I want to use an external authentication service to protect my api backend. For that I want to use nginx. Because this is deployed on Docker the IP number of the upstream backend services can change. Both auth and api-server are services that do not have static IP.
Two issues for this (for which I have found workarounds):
1. I need to use "break;" in the /auth location block. Why?
2. I needed to use a separate variable name for the $proxyurl variable. Why?
Thank you for any insights on this!
[code]
server {
listen 80;
server_name nginx;
location /auth {
internal;
set $proxyurl_auth http://auth:3000;
proxy_pass $proxyurl_auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
break;
}
location / {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
set $proxyurl http://api-server:3000;
proxy_pass $proxyurl;
proxy_read_timeout 90;
}
}
[/code]
Two issues for this (for which I have found workarounds):
1. I need to use "break;" in the /auth location block. Why?
2. I needed to use a separate variable name for the $proxyurl variable. Why?
Thank you for any insights on this!
[code]
server {
listen 80;
server_name nginx;
location /auth {
internal;
set $proxyurl_auth http://auth:3000;
proxy_pass $proxyurl_auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
break;
}
location / {
auth_request /auth;
auth_request_set $auth_status $upstream_status;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
set $proxyurl http://api-server:3000;
proxy_pass $proxyurl;
proxy_read_timeout 90;
}
}
[/code]