Created
January 13, 2016 05:45
-
-
Save lamanotrama/eab1a0f5ac3c90194a88 to your computer and use it in GitHub Desktop.
oauth2_proxy + nginx auth_requstのサンプルだよ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# please include in server context | |
# ref: https://github.com/bitly/oauth2_proxy#endpoint-documentation | |
# for checking login status. | |
# only returns a 202 Accepted response or a 401 Unauthorized response; | |
location = /oauth2/auth { | |
internal; | |
# return 202 if local request, for inftataster test | |
set $local 0; | |
if ($remote_addr = "127.0.0.1") { set $local 1; } | |
if ($remote_addr ~* "^172\.17\.") { set $local 1; } | |
if ($remote_addr ~* "^192\.168") { set $local 1; } | |
if ($local = 1) { return 202; } | |
proxy_pass http://127.0.0.1:4190; | |
proxy_set_header Host $host; | |
proxy_pass_request_body off; | |
proxy_set_header Content-Length ""; | |
} | |
# to start oauth cycle | |
location = /oauth2/start { | |
internal; | |
proxy_pass http://127.0.0.1:4190; | |
proxy_set_header Host $host; | |
proxy_pass_request_body off; | |
proxy_set_header Content-Length ""; | |
} | |
# to complete oauth cycle | |
location = /oauth2/callback { | |
auth_request off; | |
proxy_pass http://127.0.0.1:4190; | |
proxy_set_header Host $host; | |
} |
vhost example
server {
listen 443 ssl http2;
server_name my.domain.com;
include conf.d/common/oauth2_proxy.conf;
location /secret/path {
include conf.d/common/oauth2_enable.conf;
proxy_pass http://backend;
}
location / {
proxy_pass http:/backend;
}
}
memo
- まだauthエンドポイントがリリースされてないので、masterからbuildすること
- oauth2_proxyでは一切proxyしないけど、configのupstreamsにはなんでもいいので値をsetしとくこと。しないと起動しない
great document 💯
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oauth2_enable.conf