Created
October 12, 2021 14:21
-
-
Save OksanaH/248eb0c0b6fd2a8ef170b614113ab0ef to your computer and use it in GitHub Desktop.
default
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name my-example.io; | |
location ~ ^/(auth|login|logout|static) { | |
proxy_pass http://vouch; | |
proxy_set_header Host $http_host; | |
} | |
location /validate { | |
# proxy_pass http://vouch/validate; | |
#internal; | |
proxy_pass http://vouch/validate; | |
#proxy_set_header Host $http_host; | |
proxy_pass_request_body off; | |
proxy_set_header Content-Length ""; | |
#proxy_set_param Host my-example.io | |
# optionally add X-Vouch-User as returned by Vouch Proxy along with the request | |
auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; | |
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
#proxy_set_header X-Forwarded-Proto $scheme; | |
# these return values are used by the @error401 call | |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; | |
auth_request_set $auth_resp_err $upstream_http_x_vouch_err; | |
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; | |
auth_request_set $auth_user $upstream_http_x_vouch_user; | |
} | |
error_page 401 = @error401; | |
location @error401 { | |
# redirect to Vouch Proxy for login | |
return 302 $scheme://$http_host/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err; | |
# you usually *want* to redirect to Vouch running behind the same Nginx config proteced by https | |
# but to get started you can just forward the end user to the port that vouch is running on | |
} | |
location / { | |
auth_request /validate; | |
proxy_pass https://some-elasticsearch-domain.eu-west-2.es.amazonaws.com; | |
proxy_set_header Host my-example.io; | |
proxy_set_header X-Vouch-User $auth_resp_x_vouch_user; | |
auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; | |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; | |
auth_request_set $auth_resp_err $upstream_http_x_vouch_err; | |
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment