Skip to content
Snippets Groups Projects
Commit e14e7655 authored by Julian's avatar Julian
Browse files

Addded headers-more module to example nginx config to prevent spoofing

parent 964a29a9
No related branches found
No related tags found
No related merge requests found
......@@ -2,6 +2,8 @@
pid nginx.pid;
error_log nginx.err.log;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
events {
worker_connections 768;
}
......@@ -16,6 +18,9 @@ http {
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
ssl on;
ssl_certificate ../devcert.crt;
ssl_certificate_key ../devcert.key;
server {
#listen 50004;
#listen [::]:5004;
......@@ -28,21 +33,23 @@ http {
location /test {
auth_request /oauthproxy/auth;
auth_request_set $auth_header $upstream_http_REMOTE_USER;
proxy_set_header REMOTE_USER $auth_header;
more_clear_input_headers REMOTE-USER; # prevent spoofing
proxy_set_header REMOTE-USER $auth_header;
proxy_pass http://localhost:5003;
}
location /oauthproxy/ {
proxy_set_header X-REDIRECT-URI "http://localhost:5004/oauthproxy/callback";
proxy_set_header X-REDIRECT-URI "https://localhost:5004/oauthproxy/callback";
proxy_set_header X-CLIENT-ID "test";
proxy_set_header X-CLIENT-SECRET "testsecret";
proxy_set_header X-SCOPE "userinfo";
proxy_pass http://localhost:5002/;
proxy_ssl_verify off;
proxy_pass https://localhost:5002/;
}
error_page 401 = @error401;
location @error401 {
return 302 /oauthproxy/login?url=http://$http_host$request_uri;
return 302 /oauthproxy/login?url=https://$http_host$request_uri;
}
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment