kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
7ad1743758eecf06bc6dfbdf51f10550c6d9d4fc
baron-sso/gateway/nginx.conf
ai-cell-a100-1 7ecb19e397 fc
2026-04-24 15:22:45 +09:00

122 lines
3.9 KiB
Nginx Configuration File
Raw Blame History

# ISO8601 시간을 "YYYY-MM-DD HH:mm:ss" 형식으로 변환
map $time_iso8601 $time_custom {
"~^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})" "$1-$2-$3 $4:$5:$6";
}
log_format json_combined escape=json
'{'
'"time":"$time_custom",'
'"level":"INFO",'
'"msg":"http_access",'
'"svc":"baron-gateway",'
'"status":$status,'
'"method":"$request_method",'
'"path":"$request_uri",'
'"latency":"${request_time}s",'
'"ip":"$remote_addr",'
'"forwarded_for":"$http_x_forwarded_for",'
'"user_agent":"$http_user_agent"'
'}';
server {
listen 5000;
client_header_buffer_size 16k;
large_client_header_buffers 4 64k;
include /etc/nginx/mime.types;
types {
application/javascript mjs;
}
resolver 127.0.0.11 valid=10s ipv6=off;
set $backend_upstream http://backend:23000;
set $userfront_upstream http://userfront:5000;
set $oathkeeper_upstream http://oathkeeper:4455;
error_log /dev/stderr warn;
access_log /var/log/nginx/access.log json_combined;
# --- CRITICAL: OIDC & OAuth2 (Must be at the TOP with ^~ to prevent falling through to /) ---
# Discovery Document
location ^~ /.well-known/openid-configuration {
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# OAuth2 Auth/Token Endpoints (Standard)
location ^~ /oauth2/ {
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# OAuth2 Auth/Token Endpoints (Localized - /ko/oauth2)
location ^~ /ko/oauth2/ {
rewrite ^/ko/oauth2/(.*)$ /oauth2/$1 break;
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# OAuth2 Auth/Token Endpoints (Localized - /en/oauth2)
location ^~ /en/oauth2/ {
rewrite ^/en/oauth2/(.*)$ /oauth2/$1 break;
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# OIDC Endpoints (Localized - /ko/oidc, /en/oidc)
location ^~ /ko/oidc/ {
rewrite ^/ko/oidc/(.*)$ /oidc/$1 last;
}
location ^~ /en/oidc/ {
rewrite ^/en/oidc/(.*)$ /oidc/$1 last;
}
# --- Other Services ---
location /api {
proxy_pass $backend_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth {
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /oidc {
rewrite ^/oidc/(.*)$ /$1 break;
proxy_pass $oathkeeper_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# --- Default: UserFront ---
location / {
proxy_pass $userfront_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
View Git Blame Copy Permalink