71 lines
2.2 KiB
Plaintext
71 lines
2.2 KiB
Plaintext
error_log logs/error.log debug;
|
|
|
|
events { }
|
|
|
|
http {
|
|
|
|
proxy_cache_path cache/ keys_zone=auth_cache:10m;
|
|
|
|
upstream backend {
|
|
server 127.0.0.1:9000;
|
|
}
|
|
|
|
server {
|
|
|
|
listen 127.0.0.1:8080;
|
|
|
|
server_name localhost;
|
|
|
|
location / {
|
|
auth_request /auth-proxy;
|
|
|
|
# redirect 401 and 403 to login form
|
|
error_page 401 =200 /login;
|
|
error_page 403 =200 /login;
|
|
|
|
proxy_pass http://backend/;
|
|
}
|
|
|
|
location /login {
|
|
proxy_pass http://backend/login;
|
|
# login service will return a redirect for user to original URI
|
|
# and set cookie for auth daemon
|
|
proxy_set_header X-TARGET $request_uri;
|
|
}
|
|
|
|
location = /auth-proxy {
|
|
internal;
|
|
# authorization daemon listens here
|
|
proxy_pass http://127.0.0.1:8888;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
|
|
#proxy_set_header X-Ldap-URL "ldaps://example.com:636";
|
|
#proxy_set_header X-Ldap-BaseDN "ou=Users,dc=test,dc=local";
|
|
|
|
# user to search in directory, default is 'cn=anonymous'
|
|
#proxy_set_header X-Ldap-BindDN "cn=root,dc=test,dc=local";
|
|
# and password, default is no password
|
|
#proxy_set_header X-Ldap-BindPass "secret";
|
|
|
|
# Template to search for users: 'username' will be replaced
|
|
# default is for OpenLDAP:
|
|
# proxy_set_header X-Ldap-Template "(cn=%(username)s)";
|
|
# this one works for MS Active Directory
|
|
# proxy_set_header X-Ldap-Template "(SAMAccountName=%(username)s)";
|
|
|
|
# realm to present during basic auth, default is 'Restricted'
|
|
#proxy_set_header X-Ldap-Realm "PrivateArea";
|
|
|
|
# if form is used, pass cookie and its name
|
|
proxy_set_header X-CookieName "nginxauth";
|
|
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
|
|
|
|
proxy_cache auth_cache;
|
|
# note that cookie is added to cache key
|
|
#proxy_cache_key "$http_authorization$cookie_nginxauth";
|
|
#proxy_cache_valid 200 403 10m;
|
|
}
|
|
}
|
|
}
|