init

2025-11-21 12:50:29 -06:00 · 2025-11-21 12:50:29 -06:00 · 1e11c8ca5e
commit 1e11c8ca5e
12 changed files with 579 additions and 0 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,90 @@
+worker_processes 1;
+events { worker_connections 1024; }
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    
+    server {
+        listen 8000;
+        server_name localhost;
+
+        root /usr/share/nginx/html;
+        index index.html;
+
+        # Custom error pages
+        error_page 403 /403/;
+        error_page 404 /404/;
+
+        location / {
+            auth_request /authz;
+            error_page 401 = @login; # If not authed, redirect to login page
+            error_page 403 = @forbidden; # If forbidden, show custom 403 page
+
+            # Disable all caching for demo purposes
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+
+            try_files $uri $uri/ @not_found;
+        }
+        location = /authz {
+            internal;
+            proxy_pass http://127.0.0.1:5115/authz;
+            proxy_set_header X-Original-URI $request_uri;
+            proxy_pass_request_body off;
+            proxy_set_header Content-Length "";
+        }
+        location @login {
+            add_header Content-Type text/html;
+            return 302 http://localhost:8000/login/;
+        }
+
+        location @forbidden {
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+            rewrite ^.*$ /403/ last;
+        }
+
+
+
+        location @not_found {
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+            return 404;
+        }
+
+        # Login page is public
+        location /login/ {
+            # Disable caching for login page too
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+            
+            try_files $uri $uri/index.html =404;
+        }
+
+        # Custom error pages are public and shouldn't be cached
+        location ~ ^/(403|404)/$ {
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+            try_files $uri $uri/index.html =404;
+        }
+        # AJAX login: POST to FastAPI
+        location /login {
+            proxy_pass http://127.0.0.1:5115/login;
+            proxy_set_header Content-Type $content_type;
+            proxy_pass_request_body on;
+        }
+        location /logout {
+            proxy_pass http://127.0.0.1:5115/logout;
+            
+            # Ensure logout response isn't cached
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+        }
+    }
+}