server {
listen 443 default_server;
server_name portal.actcur.com;
resolver {{resolver}};
set $certbot "https://salt.actcur.com";
ssl on;
ssl_certificate /etc/nginx/certs/portal.actcur.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/portal.actcur.com/privkey.pem;
ssl_session_cache shared:SSL:10m;
location /.well-known/acme-challenge/ {
proxy_pass $certbot;
proxy_set_header Host $host;
}
location /auth_verify {
internal;
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header Content-Length "";
proxy_pass https://authelia.actcur.com/verify;
}
location /unauthenticated.php {
try_files $uri $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
index index.php;
root /srv/http/portal/public;
}
location /authenticated.php {
auth_request /auth_verify;
error_page 401 =302 https://portal.actcur.com/unauthenticated.php;
try_files $uri $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
index index.php;
root /srv/http/portal/public;
}
location / {
return 301 https://portal.actcur.com/authenticated.php;
}
error_log /var/log/nginx/portal_error.log;
access_log /var/log/nginx/portal_access.log;
}
server {
listen 80 default_server;
server_name portal.actcur.com;
resolver {{resolver}};
set $certbot "http://salt.actcur.com";
location /.well-known/acme-challenge/ {
proxy_pass $certbot;
proxy_set_header Host $host;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
error_log /var/log/nginx/portal_error.log;
access_log /var/log/nginx/portal_access.log;
}