b50126675a
AgentConnect apparently requires the userinfo endpoint to return a signed JWT.
51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
resolver 127.0.0.11;
|
|
charset utf-8;
|
|
|
|
server {
|
|
server_name satosa.traefik.me;
|
|
listen 443 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
location / {
|
|
set $backend "http://app-dev:8000";
|
|
proxy_pass $backend; # using a variable to force late name resolution
|
|
|
|
# Set headers so downstream app will know what URL the client is using
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $host:443;
|
|
proxy_set_header X-Forwarded-Port 443;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
# SAML headers are big
|
|
proxy_buffering off;
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name oidc-test-client.traefik.me;
|
|
listen 443 ssl;
|
|
ssl_certificate /etc/nginx/certs/cert.pem;
|
|
ssl_certificate_key /etc/nginx/certs/key.pem;
|
|
|
|
location / {
|
|
set $backend "http://oidc-test-client:5000";
|
|
proxy_pass $backend; # using a variable to force late name resolution
|
|
|
|
# Set headers so downstream app will know what URL the client is using
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $host:443;
|
|
proxy_set_header X-Forwarded-Port 443;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
}
|