You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 lines
2.2 KiB
Plaintext
79 lines
2.2 KiB
Plaintext
upstream _conductor-server {
|
|
ip_hash;
|
|
server conductor-server:8080;
|
|
}
|
|
|
|
upstream _conductor-ui {
|
|
ip_hash;
|
|
server conductor-ui:5000;
|
|
}
|
|
|
|
map $http_authorization $source_token {
|
|
default "";
|
|
"~*^Bearer\s+(?<token>[\S]+)$" $token;
|
|
}
|
|
|
|
server {
|
|
|
|
listen *:80;
|
|
listen [::]:80;
|
|
server_name conductor-server;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
location / {
|
|
#auth_request /jwt_verify;
|
|
proxy_pass http://_conductor-server;
|
|
}
|
|
|
|
location = /jwt_verify {
|
|
internal;
|
|
js_content keycloak.introspectAccessToken;
|
|
}
|
|
|
|
location /jwt_verify_request {
|
|
internal;
|
|
proxy_method POST;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host "127.0.0.1";
|
|
proxy_set_header Authorization "Basic Z2F5YV9wZXA6NWJiN2RjYWItN2NlNy00YTQ3LTlmNTUtZmE4MWFlYmNjM2I4";
|
|
proxy_set_header Content-Type "application/x-www-form-urlencoded";
|
|
proxy_set_body "token=$source_token&token_type_hint=access_token";
|
|
proxy_pass http://accounts.dev.d4science.org/auth/realms/master/protocol/openid-connect/token/introspect;
|
|
|
|
proxy_cache token_responses; # Enable caching
|
|
proxy_cache_key $source_token; # Cache for each access token
|
|
proxy_cache_lock on; # Duplicate tokens must wait
|
|
proxy_cache_valid 200 10s; # How long to use each response
|
|
proxy_ignore_headers Cache-Control Expires Set-Cookie;
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
|
|
listen *:80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name conductor-ui;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
location / {
|
|
#auth_request /jwt_verify;
|
|
proxy_pass http://_conductor-ui;
|
|
}
|
|
|
|
}
|