alertmanager vouch-proxy
The snippet can be accessed without any authentication.
Authored by
Leona
Edited
env 61 B
nginx.txt 1.69 KiB
server {
listen 0.0.0.0:443 http2 ssl ;
listen [::0]:443 http2 ssl ;
server_name alertmanager.leona.is;
location / {
proxy_pass http://127.0.0.1:9093/;
auth_request /_vouch/validate;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location /_vouch {
proxy_pass http://127.0.0.1:12301;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# these return values are used by the @error401 call
auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location @error401 {
return 302 https://alertmanager.leona.is/_vouch/login?url=https://$host$request_uri&vouch-failcount=$auth_resp_failcount
&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
}
error_page 401 = @error401;
} vouch-proxy-config.yaml 617 B
Please register or sign in to comment