From 2307a32df2f23371085d32483796986f58df04f8 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 30 Jan 2018 00:16:30 +0100 Subject: fix auth --- etc/nginx/sites-enabled/test.site | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) (limited to 'etc/nginx') diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site index 3066042..8420010 100644 --- a/etc/nginx/sites-enabled/test.site +++ b/etc/nginx/sites-enabled/test.site @@ -200,29 +200,33 @@ server { proxy_set_header X-Forwarded-Proto "https"; } - location / { + location /public { # Redirection technique explainted at # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ error_page 418 = @blue; error_page 419 = @green; recursive_error_pages on; - # This is very ugly, but necessary since NGINX - # can't do multiple conditions or nexted ifs + if ($http_x_taler_deployment_color ~ "blue") { return 418; } + if ($http_x_taler_deployment_color ~ "green") { return 419; } + proxy_set_header X-Forwarded-Host "backend.test.taler.net"; + proxy_set_header X-Forwarded-Proto "https"; + proxy_pass http://unix:/home/test/sockets/merchant.http:/public; + proxy_redirect off; + proxy_set_header Host $host; + } - if ($request_filename !~ "^/public/?.*$") { - # restricted! - set $authresult "r"; - } + location / { + # Redirection technique explainted at + # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ + error_page 418 = @blue; + error_page 419 = @green; + recursive_error_pages on; - if ($http_authorization = "ApiKey sandbox") { - # auth successful - set $authresult "${authresult}y"; - } - if ($authresult = "r") { - # restricted but not authorized + if ($http_authorization != "ApiKey sandbox") { return 401; } + if ($http_x_taler_deployment_color ~ "blue") { return 418; } if ($http_x_taler_deployment_color ~ "green") { return 419; } proxy_set_header X-Forwarded-Host "backend.test.taler.net"; -- cgit v1.2.3