From 95de7f5f4acd2cf3011ebbf9b2368b7f4caa58d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Tue, 6 Feb 2018 17:31:27 +0100
Subject: [PATCH] first try

---
 .s2i/bin/assemble     | 11 +++++++++--
 conf.d/sso-proxy.conf | 24 ++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 conf.d/sso-proxy.conf

diff --git a/.s2i/bin/assemble b/.s2i/bin/assemble
index cb0bc67..1e890e3 100755
--- a/.s2i/bin/assemble
+++ b/.s2i/bin/assemble
@@ -1,6 +1,13 @@
 #!/bin/sh
 
-echo "I'm here !!!"
+# Exit immediately if command returns non-zero status code
+set -e
 
-exec $STI_SCRIPTS_PATH/assemble
+echo "Install nginx configuration files..."
+cp conf.d/sso-proxy.conf $NGINX_CONFIGURATION_PATH/
+
+echo "Creating empty dirs to hold serving certs and trusted CAs..."
+mkdir -p $APP_ROOT/etc/serving-cert/ $APP_ROOT/etc/ca-certs/
+
+exit 0
 
diff --git a/conf.d/sso-proxy.conf b/conf.d/sso-proxy.conf
new file mode 100644
index 0000000..b5946a0
--- /dev/null
+++ b/conf.d/sso-proxy.conf
@@ -0,0 +1,24 @@
+env PROXY_ROUTE_HOSTNAME;
+env APP_ROOT;
+env RESOLVER;
+env SSO_SERVICE_HOSTNAME;
+
+resolver ${RESOLVER} ipv6=off;
+
+server {
+    listen 8443 ssl;
+    server_name ${PROXY_ROUTE_HOSTNAME};
+
+    ssl on;
+    ssl_certificate ${APP_ROOT}/etc/serving-cert/tls.crt;
+    ssl_certificate_key ${APP_ROOT}/etc/serving-cert/tls.key;
+
+    location / {
+        proxy_pass http://${SSO_SERVICE_HOSTNAME};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+