From 36b25202613b50bcd053987800f949f3206e629a Mon Sep 17 00:00:00 2001 From: zino Date: Tue, 5 Dec 2023 22:23:48 +0100 Subject: [PATCH] m --- volumes/conf.d/code.zinomedia.de.conf | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/volumes/conf.d/code.zinomedia.de.conf b/volumes/conf.d/code.zinomedia.de.conf index fd1c3e8..156d4a5 100644 --- a/volumes/conf.d/code.zinomedia.de.conf +++ b/volumes/conf.d/code.zinomedia.de.conf @@ -1,4 +1,4 @@ -log_format custom2 'code | request_uri: $request_uri | '; +log_format custom2 'code | request_uri: $request_uri | http_host: $http_host | auth_resp_x_vouch_user: $auth_resp_x_vouch_user | upstream_http_x_vouch_user: $upstream_http_x_vouch_user | auth_resp_jwt: $auth_resp_jwt | upstream_http_x_vouch_jwt: $upstream_http_x_vouch_jwt | auth_resp_err: $auth_resp_err | upstream_http_x_vouch_err: $upstream_http_x_vouch_err | auth_resp_failcount: $auth_resp_failcount | upstream_http_x_vouch_failcount: $upstream_http_x_vouch_failcount'; server { listen 443 ssl; @@ -28,7 +28,22 @@ server { location = /auth { internal; - proxy_pass https://validate.vouch.armos.zinomedia.de$request_uri; + proxy_pass https://validate.vouch.armos.zinomedia.de; + + # be sure to pass the original host header + proxy_set_header Host $http_host; + + # Vouch Proxy only acts on the request headers + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + + # optionally add X-Vouch-User as returned by Vouch Proxy along with the request + auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; + + # these return values are used by the @error401 call + auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; + auth_request_set $auth_resp_err $upstream_http_x_vouch_err; + auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; } # location = /validate {