mirrors/docker-registry-ui
1
0
Fork 0
mirror of https://github.com/Joxit/docker-registry-ui.git synced 2025-04-27 15:39:54 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs(token-auth-keycloak): update nginx configuration (#303)

Browse source
This commit is contained in:
Joxit 2023-05-08 14:42:32 +02:00
parent a77103a2d4
commit ba322e076f
No known key found for this signature in database
GPG key ID: F526592B8E012263
2 changed files with 31 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
examples/token-auth-keycloak/README.md
View file

@ -32,8 +32,23 @@ I will highlight required configuration for Basic Access Authentication Protocol
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}
# By default, keycloak returns 400 instead of 401, we need to change that # By default, keycloak returns 400 instead of 401, we need to change that
if ($http_authorization = "") { if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always; add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401; return 401;
} }

17
examples/token-auth-keycloak/conf/proxy/nginx.conf
View file

@ -7,7 +7,6 @@ server {
set $registry "http://registry:5000"; set $registry "http://registry:5000";
set $ui "http://ui"; set $ui "http://ui";
#charset koi8-r; #charset koi8-r;
#access_log /var/log/nginx/host.access.log main; #access_log /var/log/nginx/host.access.log main;
@ -44,7 +43,22 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
if ($request_method = "OPTIONS") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header Content-Type "text/plain charset=UTF-8";
add_header Content-Length 0;
return 204;
}
if ($http_authorization = "") { if ($http_authorization = "") {
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "OPTIONS, GET" always;
add_header Access-Control-Allow-Headers "Content-Type, Accept, Authorization" always;
add_header Access-Control-Allow-Credentials true always;
add_header WWW-Authenticate 'Basic realm="Keycloak login"' always; add_header WWW-Authenticate 'Basic realm="Keycloak login"' always;
return 401; return 401;
} }
@ -52,6 +66,7 @@ server {
} }
location /ui { location /ui {
rewrite ^/ui/(.*) /$1 break;
proxy_pass $ui; proxy_pass $ui;
} }