Skip to content

Commit

Permalink
Testing
Browse files Browse the repository at this point in the history
  • Loading branch information
@PhongT16
PhongT16 committed Sep 12, 2024
1 parent de01ae5 commit f796e96
Showing 1 changed file with 4 additions and 116 deletions.
120 changes: 4 additions & 116 deletions CILogon/nginx.conf.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ http {
lua_shared_dict jwks 1m;
lua_shared_dict sessions 10m;

init_by_lua_block {
require("resty.core")
ngx.log(ngx.ERR, "OpenResty initialization started")
}
#init_by_lua_block {
# require("resty.core")
# ngx.log(ngx.ERR, "OpenResty initialization started")
#}

sendfile on;

Expand Down Expand Up @@ -61,119 +61,7 @@ http {

ngx.log(ngx.ERR, "Authentication successful, session created")
}

# proxy_set_header Host ${TARGET_FQDN};
proxy_set_header Host $host;
proxy_set_header Authorization "Bearer ${PAT}"; # Your PAT
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection Keep-Alive;
proxy_cache_bypass $http_pragma;
proxy_no_cache $http_pragma;
proxy_pass https://${TARGET_FQDN};

proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header Cookie $http_cookie;
proxy_set_header User-Agent $http_user_agent;

proxy_set_header Origin "https://wiki.ncsa.illinois.edu";
proxy_set_header Referer "https://wiki.ncsa.illinois.edu/plugins/personalaccesstokens/usertokens.action";

proxy_set_header X-Atlassian-Token no-check;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";

#proxy_hide_header Content-Security-Policy;

#add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;

add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Origin, Authorization, X-Requested-With, Content-Type, Accept" always;

add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

}


location /redirect_uri {
access_by_lua_block {
local opts = {
redirect_uri = "http://${PROXY_FQDN}/redirect_uri",
discovery = "https://cilogon.org/.well-known/openid-configuration",
client_id = "cilogon:/client_id/9c02e8c0e767934c8e0bb60807dfa39",
client_secret = "${CLIENT_SECRET}",
ssl_verify = "no",
scope = "openid email profile org.cilogon.userinfo",
redirect_uri_scheme = "http",
session_contents = {id_token=true},
renew_access_token_on_expiry = true,
accept_none_alg = false
}

ngx.log(ngx.ERR, "Starting OpenID Connect authentication")

local res, err = require("resty.openidc").authenticate(opts)

if err then
ngx.log(ngx.ERR, "Authentication failed: " .. err)
ngx.status = 403
ngx.say(err)
ngx.exit(ngx.HTTP_FORBIDDEN)
end

ngx.log(ngx.ERR, "Authentication successful, session created")
}

proxy_set_header Host ${TARGET_FQDN};
proxy_set_header Authorization "Bearer ${PAT}"; # Your PAT
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection Keep-Alive;
proxy_set_body $request_body;
proxy_pass https://${TARGET_FQDN};

proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header Cookie $http_cookie;
proxy_set_header User-Agent $http_user_agent;

proxy_set_header Origin "https://wiki.ncsa.illinois.edu";
proxy_set_header Referer "https://wiki.ncsa.illinois.edu/plugins/personalaccesstokens/usertokens.action";

proxy_set_header X-Atlassian-Token no-check;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";

#proxy_hide_header Content-Security-Policy;

#add_header Content-Security-Policy "default-src 'self' https://wiki.ncsa.illinois.edu 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://wiki.ncsa.illinois.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wiki.ncsa.illinois.edu; style-src 'self' 'unsafe-inline' https://wiki.ncsa.illinois.edu; connect-src 'self' https://wiki.ncsa.illinois.edu https://wiki.ncsa.illinois.edu/synchrony; frame-src 'self' https://wiki.ncsa.illinois.edu;" always;

add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Origin, Authorization, X-Requested-With, Content-Type, Accept" always;

add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

}


}
}

0 comments on commit f796e96

Please sign in to comment.