-
Notifications
You must be signed in to change notification settings - Fork 1
/
iakim-auth.conf
55 lines (50 loc) · 1.86 KB
/
iakim-auth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
upstream iakim {
server 10.20.19.47:8080 max_fails=5 fail_timeout=3m;
# SSL upstream
#server 10.20.19.47:443 max_fails=5 fail_timeout=3m;
}
server {
listen 80;
server_name test-iakim.com.br;
# SSL Configs
#listen 8443;
#listen 443 ssl;
#listen [::]:443 ssl;
#ssl on;
#ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5:!LOW:!SSLv2:!EXPORT;
#ssl_certificate /etc/pki/tls/certs/test-iakim.com.br.cer;
#ssl_certificate_key /etc/pki/tls/private/test-iakim.com.br.key;
location / {
auth_request /auth-proxy;
access_log /var/log/nginx/access_iakim_log main;
error_log /var/log/nginx/error_iakim.log;
error_page 401 =200 /;
proxy_set_header Host $host;
proxy_pass http://iakim;
# SSL proxy pass
#proxy_pass https://iakim;
}
location /auth-proxy {
internal;
# Server daemon
proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_cache_valid 200 10m;
proxy_cache_key "$http_authorization$cookie_nginxauth";
# Server LDAP
proxy_set_header X-Ldap-URL "ldap://10.20.19.7:389";
#BaseDN for auth users
proxy_set_header X-Ldap-BaseDN "OU=Users,DC=iakim,DC=local";
#BindDN for auth in LDAP
proxy_set_header X-Ldap-BindDN "CN=iakim,OU=Users,DC=iakim,DC=local";
#BindPass for BindDN
proxy_set_header X-Ldap-BindPass "******";
proxy_set_header X-CookieName "nginxauth";
proxy_set_header X-Ldap-Realm "Restricted";
proxy_set_header X-Ldap-Template "(SAMAccountName=%(username)s)";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
}
}