-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathnginx.conf
More file actions
71 lines (59 loc) · 1.91 KB
/
nginx.conf
File metadata and controls
71 lines (59 loc) · 1.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
worker_processes 1;
include modules/*.conf;
events {
worker_connections 1024;
}
http {
limit_req_zone $jwt_email zone=one:10m rate=1r/s;
limit_req_status 429;
limit_req_log_level error;
log_format mylog '$remote_addr - "$request"\tStatus: $status JWT-Subject: $jwt_sub JWT-Email: $jwt_email RateLimit: $limit_req_status';
access_log /dev/stdout mylog;
server {
listen 8888;
server_name localhost;
set $jwt_sub "";
set $jwt_email "";
location /public {
default_type application/json;
return 200 '{"message": "Hello, World!"}';
}
location /private {
access_by_lua_block {
local libjwt = require("resty.libjwt")
libjwt.validate({
jwks_files = {"/usr/share/tokens/jwks.json"},
extract_claims = {"sub", "email"},
})
}
echo 'private';
}
location /private_validate_claims {
access_by_lua_block {
local libjwt = require("resty.libjwt")
libjwt.validate({
jwks_files = {"/usr/share/tokens/jwks.json"},
extract_claims = {"sub", "email"},
validate_claims = {
name = {exact = "tsuru"},
},
})
}
echo 'private';
}
location /private_limited {
limit_req zone=one burst=1 nodelay;
rewrite_by_lua_block {
local libjwt = require("resty.libjwt")
libjwt.validate({
jwks_files = {"/usr/share/tokens/jwks.json"},
extract_claims = {"sub", "email"},
})
}
echo 'private+rate-limited';
}
location /ratelimit-api {
limit_req_rw_handler;
}
}
}