-
-
Save pommedeterresautee/619e229ae717a5ad48ff229e242e0e19 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
include /etc/nginx/sites-available/upstream_*.conf; | |
server { | |
listen 80; | |
server_name app-dev.our-domain.something; ## DNS Public | |
# all webapp locations are included here | |
include /etc/nginx/sites-available/location_*.conf; | |
rewrite_log on; | |
error_log /var/log/nginx/error.log info; | |
# increase upload limit for Kibana dashboard | |
client_max_body_size 10M; | |
location = /vouch-validate { | |
include proxy_params; | |
proxy_pass http://app-dev.internal.address.something:9091/validate; | |
proxy_pass_request_body off; # no need to send the POST body | |
proxy_set_header Content-Length ""; | |
# these return values are passed to the @error401 call | |
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; | |
auth_request_set $auth_resp_err $upstream_http_x_vouch_err; | |
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; | |
} | |
# If the user is not logged in, redirect them to Vouch's login URL | |
error_page 401 = @error401; | |
location @error401 { | |
return 302 https://app-dev.our-domain.something/vouch-webapp-dev/login?url=https://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment