mirrors/docker-registry-ui
1
0
Fork 0
mirror of https://github.com/Joxit/docker-registry-ui.git synced 2025-04-26 15:09:53 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs(token-auth-keycloak): update nginx configuration (#303)

Browse source
This commit is contained in:
Joxit 2023-05-08 14:42:32 +02:00
parent a77103a2d4
commit ba322e076f
No known key found for this signature in database
GPG key ID: F526592B8E012263
2 changed files with 31 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
examples/token-auth-keycloak/README.md
View file

@ -32,8 +32,23 @@ I will highlight required configuration for Basic Access Authentication Protocol
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}
# By default, keycloak returns 400 instead of 401, we need to change that
if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401;
}

17
examples/token-auth-keycloak/conf/proxy/nginx.conf
View file

@ -7,7 +7,6 @@ server {
set $registry "http://registry:5000";
set $ui "http://ui";
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
@ -44,7 +43,22 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}
if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401;
}
@ -52,6 +66,7 @@ server {
}
location /ui {
rewrite ^/ui/(.*) /$1 break;
proxy_pass $ui;
}