error_page 401 = @error401; location /challenge_access { # forward the /validate request to Vouch Proxy proxy_pass http://auth:9090; # be sure to pass the original host header proxy_set_header Host $http_host; # Vouch Proxy only acts on the request headers proxy_pass_request_body off; proxy_set_header Content-Length ""; # optionally add X-Vouch-User as returned by Vouch Proxy along with the request auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user; # these return values are used by the @error401 call auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt; auth_request_set $auth_resp_err $upstream_http_x_vouch_err; auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount; } # If the user is not logged in, redirect them to Vouch's login URL location @error401 { return 302 https://live.fic.srs.epita.fr/challenge_access/login?url=https://live.fic.srs.epita.fr$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err; } location /auth { proxy_pass http://auth:5556; } location /approval { proxy_pass http://auth:5556; } location /token { proxy_pass http://auth:5556; } location /keys { proxy_pass http://auth:5556; } location /userinfo { proxy_pass http://auth:5556; } location /static { proxy_pass http://auth:5556; } location /theme { proxy_pass http://auth:5556; } location /.well-known/openid-configuration { proxy_pass http://auth:5556; }