From 6e9f8e4c2951e84a4ce8da2d46b0ec0b691b1e30 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 2 May 2021 20:44:16 +0300
Subject: [PATCH] Refactor snippet to proxy over HTTPS.

---
 snippets/ldap-auth.conf | 6 +-----
 snippets/proxy-ssl.conf | 5 +++++
 2 files changed, 6 insertions(+), 5 deletions(-)
 create mode 100644 snippets/proxy-ssl.conf

diff --git a/snippets/ldap-auth.conf b/snippets/ldap-auth.conf
index 14ae462..822c440 100644
--- a/snippets/ldap-auth.conf
+++ b/snippets/ldap-auth.conf
@@ -3,11 +3,7 @@ auth_request    /validate;
 location = /validate {
   proxy_pass                        https://auth.shore.co.il/validate;
   proxy_http_version                1.1;
-  proxy_ssl_verify                  on;
-  proxy_ssl_verify_depth            3;
-  proxy_ssl_name                    auth.shore.co.il;
-  proxy_ssl_server_name             on;
-  proxy_ssl_trusted_certificate     /etc/ssl/certs/ca-certificates.crt;
+  include                           snippets/proxy-ssl.conf;
   internal;
   proxy_pass_request_body           off;
   proxy_set_header Content-Length   "";
diff --git a/snippets/proxy-ssl.conf b/snippets/proxy-ssl.conf
new file mode 100644
index 0000000..b83886a
--- /dev/null
+++ b/snippets/proxy-ssl.conf
@@ -0,0 +1,5 @@
+proxy_ssl_verify                  on;
+proxy_ssl_verify_depth            3;
+proxy_ssl_name                    auth.shore.co.il;
+proxy_ssl_server_name             on;
+proxy_ssl_trusted_certificate     /etc/ssl/certs/ca-certificates.crt;
-- 
GitLab