initial commit of customized nginx
Some checks failed
ci/woodpecker/manual/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/manual/woodpecker Pipeline failed
This commit is contained in:
11
.woodpecker.yml
Normal file
11
.woodpecker.yml
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
labels:
|
||||||
|
platform: linux/amd64
|
||||||
|
backend: docker
|
||||||
|
|
||||||
|
steps:
|
||||||
|
build-image:
|
||||||
|
image: docker
|
||||||
|
commands:
|
||||||
|
- docker build -t . goatbin
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
4
Dockerfile
Normal file
4
Dockerfile
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
FROM nginx
|
||||||
|
ENV VOUCH_INTERNAL=vouch:9090
|
||||||
|
ADD nginx.conf.template /
|
||||||
|
ADD docker-entrypoint.d /docker-entrypoint.d
|
||||||
3
docker-entrypoint.d/05-generate-configuration.sh
Executable file
3
docker-entrypoint.d/05-generate-configuration.sh
Executable file
@@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
sed "s#@VOUCH_INTERNAL@#$VOUCH_INTERNAL#g" /nginx.conf.template > /etc/nginx/conf.d/default.conf
|
||||||
|
sed -i "s#@VOUCH_EXTERNAL@#$VOUCH_EXTERNAL#g" /etc/nginx/conf.d/default.conf
|
||||||
41
nginx.conf.template
Normal file
41
nginx.conf.template
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
#access_log /var/log/nginx/host.access.log main;
|
||||||
|
|
||||||
|
# send all requests to the `/validate` endpoint for authorization
|
||||||
|
auth_request /validate;
|
||||||
|
|
||||||
|
location = /validate {
|
||||||
|
# forward the /validate request to Vouch Proxy
|
||||||
|
proxy_pass http://@VOUCH_INTERNAL@/validate;
|
||||||
|
# be sure to pass the original host header
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
|
||||||
|
# Vouch Proxy only acts on the request headers
|
||||||
|
proxy_pass_request_body off;
|
||||||
|
proxy_set_header Content-Length "";
|
||||||
|
|
||||||
|
# optionally add X-Vouch-User as returned by Vouch Proxy along with the request
|
||||||
|
auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
|
||||||
|
|
||||||
|
# these return values are used by the @error401 call
|
||||||
|
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
|
||||||
|
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
|
||||||
|
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
|
||||||
|
}
|
||||||
|
|
||||||
|
# if validate returns `401 not authorized` then forward the request to the error401block
|
||||||
|
error_page 401 = @error401;
|
||||||
|
|
||||||
|
location @error401 {
|
||||||
|
# redirect to Vouch Proxy for login
|
||||||
|
return 302 https://@VOUCH_EXTERNAL@/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
autoindex on;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user