README: simplify nginx auth_request example

/oauth2/auth is not more sensitive than other /oauth2/ paths,
does not need "internal" protection

"spdy" protocol is obsolete, http2 is the thing to enable now.
But it's orthogonal anyway.

No need for two separate content/upstream location blocks in
this example, reduce to just one, with a comment that it could
be serving files instead of proxying.
This commit is contained in:
Pierce Lopez 2017-04-24 17:56:15 -04:00
parent ea2540bc89
commit 7f5672b433

View File

@ -350,15 +350,10 @@ The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth
```nginx ```nginx
server { server {
listen 443 ssl spdy; listen 443 ssl;
server_name ...; server_name ...;
include ssl/ssl.conf; include ssl/ssl.conf;
location = /oauth2/auth {
internal;
proxy_pass http://127.0.0.1:4180;
}
location /oauth2/ { location /oauth2/ {
proxy_pass http://127.0.0.1:4180; proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host; proxy_set_header Host $host;
@ -367,7 +362,7 @@ server {
proxy_set_header X-Auth-Request-Redirect $request_uri; proxy_set_header X-Auth-Request-Redirect $request_uri;
} }
location /upstream/ { location / {
auth_request /oauth2/auth; auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in; error_page 401 = /oauth2/sign_in;
@ -379,13 +374,7 @@ server {
proxy_set_header X-Email $email; proxy_set_header X-Email $email;
proxy_pass http://backend/; proxy_pass http://backend/;
} # or "root /path/to/site;" or "fastcgi_pass ..." etc
location / {
auth_request /oauth2/auth;
error_page 401 = https://example.com/oauth2/sign_in;
root /path/to/the/site;
} }
} }
``` ```