-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathnginx_authorize_by_lua-aws.conf
126 lines (107 loc) · 3.65 KB
/
nginx_authorize_by_lua-aws.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Generate passwords:
#
# $ printf "nobody:$(openssl passwd -crypt nobody)\n" >> passwords
# $ printf "all:$(openssl passwd -crypt all)\n" >> passwords
# $ printf "user:$(openssl passwd -crypt user)\n" >> passwords
# $ printf "admin:$(openssl passwd -crypt admin)\n" >> passwords
#
# Install the Nginx with Lua support ("openresty"):
#
# $ wget http://openresty.org/download/ngx_openresty-1.4.3.9.tar.gz
# $ tar xf ngx_openresty-*
# $ cd ngx_openresty-*
# $
# $ ./configure --with-luajit
# $ # ./configure --with-luajit --with-cc-opt="-I/usr/local/include" --with-ld-opt="-L/usr/local/lib" # Mac OS X w/ Homebrew
# $ make && make install
#
# More information: http://openresty.org/#Installation
#
# See the Lua source code in `authorize.lua`
#
# Run:
#
# $ /usr/local/openresty/nginx/sbin/nginx -p $PWD/nginx/ -c $PWD/nginx_authorize_by_lua.conf
worker_processes 1;
error_log logs/lua.log debug;
events {
worker_connections 1024;
}
http {
rewrite_log on;
# redirect users to https
server {
listen 80;
server_name g2p-test.ddns.net; # change this to your host
location / {
return 301 https://$server_name$request_uri;
}
}
# all access via https
server {
listen 443 ssl;
server_name g2p-test.ddns.net; # change this to your host
# certs
ssl_certificate /certs/fullchain.pem;
ssl_certificate_key /certs/privkey.pem;
# authorization code
access_by_lua_file conf/authorize.lua;
# exact match, no url. send to static page
location = / {
rewrite ^ /g2p last;
}
# asked for static page
#location /g2p {
# rewrite ^ /kibana last;
# }
location = /demo-ui {
return 302 https://$server_name/demo-ui/index.html;
}
location /demo-ui {
rewrite /demo-ui/(.*) /static-html/demo-ui/$1 ;
}
location /favicon.ico {
rewrite /(.*) /static-html/demo-ui/favicon.ico last;
}
# static pages served from /var/www
location /static-html {
root /var/www;
}
# administration
location /admin {
# basic authentication for all access
auth_basic "admin";
auth_basic_user_file .htpasswd;
error_page 404 = @admin;
}
location @admin {
rewrite ^ /g2p last;
}
# asked for kibana
location /kibana {
return 302 https://g2p-test.ddns.net/g2p#/dashboard/9e921030-37aa-11e7-b744-3f569d1a1d0c;
}
# asked for api
location /api {
proxy_pass http://api:8080;
proxy_buffering off;
proxy_pass_request_headers on;
proxy_set_header Authorization "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# asked for anything else
location / {
proxy_pass https://search-g2p-test-7-ygk4dfad7tp6hptnnyc7lwf6aq.us-west-2.es.amazonaws.com;
proxy_buffering off;
proxy_pass_request_headers on;
proxy_set_header Authorization "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}