webserver - Nginx Config for Static Website with Simple Flask Authentication

Question

I have a simple static website that I'd like to serve with Nginx. I'd like to authenticate users via SSO with a simple Flask authenticator served with uwsgi. The usual nginx auth methods seem to not fit this kind of workflow.

My current location config is as follows:

location / {
        root   nginx-app;
        index  index.html index.htm;
        try_files $uri @flask;
    }

    location @flask{
      include uwsgi_params;
      uwsgi_pass unix:/var/socket/app.socket;
    }

    location @staticapp{
      auth_request /authorized;
      root static-app;
    }

'/' serves a few static assets, then sends users to @flask to make sure they're logged in.

@flask/ redirects to a third party SSO login site, which redirects to @flask/sso. The flask app gets some info from this, then redirects to '/', where I my static app to be mounted. @flask/authorized returns 200 if a user is logged in and a 400 otherwise.

try_files has a limitation of only allowing one named location. Using X-Sendfile or the like, I can't seem to mount the static app at '/', only at different locations. How can I 'redirect' to @staticapp and have it mounted at '/'?

Is there a workaround to mount my static app at '/' and only allow it to be accessed after an authentication call? Is there a better way to organize this config?

question from:https://stackoverflow.com/questions/65911104/nginx-config-for-static-website-with-simple-flask-authentication

Answer 1

Sometimes it's not worth the time to fix 'annoyances'! Mounting the static app at /app as follows works fine. Would be nice to mount at /, but that's ok.

location / {
        root   nginx-app;
        index  index.html index.htm;
        try_files $uri @flask;
    }

    location @flask{
      include uwsgi_params;
      uwsgi_pass unix:/var/socket/app.socket;
    }

    location /app{
      auth_request /authorized;
      alias static-app;
    }