fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the bare auth path with a static login page that calls auth_url directly; OIDC callbacks still proxy to the OpenBao UI.
This commit is contained in:
@@ -26,6 +26,13 @@ http {
|
||||
add_header Cache-Control "public, max-age=300";
|
||||
}
|
||||
|
||||
# Standalone KeyCape login page — bypasses Ember auth route and ?with= bounce.
|
||||
location = /ui/vault/auth {
|
||||
alias /etc/nginx/overlay/login.html;
|
||||
default_type text/html;
|
||||
add_header Cache-Control "no-store";
|
||||
}
|
||||
|
||||
# Static UI bundles and API calls bypass HTML injection and stay compressed.
|
||||
location ~ ^/(v1|ui/assets|ui/engines-dist|ui/favicon\.svg) {
|
||||
proxy_pass http://openbao_upstream;
|
||||
|
||||
Reference in New Issue
Block a user