Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

si:lufim [2021/02/22 09:42] (Version actuelle)
dino créée
Ligne 1: Ligne 1:
 +COnfig vhost pour lufim en SSO via oauth2proxy
 +
 +<​code>​
 +location / {
 +        proxy_pass http://​192.168.1.84:​8080;​
 +        # Really important! Lufi uses WebSocket, it won't work without this
 +        proxy_set_header Upgrade $http_upgrade;​
 +        proxy_set_header Connection "​upgrade";​
 +
 +        proxy_http_version 1.1;
 +        proxy_set_header Host $host;
 +        proxy_set_header X-Real-IP $remote_addr;​
 +        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;​
 +
 +        # If you want to log the remote port of the file senders, you'll need that
 +        proxy_set_header X-Remote-Port $remote_port;​
 +
 +        proxy_set_header X-Forwarded-Proto $scheme;
 +
 +        # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
 +        proxy_redirect ​    off;
 +
 +        }
 +</​code>​
 +
 +et pour la partie accueil qui est authentifier le même vhost que lstu avec juste
 +<​code>​
 +location = / {
 +        auth_request /​oauth2/​auth;​
 +        error_page 401 = /​oauth2/​sign_in;​
 +        # # pass information via X-User and X-Email headers to backend,
 +        # # requires running with --set-xauthrequest flag
 +        auth_request_set $user   ​$upstream_http_x_auth_request_user;​
 +        auth_request_set $email ​ $upstream_http_x_auth_request_email;​
 +        proxy_set_header X-User ​ $user;
 +        proxy_set_header X-Email $email;
 +
 +        # if you enabled --pass-access-token,​ this will pass the token to the backend
 +        auth_request_set $token ​ $upstream_http_x_auth_request_access_token;​
 +        proxy_set_header X-Access-Token $token;
 +
 +        # if you enabled --cookie-refresh,​ this is needed for it to work with auth_request
 +        auth_request_set $auth_cookie $upstream_http_set_cookie;​
 +        add_header Set-Cookie $auth_cookie;​
 +
 +        # When using the --set-authorization-header flag, some provider'​s cookies can exceed the 4kb
 +        # limit and so the OAuth2 Proxy splits these into multiple parts.
 +        # Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
 +        # so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
 +        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;​
 +
 +        # Extract the Cookie attributes from the first Set-Cookie header and append them
 +        # to the second part ($upstream_cookie_* variables only contain the raw cookie content)
 +        if ($auth_cookie ~* "(; .*)") {
 +                set $auth_cookie_name_0 $auth_cookie;​
 +        set $auth_cookie_name_1 "​auth_cookie_name_1=$auth_cookie_name_upstream_1$1";​
 +        }
 +
 +        # Send both Set-Cookie headers now if there was a second part
 +        if ($auth_cookie_name_upstream_1) {
 +        add_header Set-Cookie $auth_cookie_name_0;​
 +        add_header Set-Cookie $auth_cookie_name_1;​
 +        }
 +
 +         # HTTPS only header, improves security
 +         #​add_header Strict-Transport-Security "​max-age=15768000";​
 +
 +         # Adapt this to your configuration (port, subdirectory (see below))
 +         ​proxy_pass ​ http://​192.168.1.84:​8080;​
 +
 +         # Really important! Lufi uses WebSocket, it won't work without this
 +         ​proxy_set_header Upgrade $http_upgrade;​
 +         ​proxy_set_header Connection "​upgrade";​
 +         ​proxy_http_version 1.1;
 +         ​proxy_set_header Host $host;
 +         ​proxy_set_header X-Real-IP $remote_addr;​
 +         ​proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;​
 +
 +         # If you want to log the remote port of the file senders, you'll need that
 +         ​proxy_set_header X-Remote-Port $remote_port;​
 +         ​proxy_set_header X-Forwarded-Proto $scheme;
 +
 +         # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
 +         ​proxy_redirect ​    off;
 +    }
 +
 +</​code>​
  
 
/var/lib/dokuwiki/data/pages/si/lufim.txt · Dernière modification: 2021/02/22 09:42 par dino
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Debian Driven by DokuWiki