onequbit · September 2, 2025 13:39
diff --git a/nginx.conf b/nginx.conf
 events {
    worker_connections 1024;
 }

 http {
    server {
        listen 80;
        server_name localhost;
        # Redirect all HTTP requests to HTTPS
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name localhost;

        ssl_certificate /etc/nginx/certs/localhost.crt;
        ssl_certificate_key /etc/nginx/certs/localhost.key;

        # SSL protocols and ciphers
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

        # SSO Authentication
        location / {
            # This location is protected.
            # The 'auth_request' directive sends a subrequest to the auth-server to check for a valid session.
            auth_request /auth;

            # If the auth request is successful (2xx), proxy to the Vue app.
            proxy_pass http://vue-app:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        # Internal location for the authentication subrequest
        location = /auth {
            internal;
            # The auth server's '/verify' endpoint will return 200 for OK, 401 for Unauthorized.
            proxy_pass http://auth-server:3000/verify;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_set_header X-Original-URI $request_uri;
        }

        # Publicly accessible login page on the auth server
        location /login {
            proxy_pass http://auth-server:3000/login;
            proxy_set_header Host $host;
        }

        # Error page redirection for 401 Unauthorized
        error_page 401 = @do_login;
        location @do_login {
            # Redirect to the login page when authentication fails
            return 302 /login;
        }
    }
 }
	events {
	worker_connections 1024;
	}

	http {
	server {
	listen 80;
	server_name localhost;
	# Redirect all HTTP requests to HTTPS
	return 301 https://$host$request_uri;
	}

	server {
	listen 443 ssl;
	server_name localhost;

	ssl_certificate /etc/nginx/certs/localhost.crt;
	ssl_certificate_key /etc/nginx/certs/localhost.key;

	# SSL protocols and ciphers
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

	# SSO Authentication
	location / {
	# This location is protected.
	# The 'auth_request' directive sends a subrequest to the auth-server to check for a valid session.
	auth_request /auth;

	# If the auth request is successful (2xx), proxy to the Vue app.
	proxy_pass http://vue-app:80;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	# Internal location for the authentication subrequest
	location = /auth {
	internal;
	# The auth server's '/verify' endpoint will return 200 for OK, 401 for Unauthorized.
	proxy_pass http://auth-server:3000/verify;
	proxy_pass_request_body off;
	proxy_set_header Content-Length "";
	proxy_set_header X-Original-URI $request_uri;
	}

	# Publicly accessible login page on the auth server
	location /login {
	proxy_pass http://auth-server:3000/login;
	proxy_set_header Host $host;
	}

	# Error page redirection for 401 Unauthorized
	error_page 401 = @do_login;
	location @do_login {
	# Redirect to the login page when authentication fails
	return 302 /login;
	}
	}
	}
No results found