mirror of https://github.com/vouch/vouch-proxy
33 lines
1001 B
Plaintext
33 lines
1001 B
Plaintext
server {
|
|
listen 80;
|
|
server_name mydomain.com;
|
|
|
|
location ^~ /sso/validate {
|
|
proxy_pass http://vouch:9090/validate;
|
|
proxy_set_header Host $http_host;
|
|
proxy_pass_request_body off;
|
|
}
|
|
|
|
location ^~ /api/v1/ {
|
|
auth_request /sso/validate;
|
|
|
|
# get the claim/s into a local nginx variable
|
|
auth_request_set $sub $upstream_http_x_vouch_idp_claims_sub;
|
|
auth_request_set $email $upstream_http_x_vouch_idp_claims_email;
|
|
auth_request_set $verified $upstream_http_x_vouch_idp_claims_email_verified;
|
|
|
|
# forward the claim to the proxied server
|
|
proxy_set_header X-sub $sub;
|
|
proxy_set_header X-email $email;
|
|
proxy_set_header X-email-verified $verified;
|
|
|
|
# generic proxy headers
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
proxy_pass http://api./;
|
|
}
|
|
} |