Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
640 views
in Technique[技术] by (71.8m points)

webserver - Nginx Config for Static Website with Simple Flask Authentication

I have a simple static website that I'd like to serve with Nginx. I'd like to authenticate users via SSO with a simple Flask authenticator served with uwsgi. The usual nginx auth methods seem to not fit this kind of workflow.

My current location config is as follows:

location / {
        root   nginx-app;
        index  index.html index.htm;
        try_files $uri @flask;
    }

    location @flask{
      include uwsgi_params;
      uwsgi_pass unix:/var/socket/app.socket;
    }

    location @staticapp{
      auth_request /authorized;
      root static-app;
    }

'/' serves a few static assets, then sends users to @flask to make sure they're logged in.

@flask/ redirects to a third party SSO login site, which redirects to @flask/sso. The flask app gets some info from this, then redirects to '/', where I my static app to be mounted. @flask/authorized returns 200 if a user is logged in and a 400 otherwise.

try_files has a limitation of only allowing one named location. Using X-Sendfile or the like, I can't seem to mount the static app at '/', only at different locations. How can I 'redirect' to @staticapp and have it mounted at '/'?

Is there a workaround to mount my static app at '/' and only allow it to be accessed after an authentication call? Is there a better way to organize this config?

question from:https://stackoverflow.com/questions/65911104/nginx-config-for-static-website-with-simple-flask-authentication

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Sometimes it's not worth the time to fix 'annoyances'! Mounting the static app at /app as follows works fine. Would be nice to mount at /, but that's ok.

location / {
        root   nginx-app;
        index  index.html index.htm;
        try_files $uri @flask;
    }

    location @flask{
      include uwsgi_params;
      uwsgi_pass unix:/var/socket/app.socket;
    }

    location /app{
      auth_request /authorized;
      alias static-app;
    }

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...