mkasztelnik/compile_openresty

## compile_openresty
# When additional headers need to be forwarded into upstream than lua nginx module should be used.
# The simplest way to have lua support in nginx is to use openresty (https://openresty.org/en/).
# After sources are downloaded and extracted from the archive we can compile openresty
# (or nginx with `lua`, `cjson` and `http_ssl` modules can be compiled):
./configure --prefix=/home/marek/epos/openresty --with-http_ssl_module
make
make install

## nginx.conf
# We will use:
#   * nginx proxypass to invoke authorization endpoint
#   * lua to parse authorization response and set required headers
http {
    ...
    upstream api {
        server 127.0.0.1:8083;
    }

    server {
        listen       8081;
        server_name  localhost;

        location / {
            access_by_lua_block {
                local res = ngx.location.capture("/auth")

                if res.status == 200 then
                    local cjson = require("cjson")
                    local value = cjson.decode(res.body)
                    ngx.req.set_header("X-Auth-UserId", value["sub"])
                    ngx.req.set_header("X-Auth-Scope", value["scope"])
                else
                    ngx.exit(ngx.HTTP_UNAUTHORIZED)
                end
          }
          proxy_pass http://api;
      }

      location = /auth {
          internal;
          proxy_pass https://epos-aai.cyfronet.pl/oauth2/tokeninfo;
          proxy_pass_request_body off;
          proxy_set_header Content-Length "";
        }
    }
}
	# When additional headers need to be forwarded into upstream than lua nginx module should be used.
	# The simplest way to have lua support in nginx is to use openresty (https://openresty.org/en/).
	# After sources are downloaded and extracted from the archive we can compile openresty
	# (or nginx with `lua`, `cjson` and `http_ssl` modules can be compiled):
	./configure --prefix=/home/marek/epos/openresty --with-http_ssl_module
	make
	make install
	# We will use:
	# * nginx proxypass to invoke authorization endpoint
	# * lua to parse authorization response and set required headers
	http {
	...
	upstream api {
	server 127.0.0.1:8083;
	}

	server {
	listen 8081;
	server_name localhost;

	location / {
	access_by_lua_block {
	local res = ngx.location.capture("/auth")

	if res.status == 200 then
	local cjson = require("cjson")
	local value = cjson.decode(res.body)
	ngx.req.set_header("X-Auth-UserId", value["sub"])
	ngx.req.set_header("X-Auth-Scope", value["scope"])
	else
	ngx.exit(ngx.HTTP_UNAUTHORIZED)
	end
	}
	proxy_pass http://api;
	}

	location = /auth {
	internal;
	proxy_pass https://epos-aai.cyfronet.pl/oauth2/tokeninfo;
	proxy_pass_request_body off;
	proxy_set_header Content-Length "";
	}
	}
	}