wip

2025-11-21 13:47:16 -06:00 · 2025-11-21 13:47:16 -06:00 · 77d0c05a64
commit 77d0c05a64
parent bd77731487
3 changed files with 83 additions and 18 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -12,14 +12,14 @@ http {
        root /usr/share/nginx/html;
        index index.html;

-        # Custom error pages
+        # Custom error pages (preserve original status codes)
        error_page 403 /403/;
        error_page 404 /404/;

        location / {
            auth_request /authz;
            error_page 401 = @login; # If not authed, redirect to login page
-            error_page 403 = @forbidden; # If forbidden, show custom 403 page
+            error_page 403 @forbidden; # If forbidden, show custom 403 page

            # Disable all caching for demo purposes
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
@ -32,6 +32,9 @@ http {
            internal;
            proxy_pass http://127.0.0.1:5115/authz;
            proxy_set_header X-Original-URI $request_uri;
+            proxy_set_header X-Original-Method $request_method;
+            proxy_set_header X-Original-Host $host;
+
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
        }
@ -39,6 +42,15 @@ http {
            add_header Content-Type text/html;
            return 302 http://localhost:8000/login/;
        }
+
+        location @forbidden {
+            internal;
+            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+            add_header Pragma "no-cache";
+            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
+            # Serve the custom 403 page without changing status code
+            try_files /403/index.html =403;
+        }
        location /me {
            auth_request /authz;
            error_page 401 = @login; # If not authed, redirect to login page
@ -52,12 +64,7 @@ http {
            proxy_pass http://localhost:5115/me;
        }

-        location @forbidden {
-            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
-            add_header Pragma "no-cache";
-            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
-            rewrite ^.*$ /403/ last;
-        }
+



@ -80,6 +87,7 @@ http {

        # Custom error pages are public and shouldn't be cached
        location ~ ^/(403|404)/$ {
+            internal;
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
            add_header Pragma "no-cache";
            add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";