3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: replace httpbin with verify (#1702)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2020-12-22 09:53:08 -08:00 committed by GitHub
parent 4eec2ed1d5
commit c23c8b34b3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
34 changed files with 154 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

70
examples/nginx/verify.conf Normal file
View file

@ -0,0 +1,70 @@
# Protected application
server {
listen 80;
listen 443 ssl http2;
server_name verify.localhost.pomerium.io;
ssl_certificate /etc/nginx/nginx.pem;
ssl_certificate_key /etc/nginx/nginx-key.pem;
location = /ext_authz {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-Proto "";
proxy_set_header Host fwdauth.localhost.pomerium.io;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_ssl_server_name on;
proxy_pass_request_headers on;
client_max_body_size 1m;
# Pass the extracted client certificate to the auth provider
set $target http://pomerium/verify?uri=$scheme://$http_host$request_uri;
# uncomment to emulate nginx-ingress behavior
# set $target http://pomerium/verify?uri=$scheme://$http_host$request_uri&rd=$pass_access_scheme://$http_host$escaped_request_uri;
proxy_pass $target;
}
location @authredirect {
internal;
add_header Set-Cookie $auth_cookie;
# uncomment to emulate nginx-ingress behavior
# return 302 https://fwdauth.localhost.pomerium.io/?uri=$scheme://$host$request_uri&rd=$pass_access_scheme://$http_host$escaped_request_uri;
return 302
https://fwdauth.localhost.pomerium.io/?uri=$scheme://$host$request_uri;
}
location / {
proxy_pass http://verify;
include /etc/nginx/proxy.conf;
# If we get a 401, respond with a named location
error_page 401 = @authredirect;
# this location requires authentication
auth_request /ext_authz;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
}
}