add dsvpn

nginx-sso/nginx/conf.d/include/sso.inc

@@ -0,0 +1,36 @@
+# Protect this location using the auth_request
+auth_request /sso-auth;
+
+# Redirect the user to the login page when they are not logged in
+error_page 401 = @error401;
+
+location /sso-auth {
+    # Do not allow requests from outside
+    internal;
+
+    # Access /auth endpoint to query login state
+    proxy_pass http://172.17.0.1:8082/auth;
+
+    # Do not forward the request body (nginx-sso does not care about it)
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+
+    # Set custom information for ACL matching: Each one is available as
+    # a field for matching: X-Host = x-host, ...
+    proxy_set_header X-Origin-URI $request_uri;
+    proxy_set_header X-Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+}
+
+# If the user is lead to /logout redirect them to the logout endpoint
+# of ngninx-sso which then will redirect the user to / on the current host
+location /sso-logout {
+    return 302 https://login.yourdomain.com/logout?go=$scheme://$http_host/;
+}
+
+# Define where to send the user to login and specify how to get back
+location @error401 {
+    return 302 https://login.yourdomain.com/login?go=$scheme://$http_host$request_uri;
+}