mirror of https://gerrit.hackerspace.pl/hscloud
hswaw/beyondspace: fix https redirect pollution for local non-https services
Change-Id: I86505b571695e1bbcfccf869817f627140d7b596 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1786 Reviewed-by: informatic <informatic@hackerspace.pl>changes/86/1786/3
parent
d0920a5a9a
commit
13e6052b93
|
@ -39,13 +39,19 @@ in with lib; {
|
|||
'';
|
||||
|
||||
services.nginx.virtualHosts."beyond.waw.hackerspace.pl" = {
|
||||
forceSSL = true;
|
||||
# NOTE: we *can't* use forceSSL here for services that do not use HTTPS in
|
||||
# local network setups, since this will pollute browser's redirect cache...
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
serverAliases = attrNames beyondspaceDomains;
|
||||
|
||||
locations."/oauth2/" = {
|
||||
extraConfig = ''
|
||||
if ($scheme != https) {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
proxy_pass http://127.0.0.1:4180;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
@ -56,6 +62,10 @@ in with lib; {
|
|||
|
||||
locations."= /oauth2/auth" = {
|
||||
extraConfig = ''
|
||||
if ($scheme != https) {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
proxy_pass http://127.0.0.1:4180;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
@ -69,6 +79,10 @@ in with lib; {
|
|||
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
if ($scheme != https) {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
auth_request /oauth2/auth;
|
||||
error_page 401 = /oauth2/sign_in;
|
||||
|
||||
|
|
Loading…
Reference in New Issue