-
Notifications
You must be signed in to change notification settings - Fork 11
/
server.conf
44 lines (38 loc) · 1.12 KB
/
server.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
root /usr/share/nginx/html;
# anyone with a UW NetID can access this
location / {
auth_request /saml/status;
auth_request_set $auth_user $upstream_http_x_saml_user;
error_page 401 = @login_required;
proxy_pass http://saml:5000/status;
}
# user must be a member of uw_it_all
location /secure {
auth_request /saml/status/group/uw_it_all;
error_page 401 = @login_required;
alias /usr/share/nginx/html;
}
# user needs 2FA
location /2fa {
auth_request /saml/status/2fa;
error_page 401 = @2fa_required;
alias /usr/share/nginx/html;
}
location /saml/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Prefix /saml/;
proxy_pass http://saml:5000/;
}
location @login_required {
return 302 https://$http_host/saml/login$request_uri;
}
location @2fa_required {
return 302 https://$http_host/saml/2fa$request_uri;
}
}