authelia/example/nginx/nginx.conf

91 lines
2.6 KiB
Nginx Configuration File
Raw Permalink Normal View History

# nginx-sso - example nginx config
#
# (c) 2015 by Johannes Gilger <heipei@hackvalue.de>
#
# This is an example config for using nginx with the nginx-sso cookie system.
# For simplicity, this config sets up two fictional vhosts that you can use to
# test against both components of the nginx-sso system: ssoauth & ssologin.
# In a real deployment, these vhosts would be separate hosts.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
2017-01-21 16:41:06 +00:00
listen 443 ssl;
2017-03-15 22:07:57 +00:00
server_name auth.test.local localhost;
2017-01-21 16:41:06 +00:00
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
location / {
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://authelia/;
2017-01-27 00:20:03 +00:00
proxy_intercept_errors on;
2017-01-27 00:20:03 +00:00
2017-07-14 17:05:42 +00:00
if ($request_method !~ ^(POST)$){
error_page 401 = /error/401;
error_page 403 = /error/403;
error_page 404 = /error/404;
}
}
2017-03-15 22:07:57 +00:00
}
server {
listen 443 ssl;
root /usr/share/nginx/html;
server_name secret1.test.local secret2.test.local secret.test.local
home.test.local mx1.mail.test.local mx2.mail.test.local
public.test.local;
2017-03-15 22:07:57 +00:00
ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/server.key;
error_page 401 = @error401;
error_page 403 = https://auth.test.local:8080/error/403;
2017-03-15 22:07:57 +00:00
location @error401 {
return 302 https://auth.test.local:8080;
2017-03-15 22:07:57 +00:00
}
location /auth_verify {
internal;
2017-03-15 22:07:57 +00:00
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
2017-03-15 22:07:57 +00:00
proxy_pass http://authelia/verify;
2017-03-15 22:07:57 +00:00
}
location = /secret.html {
auth_request /auth_verify;
auth_request_set $user $upstream_http_x_remote_user;
proxy_set_header X-Forwarded-User $user;
auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-Groups $groups;
auth_request_set $expiry $upstream_http_remote_expiry;
proxy_set_header Remote-Expiry $expiry;
}
}
}
2017-03-15 22:07:57 +00:00