I have a simple static website that I'd like to serve with Nginx. I'd like to authenticate users via SSO with a simple Flask authenticator served with uwsgi. The usual nginx auth methods seem to not fit this kind of workflow.
My current location config is as follows:
location / {
root nginx-app;
index index.html index.htm;
try_files $uri @flask;
}
location @flask{
include uwsgi_params;
uwsgi_pass unix:/var/socket/app.socket;
}
location @staticapp{
auth_request /authorized;
root static-app;
}
'/' serves a few static assets, then sends users to @flask to make sure they're logged in.
@flask/ redirects to a third party SSO login site, which redirects to @flask/sso. The flask app gets some info from this, then redirects to '/', where I my static app to be mounted. @flask/authorized returns 200 if a user is logged in and a 400 otherwise.
try_files has a limitation of only allowing one named location. Using X-Sendfile or the like, I can't seem to mount the static app at '/', only at different locations. How can I 'redirect' to @staticapp and have it mounted at '/'?
Is there a workaround to mount my static app at '/' and only allow it to be accessed after an authentication call? Is there a better way to organize this config?
question from:https://stackoverflow.com/questions/65911104/nginx-config-for-static-website-with-simple-flask-authentication