From 07996fbbcc4f6cc3ac4a6c266061bdec930a7200 Mon Sep 17 00:00:00 2001 From: Thatsaphorn Atchariyaphap Date: Sat, 14 Jun 2025 09:06:37 +0200 Subject: [PATCH] Update `nginx.conf` to add `/logout` route with session termination and Keycloak logout, and remove unnecessary URL redirection logic. --- nginx.conf | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/nginx.conf b/nginx.conf index f4ad3b8..d8b36ef 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,7 @@ worker_processes 1; env KEYCLOAK_CLIENT_SECRET; +env KEYCLOAK_LOGOUT_URL; events { worker_connections 1024; @@ -23,11 +24,6 @@ http { server { listen 80; - # Automatically redirect URLs missing trailing slash (but not files like .js, .css, etc.) - #if ($request_uri ~ ^([^.\?\#]*[^/])$) { - # return 301 $request_uri/; - # } - # Public route: /auth selection page, no login required location /auth { proxy_pass http://main-website:3000; @@ -37,11 +33,29 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } + # Used by OpenID redirect after login location = /redirect_uri { access_by_lua_file /usr/local/openresty/nginx/conf/auth.lua; } - # Protected root route (main site) + # Full logout: clears local session and redirects to Keycloak logout + location = /logout { + access_by_lua_block { + local session = require("resty.session").start() + session:destroy() + + local logout_url = os.getenv("KEYCLOAK_LOGOUT_URL") + if not logout_url then + ngx.status = 500 + ngx.say("KEYCLOAK_LOGOUT_URL environment variable not set") + return + end + + return ngx.redirect(logout_url) + } + } + + # Protected main site location / { access_by_lua_file /usr/local/openresty/nginx/conf/auth.lua; @@ -52,7 +66,7 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } - # Protected demo route + # Protected demo route (example) location /lawfirm/demo1/ { access_by_lua_file /usr/local/openresty/nginx/conf/auth.lua; @@ -67,4 +81,4 @@ http { # Add more locations as needed for other demos } -} +} \ No newline at end of file