commit f0c746b30f4e3e99b799aca830bce4a13db330b1 parent 4d0f03c4992455a71e2cde3ddc5fe1ae162ab44e Author: Florian Dold <florian.dold@gmail.com> Date: Mon, 29 Jan 2018 23:55:49 +0100 protect test backend with apikey Diffstat:
| M | etc/nginx/sites-enabled/test.site | | | 17 | +++++++++++++++++ |
1 file changed, 17 insertions(+), 0 deletions(-)
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site @@ -206,6 +206,23 @@ server { error_page 418 = @blue; error_page 419 = @green; recursive_error_pages on; + + # This is very ugly, but necessary since NGINX + # can't do multiple conditions or nexted ifs + + if ($request_filename !~ "^/public/?.*$") { + # restricted! + set $authresult "r"; + } + + if ($http_authorization = "ApiKey sandbox") { + # auth successful + set $authresult "${authresult}y"; + } + if ($authresult = "r") { + # restricted but not authorized + return 401 "Unauthorized"; + } if ($http_x_taler_deployment_color ~ "blue") { return 418; } if ($http_x_taler_deployment_color ~ "green") { return 419; } proxy_set_header X-Forwarded-Host "backend.test.taler.net";