added cloudflare http01 auth folder and redirect and some oauthproxy …

…configs to meddle with

include/oauthproxyheaders.conf

@@ -0,0 +1,29 @@
+# Forwards to authentication proxy
+auth_request /oauth2/auth;
+error_page 401 = /oauth2/sign_in;
+
+# pass information via X-User and X-Email headers to backend,
+# requires running with --set-xauthrequest flag
+auth_request_set $user   $upstream_http_x_auth_request_user; 
+auth_request_set $email  $upstream_http_x_auth_request_email;
+auth_request_set $token $upstream_http_x_auth_request_access_token;
+
+proxy_set_header X-Oauth-User  $user;
+proxy_set_header X-Oauth-Email $email;
+proxy_set_header X-Oauth-Access-Token $token;
+
+# if you enabled --cookie-refresh, this is needed for it to work with auth_request
+auth_request_set $auth_cookie $upstream_http_set_cookie;
+add_header Set-Cookie $auth_cookie;
+
+# Always send the real client IP to the back end
+proxy_set_header X-Forwarded-For $remote_addr;
+
+# Send TLS SNI to the back end server
+proxy_ssl_server_name on;
+
+# Websocket upgrading
+proxy_http_version 1.1;
+proxy_pass_request_headers on;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";

include/oauthproxylocations.conf

@@ -0,0 +1,16 @@
+# Do I really need these?
+underscores_in_headers on;
+ignore_invalid_headers off;
+
+location = /oauth2/auth {
+    internal;
+    proxy_pass http://127.0.0.1:4180;
+}
+
+location /oauth2/ {
+    proxy_pass http://127.0.0.1:4180;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Scheme $scheme;
+}
+

server/redirect80to443.conf

@@ -4,6 +4,13 @@ server {
     listen [::]:80 default_server;
     server_name _;
 
+    # Direct lets-encrypt requests to its directory
+    location /.well-known/acme-challenge {
+        default_type "text/plain";
+        access_log /var/log/nginx/access.log combin3d;
+        root /opt/nginx/acme;
+    }
+
     # Direct all other requests to HTTPS
     location / {
         access_log  off;