the same Nginx config proteced by https
        # but to get started you can just forward the end user to the port that vouch is running on
}

  location / {
    auth_request /validate;

    proxy_pass https://some-elasticsearch-domain.eu-west-2.es.amazonaws.com;
    proxy_set_header Host my-example.io;

    proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;

    auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
 }