Use DRY templates. Now adding services is much simplier.

Siecje · Aug 30, 2017 · 6187a09 · 6187a09
1 parent 43dd0d4
commit 6187a09
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 71 deletions.
diff --git a/README.md b/README.md
@@ -45,6 +45,12 @@ cd nginx-auth-proxy
 
 ```shell
 sudo rm /etc/nginx/sites-enabled/default
+sudo mkdir /etc/nginx/include.d/
+```
+
+```shell
+sudo ln -s `pwd`/include.d/authentication.include /etc/nginx/include.d/authentication.include
+sudo ln -s `pwd`/include.d/application.include /etc/nginx/include.d/application.include
 ```
 
 ```shell

diff --git a/conf.d/service1.conf b/conf.d/service1.conf
@@ -11,44 +11,11 @@ server {
 
     # Protected application
     location / {
-        # Requests must be authenticated
-        auth_request /auth-proxy;
-
-        # Relay the REMOTE_USER and X-WEBAUTH-USER headers
-        # From the response of the authentication request
-        # To the service
-        auth_request_set $remoteUser $upstream_http_REMOTE_USER;
-        proxy_set_header REMOTE_USER $remoteUser;
-
-        auth_request_set $xWebauthUser $upstream_http_X_WEBAUTH_USER;
-        proxy_set_header X-WEBAUTH-USER $xWebauthUser;
-
-        # redirect 401 and 403 to login form
-        error_page 401 403 /login;
+        include /etc/nginx/include.d/application.include;
 
         proxy_pass http://service1/;
     }
 
-    location /login {
-        proxy_pass http://authenticator/login;
-        proxy_set_header Host $host:$server_port;
-        proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-
-    location /auth-proxy {
-        internal;
+    include /etc/nginx/include.d/authentication.include;
 
-        proxy_pass http://authenticator/;
-
-        proxy_pass_request_body off;
-        proxy_set_header Content-Length "";
-
-        proxy_set_header X-Real-IP $remote_addr;
-
-        # Login service returns a redirect to the original URI
-        # and sets the cookie for the authenticator
-        proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header Host $host:$server_port;
-    }
 }
diff --git a/conf.d/service2.conf b/conf.d/service2.conf
@@ -11,44 +11,10 @@ server {
 
     # Protected application
     location / {
-        # Requests must be authenticated
-        auth_request /auth-proxy;
-
-        # Relay the REMOTE_USER and X-WEBAUTH-USER headers
-        # From the response of the authentication request
-        # To the service
-        auth_request_set $remoteUser $upstream_http_REMOTE_USER;
-        proxy_set_header REMOTE_USER $remoteUser;
-
-        auth_request_set $xWebauthUser $upstream_http_X_WEBAUTH_USER;
-        proxy_set_header X-WEBAUTH-USER $xWebauthUser;
-
-        # redirect 401 and 403 to login form
-        error_page 401 403 /login;
+        include /etc/nginx/include.d/application.include;
 
         proxy_pass http://service2/;
     }
 
-    location /login {
-        proxy_pass http://authenticator/login;
-        proxy_set_header Host $host:$server_port;
-        proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-
-    location /auth-proxy {
-        internal;
-
-        proxy_pass http://authenticator/;
-
-        proxy_pass_request_body off;
-        proxy_set_header Content-Length "";
-
-        proxy_set_header X-Real-IP $remote_addr;
-
-        # Login service returns a redirect to the original URI
-        # and sets the cookie for the authenticator
-        proxy_set_header X-Original-URI $request_uri;
-        proxy_set_header Host $host:$server_port;
-    }
+    include /etc/nginx/include.d/authentication.include;
 }
diff --git a/include.d/application.include b/include.d/application.include
@@ -0,0 +1,14 @@
+# Requests must be authenticated
+auth_request /auth-proxy;
+
+# Relay the REMOTE_USER and X-WEBAUTH-USER headers
+# From the response of the authentication request
+# To the service
+auth_request_set $remoteUser $upstream_http_REMOTE_USER;
+proxy_set_header REMOTE_USER $remoteUser;
+
+auth_request_set $xWebauthUser $upstream_http_X_WEBAUTH_USER;
+proxy_set_header X-WEBAUTH-USER $xWebauthUser;
+
+# redirect 401 and 403 to login form
+error_page 401 403 /login;
diff --git a/include.d/authentication.include b/include.d/authentication.include
@@ -0,0 +1,22 @@
+location /login {
+    proxy_pass http://authenticator/login;
+    proxy_set_header Host $host:$server_port;
+    proxy_set_header X-Original-URI $request_uri;
+    proxy_set_header X-Real-IP $remote_addr;
+}
+
+location /auth-proxy {
+    internal;
+
+    proxy_pass http://authenticator/;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+
+    proxy_set_header X-Real-IP $remote_addr;
+
+    # Login service returns a redirect to the original URI
+    # and sets the cookie for the authenticator
+    proxy_set_header X-Original-URI $request_uri;
+    proxy_set_header Host $host:$server_port;
+}