Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentes Révision précédente | |||
| si:logiciels:lufim [2025/04/24 21:21] – supprimée - modification externe (Unknown date) 127.0.0.1 | si:logiciels:lufim [2025/04/24 21:21] (Version actuelle) – ↷ Page déplacée de si:lufim à si:logiciels:lufim vcalame | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| + | COnfig vhost pour lufim en SSO via oauth2proxy | ||
| + | |||
| + | < | ||
| + | location / { | ||
| + | proxy_pass http:// | ||
| + | # Really important! Lufi uses WebSocket, it won't work without this | ||
| + | proxy_set_header Upgrade $http_upgrade; | ||
| + | proxy_set_header Connection " | ||
| + | |||
| + | proxy_http_version 1.1; | ||
| + | proxy_set_header Host $host; | ||
| + | proxy_set_header X-Real-IP $remote_addr; | ||
| + | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| + | |||
| + | # If you want to log the remote port of the file senders, you'll need that | ||
| + | proxy_set_header X-Remote-Port $remote_port; | ||
| + | |||
| + | proxy_set_header X-Forwarded-Proto $scheme; | ||
| + | |||
| + | # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here. | ||
| + | proxy_redirect | ||
| + | |||
| + | } | ||
| + | </ | ||
| + | |||
| + | et pour la partie accueil qui est authentifier le même vhost que lstu avec juste | ||
| + | < | ||
| + | location = / { | ||
| + | auth_request / | ||
| + | error_page 401 = / | ||
| + | # # pass information via X-User and X-Email headers to backend, | ||
| + | # # requires running with --set-xauthrequest flag | ||
| + | auth_request_set $user | ||
| + | auth_request_set $email | ||
| + | proxy_set_header X-User | ||
| + | proxy_set_header X-Email $email; | ||
| + | |||
| + | # if you enabled --pass-access-token, | ||
| + | auth_request_set $token | ||
| + | proxy_set_header X-Access-Token $token; | ||
| + | |||
| + | # if you enabled --cookie-refresh, | ||
| + | auth_request_set $auth_cookie $upstream_http_set_cookie; | ||
| + | add_header Set-Cookie $auth_cookie; | ||
| + | |||
| + | # When using the --set-authorization-header flag, some provider' | ||
| + | # limit and so the OAuth2 Proxy splits these into multiple parts. | ||
| + | # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response, | ||
| + | # so if your cookies are larger than 4kb, you will need to extract additional cookies manually. | ||
| + | auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1; | ||
| + | |||
| + | # Extract the Cookie attributes from the first Set-Cookie header and append them | ||
| + | # to the second part ($upstream_cookie_* variables only contain the raw cookie content) | ||
| + | if ($auth_cookie ~* "(; .*)") { | ||
| + | set $auth_cookie_name_0 $auth_cookie; | ||
| + | set $auth_cookie_name_1 " | ||
| + | } | ||
| + | |||
| + | # Send both Set-Cookie headers now if there was a second part | ||
| + | if ($auth_cookie_name_upstream_1) { | ||
| + | add_header Set-Cookie $auth_cookie_name_0; | ||
| + | add_header Set-Cookie $auth_cookie_name_1; | ||
| + | } | ||
| + | |||
| + | # HTTPS only header, improves security | ||
| + | # | ||
| + | |||
| + | # Adapt this to your configuration (port, subdirectory (see below)) | ||
| + | | ||
| + | |||
| + | # Really important! Lufi uses WebSocket, it won't work without this | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | # If you want to log the remote port of the file senders, you'll need that | ||
| + | | ||
| + | | ||
| + | |||
| + | # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here. | ||
| + | | ||
| + | } | ||
| + | |||
| + | </ | ||