Skip to content

Commit

Permalink
docs(token-auth-keycloak): update nginx configuration (Joxit#303)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Joxit
Joxit committed May 8, 2023
1 parent a77103a commit ba322e0
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
15 changes: 15 additions & 0 deletions examples/token-auth-keycloak/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,23 @@ I will highlight required configuration for Basic Access Authentication Protocol
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}
# By default, keycloak returns 400 instead of 401, we need to change that
if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401;
}
Expand Down
17 changes: 16 additions & 1 deletion examples/token-auth-keycloak/conf/proxy/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ server {
set $registry "http://registry:5000";
set $ui "http://ui";


#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;

Expand Down Expand Up @@ -44,14 +43,30 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;

if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}

if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401;
}
proxy_pass $keycloak;
}

location /ui {
rewrite ^/ui/(.*) /$1 break;
proxy_pass $ui;
}

Expand Down

0 comments on commit ba322e0

Please sign in to comment.