initial commit of customized nginx
Some checks failed
ci/woodpecker/manual/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/manual/woodpecker Pipeline failed
This commit is contained in:
11
.woodpecker.yml
Normal file
11
.woodpecker.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
labels:
|
||||
platform: linux/amd64
|
||||
backend: docker
|
||||
|
||||
steps:
|
||||
build-image:
|
||||
image: docker
|
||||
commands:
|
||||
- docker build -t . goatbin
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
4
Dockerfile
Normal file
4
Dockerfile
Normal file
@@ -0,0 +1,4 @@
|
||||
FROM nginx
|
||||
ENV VOUCH_INTERNAL=vouch:9090
|
||||
ADD nginx.conf.template /
|
||||
ADD docker-entrypoint.d /docker-entrypoint.d
|
||||
3
docker-entrypoint.d/05-generate-configuration.sh
Executable file
3
docker-entrypoint.d/05-generate-configuration.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
sed "s#@VOUCH_INTERNAL@#$VOUCH_INTERNAL#g" /nginx.conf.template > /etc/nginx/conf.d/default.conf
|
||||
sed -i "s#@VOUCH_EXTERNAL@#$VOUCH_EXTERNAL#g" /etc/nginx/conf.d/default.conf
|
||||
41
nginx.conf.template
Normal file
41
nginx.conf.template
Normal file
@@ -0,0 +1,41 @@
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
|
||||
# send all requests to the `/validate` endpoint for authorization
|
||||
auth_request /validate;
|
||||
|
||||
location = /validate {
|
||||
# forward the /validate request to Vouch Proxy
|
||||
proxy_pass http://@VOUCH_INTERNAL@/validate;
|
||||
# be sure to pass the original host header
|
||||
proxy_set_header Host $http_host;
|
||||
|
||||
# Vouch Proxy only acts on the request headers
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
# optionally add X-Vouch-User as returned by Vouch Proxy along with the request
|
||||
auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
|
||||
|
||||
# these return values are used by the @error401 call
|
||||
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
|
||||
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
|
||||
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
|
||||
}
|
||||
|
||||
# if validate returns `401 not authorized` then forward the request to the error401block
|
||||
error_page 401 = @error401;
|
||||
|
||||
location @error401 {
|
||||
# redirect to Vouch Proxy for login
|
||||
return 302 https://@VOUCH_EXTERNAL@/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
|
||||
}
|
||||
|
||||
location / {
|
||||
autoindex on;
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user