Différences

Ci-dessous, les différences entre deux révisions de la page.

@@ Ligne 1: / Ligne 1: @@
+COnfig vhost pour lufim en SSO via oauth2proxy
+<code>
+location / {
+        proxy_pass http://192.168.1.84:8080;
+        # Really important! Lufi uses WebSocket, it won't work without this
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # If you want to log the remote port of the file senders, you'll need that
+        proxy_set_header X-Remote-Port $remote_port;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
+        proxy_redirect     off;
+        }
+</code>
+et pour la partie accueil qui est authentifier le même vhost que lstu avec juste
+<code>
+location = / {
+        auth_request /oauth2/auth;
+        error_page 401 = /oauth2/sign_in;
+        # # pass information via X-User and X-Email headers to backend,
+        # # requires running with --set-xauthrequest flag
+        auth_request_set $user   $upstream_http_x_auth_request_user;
+        auth_request_set $email  $upstream_http_x_auth_request_email;
+        proxy_set_header X-User  $user;
+        proxy_set_header X-Email $email;
+        # if you enabled --pass-access-token, this will pass the token to the backend
+        auth_request_set $token  $upstream_http_x_auth_request_access_token;
+        proxy_set_header X-Access-Token $token;
+        # if you enabled --cookie-refresh, this is needed for it to work with auth_request
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header Set-Cookie $auth_cookie;
+        # When using the --set-authorization-header flag, some provider's cookies can exceed the 4kb
+        # limit and so the OAuth2 Proxy splits these into multiple parts.
+        # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
+        # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
+        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;
+        # Extract the Cookie attributes from the first Set-Cookie header and append them
+        # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
+        if ($auth_cookie ~* "(; .*)") {
+                set $auth_cookie_name_0 $auth_cookie;
+        set $auth_cookie_name_1 "auth_cookie_name_1=$auth_cookie_name_upstream_1$1";
+        }
+        # Send both Set-Cookie headers now if there was a second part
+        if ($auth_cookie_name_upstream_1) {
+        add_header Set-Cookie $auth_cookie_name_0;
+        add_header Set-Cookie $auth_cookie_name_1;
+        }
+         # HTTPS only header, improves security
+         #add_header Strict-Transport-Security "max-age=15768000";
+         # Adapt this to your configuration (port, subdirectory (see below))
+         proxy_pass  http://192.168.1.84:8080;
+         # Really important! Lufi uses WebSocket, it won't work without this
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection "upgrade";
+         proxy_http_version 1.1;
+         proxy_set_header Host $host;
+         proxy_set_header X-Real-IP $remote_addr;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+         # If you want to log the remote port of the file senders, you'll need that
+         proxy_set_header X-Remote-Port $remote_port;
+         proxy_set_header X-Forwarded-Proto $scheme;
+         # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
+         proxy_redirect     off;
+    }
+</code>