gCubeSystem
/
d4s-navigation-setup
17
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dev
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d8bd9ca4f'
${ noResults }
d4s-navigation-setup/conf/pep/default.conf

84 lines
2.4 KiB
Plaintext
Raw Blame History

upstream d4s-navigation {
ip_hash;
server d4s-navigation:8984;
}
js_var $auth_token;
js_var $pep_credentials;
js_var $user;
js_var $user_display;
map $http_authorization $source_auth {
default "";
}
server {
listen *:80;
listen [::]:80;
server_name d4s-navigation-pep;
subrequest_output_buffer_size 200k;
location / {
js_content pep.enforce;
}
location /resources/ {
proxy_pass http://d4s-navigation;
}
location @backend {
proxy_set_header Authorization "Bearer $auth_token";
proxy_set_header X-User "$user";
proxy_set_header X-User-display "$user_display";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_pass http://d4s-navigation;
}
location /jwt_verify_request {
internal;
gunzip on;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Authorization $pep_credentials;
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_pass https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token/introspect;
proxy_cache token_responses; # Enable caching
proxy_cache_key $source_auth; # Cache for each source authentication
proxy_cache_lock on; # Duplicate tokens must wait
proxy_cache_valid 200 10s; # How long to use each response
proxy_ignore_headers Cache-Control Expires Set-Cookie;
}
location /jwt_request {
internal;
gunzip on;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Authorization $pep_credentials;
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_pass https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token;
}
location /permission_request {
internal;
gunzip on;
proxy_method POST;
proxy_http_version 1.1;
proxy_set_header Content-Type "application/x-www-form-urlencoded";
proxy_set_header Authorization "Bearer $auth_token";
proxy_pass https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token;
}
}
Reference in New Issue View Git Blame Copy Permalink