README: simplify nginx auth_request example
/oauth2/auth is not more sensitive than other /oauth2/ paths, does not need "internal" protection "spdy" protocol is obsolete, http2 is the thing to enable now. But it's orthogonal anyway. No need for two separate content/upstream location blocks in this example, reduce to just one, with a comment that it could be serving files instead of proxying.
This commit is contained in:
parent
ea2540bc89
commit
7f5672b433
17
README.md
17
README.md
@ -350,15 +350,10 @@ The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth
|
|||||||
|
|
||||||
```nginx
|
```nginx
|
||||||
server {
|
server {
|
||||||
listen 443 ssl spdy;
|
listen 443 ssl;
|
||||||
server_name ...;
|
server_name ...;
|
||||||
include ssl/ssl.conf;
|
include ssl/ssl.conf;
|
||||||
|
|
||||||
location = /oauth2/auth {
|
|
||||||
internal;
|
|
||||||
proxy_pass http://127.0.0.1:4180;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /oauth2/ {
|
location /oauth2/ {
|
||||||
proxy_pass http://127.0.0.1:4180;
|
proxy_pass http://127.0.0.1:4180;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
@ -367,7 +362,7 @@ server {
|
|||||||
proxy_set_header X-Auth-Request-Redirect $request_uri;
|
proxy_set_header X-Auth-Request-Redirect $request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /upstream/ {
|
location / {
|
||||||
auth_request /oauth2/auth;
|
auth_request /oauth2/auth;
|
||||||
error_page 401 = /oauth2/sign_in;
|
error_page 401 = /oauth2/sign_in;
|
||||||
|
|
||||||
@ -379,13 +374,7 @@ server {
|
|||||||
proxy_set_header X-Email $email;
|
proxy_set_header X-Email $email;
|
||||||
|
|
||||||
proxy_pass http://backend/;
|
proxy_pass http://backend/;
|
||||||
}
|
# or "root /path/to/site;" or "fastcgi_pass ..." etc
|
||||||
|
|
||||||
location / {
|
|
||||||
auth_request /oauth2/auth;
|
|
||||||
error_page 401 = https://example.com/oauth2/sign_in;
|
|
||||||
|
|
||||||
root /path/to/the/site;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user