Linux命令 Nginx sso

原文链接： Linux命令 Nginx sso

https://github.com/bnfinet/lasso go
https://github.com/clems4ever/authelia nodejs

https://heipei.github.io/2015/09/23/nginx-sso-Simple-offline-SSO-for-nginx/

# This is the vserver for the service that you want to protect.
	server {
		server_name secret.domain.dev;
		listen 8080;

		# It has one /auth URI which is the endpoint that protected
		# resources have to query. The /auth endpoint does not need the
		# request_body, but it obviously needs the IP, Host and
		# original URI for the request.
		location = /auth {
			internal;

			proxy_pass http://127.0.0.1:8082;

			proxy_pass_request_body     off;

			proxy_set_header Content-Length "";
			proxy_set_header X-Original-URI $request_uri;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;

		}

		# This is an example of a protected resource. The first line
		# should be auth_request. If you want to pass the headers from
		# the authentication backend to your application (Remote-User
		# etc), you'll have to include the lines with auth_request_set
		# and proxy_set header.
		location /secret {
			auth_request /auth;

			auth_request_set $user $upstream_http_remote_user;
			proxy_set_header Remote-User $user;
			auth_request_set $groups $upstream_http_remote_groups;
			proxy_set_header Remote-Groups $groups;
			auth_request_set $expiry $upstream_http_remote_expiry;
			proxy_set_header Remote-Expiry $expiry;

			#return 200 "Open Sesame!";
			proxy_pass http://127.0.0.1:52342;
		}

	}

	# This is the vserver for your login service
	server {
		server_name login.domain.dev;
		listen 8080 default_server;

		# The login endpoint also needs the Host and real IP of the
		# client to build the sso cookie.
		location /login {
			proxy_set_header X-Original-URI $request_uri;
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_pass http://127.0.0.1:8081;

		}
}