# nginx-sso - example nginx config # # (c) 2015 by Johannes Gilger # # This is an example config for using nginx with the nginx-sso cookie system. # For simplicity, this config sets up two fictional vhosts that you can use to # test against both components of the nginx-sso system: ssoauth & ssologin. # In a real deployment, these vhosts would be separate hosts. #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { server { listen 443 ssl; server_name auth.test.local localhost; ssl on; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; location / { proxy_set_header X-Original-URI $request_uri; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://authelia/; proxy_intercept_errors on; if ($request_method !~ ^(POST)$){ error_page 401 = /error/401; error_page 403 = /error/403; error_page 404 = /error/404; } } } server { listen 443 ssl; root /usr/share/nginx/html; server_name secret1.test.local secret2.test.local secret.test.local home.test.local mx1.mail.test.local mx2.mail.test.local public.test.local; ssl on; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; error_page 401 = @error401; location @error401 { return 302 https://auth.test.local:8080; } location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_pass http://authelia/verify; } location = /secret.html { auth_request /auth_verify; auth_request_set $user $upstream_http_x_remote_user; proxy_set_header X-Forwarded-User $user; auth_request_set $groups $upstream_http_remote_groups; proxy_set_header Remote-Groups $groups; auth_request_set $expiry $upstream_http_remote_expiry; proxy_set_header Remote-Expiry $expiry; } } }