nginx url从查询参数重定向

时间:2016-05-05 20:45:11

标签: redirect nginx oauth

您好我在我控制的许多子域上使用oauth。要处理所有需要身份验证的多个子域,我在Docker容器中使用oauth2_proxy(https://github.com/bitly/oauth2_proxy)。我的网络应用程序也在docker容器中。当我关闭身份验证时,一切正常。

以下nginx配置的灵感来源于https://github.com/18F/hub/blob/master/deploy/SSO.md

这一切都适用于第一个域,但第二个域转发到第一个域。我不认为重定向配置正确吗?

我想我已经关闭了!

upstream dashboard.example.com {
            # dashboard
            server 172.17.0.6:9000;
}
server {
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    server_name dashboard.example.com;
    proxy_buffering off;
    error_log /proc/self/fd/2;
    access_log /proc/self/fd/1;

    location = /oauth2/start {
      proxy_pass http://172.17.0.4:4180/oauth2/start?rd=%2F$server_name$arg_rd;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Scheme $scheme;
      proxy_connect_timeout 1;
      proxy_send_timeout 30;
      proxy_read_timeout 30;
    }
    location / {
        proxy_pass http://172.17.0.4:4180/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}
upstream internal.example.com {
            # wiki
            server 172.17.0.5:5000;
}
server {
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    server_name internal.example.com;
    proxy_buffering off;
    error_log /proc/self/fd/2;
    access_log /proc/self/fd/1;

    location = /oauth2/start {
      proxy_pass http://172.17.0.4:4180/oauth2/start?rd=%2F$server_name$arg_rd;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Scheme $scheme;
      proxy_connect_timeout 1;
      proxy_send_timeout 30;
      proxy_read_timeout 30;
    }
    location / {
        proxy_pass http://172.17.0.4:4180/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
}

server {
    server_name auth.example.com;
    location = /oauth2/callback {
        proxy_pass http://172.17.0.4:4180;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
    location = /oauth2/start {
        proxy_pass http://172.17.0.4:4180;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
    }
    location "~^/(?<target_host>[^/]+).example.com/(?<remaining_uri>.*)$" {
        rewrite ^ $scheme://$target_host.example.com/$remaining_uri;
    }

    location / {
        deny all;
    }
}

0 个答案:

没有答案
相关问题
最新问题