clarify reference URLs

auth-oidc-proxy/nginx/origin-template.conf

@@ -1,20 +1,20 @@
 server {
 
     listen 8080;
-    server_name ${ORIGIN_APP_FQDN};
+    server_name ${PROXY_APP_FQDN};
     root         /opt/app-root/src;
 
-    location / {        
+    location / {
         auth_request /auth;
         error_page 401 = /auth/login;
-        
+
         proxy_pass http://${ORIGIN_APP_NAME}.${CE_SUBDOMAIN}.svc.cluster.local;
         proxy_set_header Host ${ORIGIN_APP_NAME}.${CE_SUBDOMAIN}.svc.cluster.local;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Auth-Request-Redirect $request_uri;
         proxy_pass_request_headers      on;
-        
+
         # WebSocket support
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
@@ -29,7 +29,7 @@ server {
         proxy_set_header        Content-Length "";
         proxy_set_header        X-Original-URI $request_uri;
         proxy_pass_request_headers      on;
-        
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;

auth-oidc-proxy/nginx/start-nginx

@@ -5,7 +5,7 @@ set -e
 # Replace all "CE_SUBDOMAIN" in the config file with the Code Engine subdomain (k8s ns)
 # see: https://www.baeldung.com/linux/nginx-config-environment-variables
 echo "Performing environment variable substitutions ..."
-envsubst '\$ORIGIN_APP_FQDN \$ORIGIN_APP_NAME \$AUTH_APP_NAME \$CE_SUBDOMAIN' < /tmp/origin-template.conf > /opt/app-root/etc/nginx.d/origin.conf
+envsubst '\$PROXY_APP_FQDN \$ORIGIN_APP_NAME \$AUTH_APP_NAME \$CE_SUBDOMAIN' < /tmp/origin-template.conf > /opt/app-root/etc/nginx.d/origin.conf
 
 echo "Starting NGINX with the following config file '${NGINX_CONF_PATH}'"
 cat ${NGINX_CONF_PATH}

auth-oidc-proxy/run

@@ -70,7 +70,7 @@ function clean() {
     fi
 
     ibmcloud resource group-delete $RESOURCE_GROUP_NAME --force 2>/dev/null
-    
+
     echo "Done!"
 }
 
@@ -79,7 +79,7 @@ function abortScript() {
     if [[ "${CLEANUP_ON_ERROR}" == true ]]; then
         clean
     else
-        print_msg "\nSkipping deletion of the created IBM Cloud resources." 
+        print_msg "\nSkipping deletion of the created IBM Cloud resources."
         echo "$ ibmcloud resource service-instances --type all -g $RESOURCE_GROUP_NAME"
         ibmcloud resource service-instances --type all -g $RESOURCE_GROUP_NAME
     fi
@@ -158,13 +158,14 @@ if ! ibmcloud ce app get --name $CE_APP_ORIGIN >/dev/null 2>&1; then
         print_error "Code Engine origin app create/update failed!"
         abortScript
     fi
-else 
+else
     echo "Done!"
 fi
 
 ROOT_DOMAIN=.${CE_PROJECT_NAMESPACE}.${CE_PROJECT_DOMAIN}
 FQDN_ORIGIN_APP=${CE_APP_ORIGIN}${ROOT_DOMAIN}
 URL_ORIGIN_APP=https://${FQDN_ORIGIN_APP}
+USER_ACCESS_URL=${URL_ORIGIN_APP}
 
 # ================================================
 # OPTIONAL: Configuring Authn and Authz
@@ -194,8 +195,9 @@ else
     echo "Yes! Setting up the authentication and the proxy apps"
 
     URL_AUTH_APP=https://${CE_APP_AUTH}${ROOT_DOMAIN}
-    FQDN_ORIGIN_APP=${CE_APP_PROXY}${ROOT_DOMAIN}
-    URL_ORIGIN_APP=https://${FQDN_ORIGIN_APP}
+    FQDN_PROXY_APP=${CE_APP_PROXY}${ROOT_DOMAIN}
+    URL_PROXY_APP=https://${FQDN_PROXY_APP}
+    USER_ACCESS_URL=${URL_PROXY_APP}
 
     authapp_op_create_or_update=update
     if ! ibmcloud ce app get --name $CE_APP_AUTH >/dev/null 2>&1; then
@@ -216,7 +218,7 @@ else
         --port 8080 \
         --env-from-secret $CE_SECRET_AUTH \
         --env COOKIE_DOMAIN="$ROOT_DOMAIN" \
-        --env REDIRECT_URL="$URL_ORIGIN_APP" \
+        --env REDIRECT_URL="$URL_PROXY_APP" \
         --env OIDC_REDIRECT_URL="${URL_AUTH_APP}/auth/callback"
     if [ $? -ne 0 ]; then
         print_error "Code Engine auth app create/update failed!"
@@ -238,7 +240,7 @@ else
         --cpu 1 \
         --memory 2G \
         --scale-down-delay 600 \
-        --env ORIGIN_APP_FQDN=$FQDN_ORIGIN_APP \
+        --env PROXY_APP_FQDN=$FQDN_PROXY_APP \
         --env ORIGIN_APP_NAME=$CE_APP_ORIGIN \
         --env AUTH_APP_NAME=$CE_APP_AUTH \
         --port 8080
@@ -260,9 +262,9 @@ ibmcloud ce app list
 if [[ "${CLEANUP_ON_SUCCESS}" == true ]]; then
     print_msg "\nCleaning up the created IBM Cloud resources ..."
     clean
-else    
+else
     print_msg "\nFollowing commands can be used to further play around with the sample setup:"
-    echo "1. Open the browser and type '$URL_ORIGIN_APP' to access the origin app"
+    echo "1. Open the browser and type '$USER_ACCESS_URL' to access the origin app"
     echo "2. Tear down the sample setup: './run clean'"
 fi