m

2023-12-05 17:34:06 +01:00
parent 10f40557af
commit f5b7a29ed3
1 changed files with 13 additions and 5 deletions
--- a/volumes/conf.d/code.zinomedia.de.conf
+++ b/volumes/conf.d/code.zinomedia.de.conf
@@ -1,3 +1,7 @@
+upstream vouch_proxy {
+    server vouch:9090;
+}
+
 server {
    listen 443 ssl;
    #listen [::]:443 ssl;
@@ -22,10 +26,6 @@ server {
    # send all requests to the `/validate` endpoint for authorization
    auth_request /validate;

-    resolver 127.0.0.11 valid=60s ipv6=off;
-    resolver_timeout 10s;
-    set $upstream "vouch:9090";
-
    location = /validate {
        # forward the /validate request to Vouch Proxy
        #proxy_pass http://127.0.0.1:9090/validate;
@@ -33,6 +33,9 @@ server {
        # forward the /validate request to Vouch Proxy
        #proxy_pass http://vouch:9090/validate;

+        
+        
+
        # be sure to pass the original host header
        proxy_set_header Host $http_host;

@@ -47,8 +50,13 @@ server {
        auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
        auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
        auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+        
+        #resolver 127.0.0.11 valid=60s ipv6=off;
+        #resolver_timeout 10s;
+        #set $upstream "http://vouch:9090/validate";
+        #proxy_pass $upstream;

-        proxy_pass http://$upstream/validate;
+        proxy_pass http://vouch_proxy/validate;
    }

    # if validate returns `401 not authorized` then forward the request to the error401block