examples/nginx.conf
# Example config for nginx.
# Assumes auth-plug is on 127.0.0.1:9000, and the service that is being provided
# auth services is on 127.0.0.1:8080/api/v1
# Clients should authenticate with a POST to https://nginx/login, then send
# requests to https://nginx/v1/
# All requests to https://nginx/v1 will send a GET to /auth-proxy, which will
# hit auth-plug's /login GET function, validating the JWT. A 200 from /auth-proxy
# instructs nginx to allow the request to /v1 to go through.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
#
# Put your TLS certs and other configuration here
#
# IP and port for auth-plug
location = /login {
proxy_pass http://127.0.0.1:9000/login;
}
# Info for the service you are adding authentication to
location /v1/ {
auth_request /auth-proxy;
proxy_pass http://127.0.0.1:8080/v1/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Internal URL for validating tokens
location = /auth-proxy {
internal;
proxy_pass http://127.0.0.1:9000/login;
proxy_pass_request_body off;
proxy_pass_request_headers on;
proxy_set_header Content-Length "";
}
}