-
Notifications
You must be signed in to change notification settings - Fork 0
/
default
85 lines (75 loc) · 2.26 KB
/
default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# serve images
location /iiif/images/ {
# CORS for Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Headers" "Authorization";
return 200;
}
# goto digilib Scaler
rewrite ^/iiif/images/(.*) /digilib/Scaler/images/$1 last;
}
location /digilib/Scaler/ {
# require authentication for image requests
auth_request /auth/query_auth;
# use custom error handling
error_page 401 @image_401;
# proxy to digilib tomcat
proxy_pass http://digilib:8080;
}
# serve manifests
location /iiif/manifests/ {
# CORS for Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Headers" "Authorization";
return 200;
}
# goto digilib Manifester
rewrite ^/iiif/manifests/(.*) /digilib/Manifester/images/$1 last;
}
location /digilib/Manifester/ {
# require authentication for manifest requests
#auth_request /auth/query_auth;
#error_page 401 @manifest_401;
# proxy to digilib tomcat
proxy_pass http://digilib:8080;
}
# custom unautorized error handling for images
location @image_401 {
# return 401 with ACAO header and image.json content
add_header Access-Control-Allow-Origin "*" always;
root /var/www/;
try_files /iiif/authfiles/auth-image.json =403;
}
location @manifest_401 {
add_header Access-Control-Allow-Origin "*" always;
root /var/www/;
#try_files /iiif/authfiles/auth-manifest.json =403;
}
# auth service endpoint for proxy auth_request
location = /auth/query_auth {
include uwsgi_params;
uwsgi_pass auth:5000;
uwsgi_pass_request_body off;
# headers in uwsgi_param should be all uppercase!
uwsgi_param HTTP_ORIGINAL_URI $request_uri;
}
# other auth service pages (without auth request barrier)
location /auth {
auth_request off;
include uwsgi_params;
uwsgi_pass auth:5000;
uwsgi_pass_request_body on;
# headers in uwsgi_param should be all uppercase!
uwsgi_param HTTP_ORIGINAL_URI $request_uri;
}
# no auth for letsencrypt certbot
location /.well-known {
auth_request off;
}
# no auth for favicon requests
location = /favicon.ico {
auth_request off;
try_files $uri =404;
}