search

bitly / oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider
MIT License
5.1k stars 1.21k forks source link

Multiple upstreams without subdomains #253

Open DevSecNinja opened 8 years ago

DevSecNinja commented 8 years ago

Hello,

I have oauth2_proxy working with one upstream, which is great. I was wondering if it's possible to use multiple upstreams like http://server.com/app1 and http://server.com/app2 instead of using subdomains like http://app1.server.com and http://app2.server.com? All the issues and help files are using subdomains. I'm using Azure AD as a provider.

My Nginx config file would be something like this:

       location /app1 {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
        }

        location /app2 {
        proxy_pass http://127.0.0.1:4180;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_connect_timeout 1;
        proxy_send_timeout 30;
        proxy_read_timeout 30;
        }

But as far as I know, I'm unable to redirect those locations to different hosts or ports in the oauth2_proxy config file, right?

Thank you.

r3m0t commented 7 years ago

Why not run two instances of oauth2_proxy listening on different ports, with different settings?

rmoriz commented 7 years ago

@r3m0t because then you will usually have to register n-applications with the provider because of the hard-coded callback domains (think of github).

ploxiln commented 7 years ago

The way to do this is to have the requests hit oauth2_proxy first, then be proxied to nginx, then from there nginx can proxy to any other applications with any transformation you need. Or, you can use nginx auth_request method.