73 lines
No EOL
1.4 KiB
Text
73 lines
No EOL
1.4 KiB
Text
(rp_skip_tls) {
|
|
reverse_proxy {args[0]} {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
}
|
|
(rp) {
|
|
reverse_proxy {args[0]}
|
|
}
|
|
(auth_path_handler) {
|
|
handle /oauth2/* {
|
|
reverse_proxy oauth2proxy:4180 {
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Uri {uri}
|
|
}
|
|
}
|
|
}
|
|
|
|
(auth_redirect) {
|
|
forward_auth oauth2proxy:4180 {
|
|
uri /oauth2/auth
|
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
|
header_up X-Real-IP {remote_host}
|
|
@error status 401 403
|
|
handle_response @error {
|
|
redir * /oauth2/sign_in?rd={scheme}://{host}{uri}
|
|
}
|
|
}
|
|
}
|
|
|
|
(protect) {
|
|
import auth_path_handler
|
|
handle {
|
|
import auth_redirect
|
|
import {args[0]} {args[1]}
|
|
}
|
|
}
|
|
|
|
(protected) {
|
|
@skip_tls {
|
|
expression `"{args[1]}" == "skip_verify"`
|
|
}
|
|
@no_skip_tls {
|
|
expression `"{args[1]}" != "skip_verify"`
|
|
}
|
|
handle /oauth2/* {
|
|
reverse_proxy oauth2proxy:4180 {
|
|
header_up X-Real-IP {remote_host}
|
|
header_up X-Forwarded-Uri {uri}
|
|
}
|
|
}
|
|
handle {
|
|
forward_auth oauth2proxy:4180 {
|
|
uri /oauth2/auth
|
|
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
|
header_up X-Real-IP {remote_host}
|
|
@error status 401 403
|
|
handle_response @error {
|
|
redir * /oauth2/sign_in?rd={scheme}://{host}{uri}
|
|
}
|
|
}
|
|
|
|
|
|
reverse_proxy @skip_tls {args[0]} {
|
|
transport http {
|
|
tls_insecure_skip_verify
|
|
}
|
|
}
|
|
reverse_proxy @no_skip_tls {args[0]}
|
|
|
|
}
|
|
} |