nginx

Paddy 2015-06-30 Parent:68478c1bddde

1:ac9c19126939 Go to Latest

nginx/nginx-jwt.lua

Make nginx kubernetes-ready. We had to update to use a ubuntu-based image to build nginx into, because (and I kid you not) alpine linux straight-up ignores your resolv.conf file, meaning any attempt to use it with kubernetes DNS is doomed to fail. Who thought this was a good idea? So we're using a bloated image instead. Oh well. We also are running a wrapper script instead of nginx directly, so we can inject the JWT_SECRET environment variable based on a kubernetes secret file. We define the secret file (using a placeholder secret, obvs) so that future-Paddy can remember what the hell it looks like, when he inevitably loses the file and needs to sin up a new cluster. Or whatever. Finally, we updated the token expiration error message to be in an errors array, as God (and our API conventions) intended.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/nginx-jwt.lua	Mon Jun 22 00:42:40 2015 -0400
     1.2 +++ b/nginx-jwt.lua	Tue Jun 30 00:27:03 2015 -0400
     1.3 @@ -58,7 +58,7 @@
     1.4              if jwt_obj.verified == false then
     1.5                  if string.find(jwt_obj.reason, "expired at") ~= nil then
     1.6                      ngx.status = ngx.HTTP_UNAUTHORIZED
     1.7 -		    ngx.say('{"error": "access_denied", "header": "authorization"}')
     1.8 +		    ngx.say('{"errors": [{"error": "access_denied", "header": "authorization"}]}')
     1.9                      return ngx.exit(ngx.HTTP_UNAUTHORIZED)
    1.10  		else
    1.11                      ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)