upstream _conductor-server { ip_hash; server conductor-server:8080; } upstream _conductor-ui { ip_hash; server conductor-ui:5000; } map $http_authorization $source_token { default ""; "~*^Bearer\s+(?[\S]+)$" $token; } server { listen *:80; listen [::]:80; server_name conductor-server; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; location / { #auth_request /jwt_verify; proxy_pass http://_conductor-server; } location = /jwt_verify { internal; js_content keycloak.introspectAccessToken; } location /jwt_verify_request { internal; proxy_method POST; proxy_http_version 1.1; proxy_set_header Host "127.0.0.1"; proxy_set_header Authorization "Basic Z2F5YV9wZXA6NWJiN2RjYWItN2NlNy00YTQ3LTlmNTUtZmE4MWFlYmNjM2I4"; proxy_set_header Content-Type "application/x-www-form-urlencoded"; proxy_set_body "token=$source_token&token_type_hint=access_token"; proxy_pass http://accounts.dev.d4science.org/auth/realms/master/protocol/openid-connect/token/introspect; proxy_cache token_responses; # Enable caching proxy_cache_key $source_token; # Cache for each access token proxy_cache_lock on; # Duplicate tokens must wait proxy_cache_valid 200 10s; # How long to use each response proxy_ignore_headers Cache-Control Expires Set-Cookie; } } server { listen *:80 default_server; listen [::]:80 default_server; server_name conductor-ui; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; location / { #auth_request /jwt_verify; proxy_pass http://_conductor-ui; } }