mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 11:26:29 +02:00
a69b9957a1
* docs: add nginx example Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
37 lines
1.1 KiB
Text
37 lines
1.1 KiB
Text
# Protected application
|
|
server {
|
|
listen 443 ssl;
|
|
listen 80;
|
|
server_name httpbin.localhost.pomerium.io;
|
|
ssl_certificate /etc/nginx/nginx.pem;
|
|
ssl_certificate_key /etc/nginx/nginx-key.pem;
|
|
|
|
location / {
|
|
proxy_pass http://httpbin;
|
|
}
|
|
|
|
### External Authorization
|
|
|
|
# Send auth check to /authorize location.
|
|
auth_request /authorize;
|
|
|
|
# Set cookies we get back from the auth check
|
|
auth_request_set $saved_set_cookie $upstream_http_set_cookie;
|
|
add_header Set-Cookie $saved_set_cookie;
|
|
|
|
# If we get a 401, respond with a named location
|
|
error_page 401 = @error401;
|
|
# On 401, redirect the user to forward auth to start authentication flow
|
|
location @error401 {
|
|
return 302 https://fwdauth.localhost.pomerium.io/?uri=$scheme://$http_host$request_uri;
|
|
}
|
|
|
|
# The auth request must be a subpath of the server
|
|
location /authorize {
|
|
proxy_pass http://pomerium/verify?uri=$scheme://$http_host$request_uri;
|
|
proxy_set_header Host fwdauth.localhost.pomerium.io;
|
|
proxy_http_version 1.1;
|
|
}
|
|
|
|
### End External Authorization
|
|
}
|