abbaspour/nginx.conf

## readme.md

      
    Raw
  

              readme.md
            
          
    brew install openssl jansson libjwt

wget https://nginx.org/download/nginx-1.18.0.tar.gz
tar -zxvf nginx-1.18.0.tar.gz

git clone https://github.com/TeslaGov/ngx-http-auth-jwt-module

cd nginx-1.18.0/

brew link openssl # if running on Darwin, check for LDFLAGS and CPPFLAGS 

./configure --add-module=../ngx-http-auth-jwt-module \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-ld-opt="-L/usr/local/opt/openssl/lib" \
    --with-cc-opt="-I/usr/local/opt/openssl/include"

make
Use jwks-to-pem.sh to extrat x509 public key.

  
## nginx.conf
daemon off;
worker_processes  1;
error_log  logs/error.log;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

      server {
      # use https://github.com/abbaspour/auth0-bash/blob/master/discovery/jwks-to-pem.sh to convert jwks.json to x509 PEM
      auth_jwt_key                 "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6b54f+d2tINbpTwi1Hxw
1DlNagPwgfKsqBnCdqlXt40s5hyu/8SJieAiw2wlxLyX+nrxIV510ED1vyTr/ctC
nak8ZvtBfEYPRCfqT9kRYHaVA8MlRGLNURR/nk5u75LebEdtvcS4nu817xjaG2dO
rMZ5urlKQhgRzct1+IEmLMRhdBy6PfQCxXgbxh42Q2YxIXcIXK8UkQLZQ1MLG5Ji
EowVwp64dJuC7NF8IkywtbJoOfGVxRuRHqXxKOXEs9kthODNaMqVIgEqsSfFXlFN
GI6wKjEAcbXPCSEA+h50kz08aNIVvgNhPKK0+C/VKnYiYSV8HAo05XOOdbCo71dj
NQIDAQAB
-----END PUBLIC KEY-----";
      auth_jwt_loginurl            "https://app.localtest.me/login";
      auth_jwt_enabled             off;
      auth_jwt_redirect            on;

      listen 3443 ssl http2;
      server_name app.localtest.me;

      access_log  logs/access.log;

      ssl_certificate cert.pem;
      ssl_certificate_key key.pem;

      location / {
        proxy_pass http://127.0.0.1:3000;
      }

      location /api {
        auth_jwt_enabled on;
        auth_jwt_validation_type AUTHORIZATION;
        #auth_jwt_validation_type COOKIE=x_auth_token;
        auth_jwt_algorithm RS256;

        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        #proxy_set_header Authorization "Bearer $cookie_x_auth_token";
      }
    }
}
	daemon off;
	worker_processes 1;
	error_log logs/error.log;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type application/octet-stream;

	server {
	# use https://github.com/abbaspour/auth0-bash/blob/master/discovery/jwks-to-pem.sh to convert jwks.json to x509 PEM
	auth_jwt_key "-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6b54f+d2tINbpTwi1Hxw
	1DlNagPwgfKsqBnCdqlXt40s5hyu/8SJieAiw2wlxLyX+nrxIV510ED1vyTr/ctC
	nak8ZvtBfEYPRCfqT9kRYHaVA8MlRGLNURR/nk5u75LebEdtvcS4nu817xjaG2dO
	rMZ5urlKQhgRzct1+IEmLMRhdBy6PfQCxXgbxh42Q2YxIXcIXK8UkQLZQ1MLG5Ji
	EowVwp64dJuC7NF8IkywtbJoOfGVxRuRHqXxKOXEs9kthODNaMqVIgEqsSfFXlFN
	GI6wKjEAcbXPCSEA+h50kz08aNIVvgNhPKK0+C/VKnYiYSV8HAo05XOOdbCo71dj
	NQIDAQAB
	-----END PUBLIC KEY-----";
	auth_jwt_loginurl "https://app.localtest.me/login";
	auth_jwt_enabled off;
	auth_jwt_redirect on;

	listen 3443 ssl http2;
	server_name app.localtest.me;

	access_log logs/access.log;

	ssl_certificate cert.pem;
	ssl_certificate_key key.pem;

	location / {
	proxy_pass http://127.0.0.1:3000;
	}

	location /api {
	auth_jwt_enabled on;
	auth_jwt_validation_type AUTHORIZATION;
	#auth_jwt_validation_type COOKIE=x_auth_token;
	auth_jwt_algorithm RS256;

	proxy_pass http://127.0.0.1:3000;
	proxy_set_header Host $host;
	#proxy_set_header Authorization "Bearer $cookie_x_auth_token";
	}
	}
	}