Skip to content

Instantly share code, notes, and snippets.

@mkasztelnik
Last active Feb 20, 2018
Embed
What would you like to do?
nginx AAI proxy
# In the scope of first prototype nginx with http_auth_request, http_ssl module is used.
# At the beginning nginx need to downloaded (http://nginx.org/en/download.html), next configured and installed:
./configure --prefix=/home/marek/epos/nginx --with-http_auth_request_module --with-http_ssl_module
make
make install
# Now we can configure nginx ($NGINX_HOME/config/nginx.conf):
http {
...
upstream api {
server 127.0.0.1:8083;
}
server {
listen 8082;
server_name localhost;
location / {
auth_request /auth;
# Copy header from auth response into upstream (api) request
auth_request_set $server $upstream_http_server;
proxy_set_header x-server $server;
proxy_pass http://api;
}
location = /auth {
internal;
proxy_pass https://epos-aai.cyfronet.pl/oauth2/tokeninfo;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
...
}
}
# This will pass request (without body) into aai and if 200 is returned request is passed into the specified location,
# otherwise, 40x error page defined in nginx is returned to the user.
#
# This solution would be good enough if auth server returns 200 with some user details set as headers.
# Then we can copy these values and pass them into upstream request.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment