gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(bbuddy): hakurei access

Browse source
This commit is contained in:
arcnmx 2024-03-22 11:36:30 -07:00
parent c51fdb847b
commit 34bca016b4
8 changed files with 97 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/nixos/nginx/vouch.nix
View file

@ -178,16 +178,20 @@
return 302 $vouch_url/login?url=$x_scheme://$x_forwarded_host$request_uri&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
'';
};
${cfg.auth.requestLocation} = {
${cfg.auth.requestLocation} = { config, ... }: {
proxyPass = "${vouch.proxyOrigin}/validate";
proxy.headers.enableRecommended = true;
proxy.headers.enableRecommended = false;
proxied.rewriteReferer = false;
extraConfig = let
# nginx-proxied vouch must use X-Forwarded-Host, but vanilla vouch requires Host
vouchProxyHost = if vouch.doubleProxy
then "''"
then "${config.proxy.host}"
else "$x_forwarded_host";
in ''
set $x_proxy_host ${vouchProxyHost};
proxy_set_header Host ${vouchProxyHost};
proxy_set_header X-Forwarded-Host $x_forwarded_host;
proxy_set_header Referer $x_referer;
proxy_set_header X-Forwarded-Proto $x_scheme;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
'';