Updated conf

Author: iTraceur

conf/app.example.conf

@@ -1,33 +1,38 @@
+# Basic configuration
 appname = nginx-http-auth
+httpaddr = 127.0.0.1
 httpport = 8080
-runmode = dev
+runmode = dev  # Use "prod" for production environment or "test" for test environment
 
-# Session
-sessionon = true
+# Session configuration
 sessionname = SessionID
 sessiongcmaxlifetime = 86400
 sessioncookielifetime = 86400
 sessionprovider = redis
 sessionproviderconfig = "127.0.0.1:6379"
 
 
-# XSRF
-enablexsrf = true
+# XSRF configuration
 xsrfkey = 4b6774f328ee1a2f24fcb62842fc0cfc
 xsrfexpire = 86400
 
-
+# User authentication login interface
 authAPI = http://127.0.0.1:5000/api/login
+
+# The users who can access control API
 controlUsers = admin;iTraceur;zhaowencheng
 
+# Client IP control configuration
 [ipControl]
-deny =
 direct = 127.0.0.1;192.168.1.5
+deny =
 
+# Time range control configuration
 [timeControl]
-deny =
 direct =
+deny = 00:00-08:00;21:00-23:59
 
+# User control configuration
 [userControl]
-deny = test;
 allow =
+deny = test;demo

conf/nginx.conf

@@ -0,0 +1,67 @@
+proxy_cache_path cache/  keys_zone=auth_cache:10m;
+proxy_headers_hash_max_size 512;
+proxy_headers_hash_bucket_size 128;
+
+upstream protected-backend {
+    server 127.0.0.1:8000;
+}
+
+upstream auth-backend {
+    server 127.0.0.1:8080;
+}
+
+server {
+    listen 80;
+
+    location / {
+        auth_request /auth-proxy;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+
+        error_page 401 =200 @error401;
+
+        proxy_pass http://protected-backend;
+    }
+
+    location @error401 {
+        return 302  /passport/login?target=$request_uri;
+    }
+
+    location = /auth-proxy {
+        internal;
+
+        proxy_pass http://auth-backend/auth-proxy;
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+        proxy_set_header X-CookieName "SessionID";
+        proxy_set_header Cookie SessionID=$cookie_SessionID;
+
+        proxy_cache auth_cache;
+        proxy_cache_valid 200 10m;
+        proxy_cache_key "$http_authorization$cookie_SessionID";
+    }
+
+    location /passport/login {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+        proxy_pass http://auth-backend/passport/login;
+    }
+
+    location /passport/logout {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+        proxy_pass http://auth-backend/passport/logout;
+    }
+
+    location /captcha {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+        proxy_pass http://auth-backend/captcha;
+    }
+
+    location /static {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+        proxy_pass http://auth-backend/static;
+    }
+}