From 207697eb0cdcf99af764360eeb6d1ab54ec4b8b0 Mon Sep 17 00:00:00 2001
From: zino <marlon.maschkiwitz@4players.io>
Date: Tue, 5 Dec 2023 19:09:04 +0100
Subject: [PATCH] m

---
 volumes/snippets/enable-vouch.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/volumes/snippets/enable-vouch.conf b/volumes/snippets/enable-vouch.conf
index f5c15d9..61fd74f 100644
--- a/volumes/snippets/enable-vouch.conf
+++ b/volumes/snippets/enable-vouch.conf
@@ -3,6 +3,21 @@ auth_request /validate;
 
 location = /validate {
     proxy_pass https://validate.vouch.armos.zinomedia.de;
+
+    # be sure to pass the original host header
+    proxy_set_header Host $http_host;
+
+    # Vouch Proxy only acts on the request headers
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+
+    # optionally add X-Vouch-User as returned by Vouch Proxy along with the request
+    auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
+
+    # these return values are used by the @error401 call
+    auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+    auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+    auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
 }
 
 # if validate returns `401 not authorized` then forward the request to the error401block