waylon/learn-nginx-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
learn-nginx-auth/nginx.conf
Waylon S. Walker 13b6d1b78a wip
2025-11-21 13:09:03 -06:00

106 lines
3.8 KiB
Nginx Configuration File
Raw Blame History

worker_processes 1;
events { worker_connections 1024; }
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 8000;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
# Custom error pages
error_page 403 /403/;
error_page 404 /404/;
location / {
auth_request /authz;
error_page 401 = @login; # If not authed, redirect to login page
error_page 403 = @forbidden; # If forbidden, show custom 403 page
# Disable all caching for demo purposes
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
try_files $uri $uri/ @not_found;
}
location = /authz {
internal;
proxy_pass http://127.0.0.1:5115/authz;
proxy_set_header X-Original-URI $request_uri;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location @login {
add_header Content-Type text/html;
return 302 http://localhost:8000/login/;
}
location /me {
auth_request /authz;
error_page 401 = @login; # If not authed, redirect to login page
error_page 403 = @forbidden; # If forbidden, show custom 403 page
# Disable all caching for demo purposes
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
proxy_pass http://localhost:5115/me;
}
location @forbidden {
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
rewrite ^.*$ /403/ last;
}
location @not_found {
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
return 404;
}
# Login page is public
location /login/ {
# Disable caching for login page too
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
try_files $uri $uri/index.html =404;
}
# Custom error pages are public and shouldn't be cached
location ~ ^/(403|404)/$ {
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "Thu, 01 Jan 1970 00:00:00 GMT";
try_files $uri $uri/index.html =404;
}
# Handle /login - GET goes to page, POST goes to FastAPI
location = /login {
if ($request_method = GET) {
return 302 /login/;
}
# POST requests go to FastAPI
proxy_pass http://127.0.0.1:5115/login;
proxy_set_header Content-Type $content_type;
proxy_pass_request_body on;
}
location /logout {
proxy_pass http://127.0.0.1:5115/logout;
# Ensure logout response isn't cached
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
}
}
}
Reference in a new issue View git blame Copy permalink