summaryrefslogtreecommitdiff
path: root/topics/authentication
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-03-04 07:16:22 +0300
committerFrederick Muriuki Muriithi2024-03-04 07:16:22 +0300
commit7bf58b4168ea930d989d56a24fe8ee920a1d447a (patch)
tree4239675c4d855046177c130911e0b98b793aba45 /topics/authentication
parent0f9522dccf197b9e6a94ee5e77636e227038185c (diff)
downloadgn-gemtext-7bf58b4168ea930d989d56a24fe8ee920a1d447a.tar.gz
Add section on Web-Server configs for gn-auth.
Diffstat (limited to 'topics/authentication')
-rw-r--r--topics/authentication/deploying-gn-auth.gmi45
1 files changed, 45 insertions, 0 deletions
diff --git a/topics/authentication/deploying-gn-auth.gmi b/topics/authentication/deploying-gn-auth.gmi
index c92d06e..412e9ca 100644
--- a/topics/authentication/deploying-gn-auth.gmi
+++ b/topics/authentication/deploying-gn-auth.gmi
@@ -125,3 +125,48 @@ That should copy the file retaining the original permissions.
```
$ sudo systemctl start genenetwork-container.service
```
+
+
+## Web Server Configurations
+
+For any/all clients that might be served by the webserver via proxy, and that need to use the authorisation server, we need to pass the host and scheme to the proxied application. This
+
+### Nginx
+
+The "location" configuration needs to have the following:
+
+```
+location … {
+ ︙
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ ︙
+}
+```
+
+We have "proxy_set_header Host $host;" in order to ensure the URIs are built correctly in the proxied app, and do not end up as "http://localhost:<port>/…" or "http://127.0.0.1:<port>/…".
+
+The "proxy_set_header X-Forwarded-Proto $scheme;" setting ensures the URIs in the proxied application are built with the HTTPS scheme when the server URI (what the user sees, e.g. https://cd.genenetwork.org/) is served via HTTPS.
+
+See
+
+=> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header proxy_set_header
+
+### Apache2
+
+The "location" configuration will have to have the following:
+
+```
+<Location …>
+ ︙
+ ProxyPreserveHost On
+ RequestHeader setifempty X-Forwarded-Proto "https"
+ ︙
+</Location>
+```
+
+They do the same task as those in Nginx above.
+
+See
+=> https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost ProxyPreserveHost
+=> https://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader RequestHeader