# nginx -p . -c nginx.conf

pid /tmp/nginx.example.pid;

daemon off;

events {
  worker_connections 5;
}

http {
  access_log /dev/stdout;
  error_log /dev/stderr;

  server {
    server_name localhost;

    location /auth {
        rewrite    /auth/(.+) /$1 break;
        proxy_pass http://127.0.0.1:8080; # This is the TOTP Server
        proxy_set_header X-Totp-Secret baadf00d;
        proxy_set_header X-Totp-Secret deadc0de;
    }

    # This ensures that if the TOTP server returns 401 we redirect to login
    error_page 401 = @error401;
    location @error401 {
      return 302 /auth/login$request_uri;
    }

    location / {
      auth_request /auth/check;
    }
  }
}