mkasztelnik/compile_nginx

## compile_nginx
# In the scope of first prototype nginx with http_auth_request, http_ssl module is used.
# At the beginning nginx need to downloaded (http://nginx.org/en/download.html), next configured and installed:
./configure --prefix=/home/marek/epos/nginx --with-http_auth_request_module --with-http_ssl_module
make
make install

## nginx.conf
# Now we can configure nginx ($NGINX_HOME/config/nginx.conf):
http {
  ...
  upstream api {
      server 127.0.0.1:8083;
  }
  server {
        listen       8082;
        server_name  localhost;

        location / {
            auth_request /auth;

            # Copy header from auth response into upstream (api) request
            auth_request_set $server $upstream_http_server;
            proxy_set_header x-server $server;

            proxy_pass http://api;
        }

        location = /auth {
            internal;
            proxy_pass https://epos-aai.cyfronet.pl/oauth2/tokeninfo;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
        }
        ...
    }
}

# This will pass request (without body) into aai and if 200 is returned request is passed into the specified location,
# otherwise, 40x error page defined in nginx is returned to the user.
#
# This solution would be good enough if auth server returns 200 with some user details set as headers.
# Then we can copy these values and pass them into upstream request.
	# In the scope of first prototype nginx with http_auth_request, http_ssl module is used.
	# At the beginning nginx need to downloaded (http://nginx.org/en/download.html), next configured and installed:
	./configure --prefix=/home/marek/epos/nginx --with-http_auth_request_module --with-http_ssl_module
	make
	make install
	# Now we can configure nginx ($NGINX_HOME/config/nginx.conf):
	http {
	...
	upstream api {
	server 127.0.0.1:8083;
	}
	server {
	listen 8082;
	server_name localhost;

	location / {
	auth_request /auth;

	# Copy header from auth response into upstream (api) request
	auth_request_set $server $upstream_http_server;
	proxy_set_header x-server $server;

	proxy_pass http://api;
	}

	location = /auth {
	internal;
	proxy_pass https://epos-aai.cyfronet.pl/oauth2/tokeninfo;
	proxy_pass_request_body off;
	proxy_set_header Content-Length "";
	}
	...
	}
	}

	# This will pass request (without body) into aai and if 200 is returned request is passed into the specified location,
	# otherwise, 40x error page defined in nginx is returned to the user.
	#
	# This solution would be good enough if auth server returns 200 with some user details set as headers.
	# Then we can copy these values and pass them into upstream request.