fix: protected by heimdall; infinite auth loop

metaploy/naarad.metaploy.conf

@@ -5,34 +5,31 @@ upstream naarad {
 server {
     server_name naarad.metakgp.org;
 
-    location /web {
+    location / {
         auth_request /auth;
         error_page 300 301 302 303 304 305 306 307 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 = @handle_auth;
 
         proxy_pass http://naarad;
-
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
 
-    location /auth {
+    location = /auth {
         internal;
-        proxy_pass https://heimdall-api.metakgp.org/validate-jwt;
-
+
+        proxy_pass http://heimdall_server/validate-jwt;
         proxy_set_header Cookie $http_cookie;
+
         proxy_set_header Host $host;
+        proxy_set_header Content-Length "";
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Original-URI $request_uri;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_pass_request_body off;
     }
 
     location @handle_auth {
         return 302 https://heimdall.metakgp.org/?redirect_url=https://$server_name$request_uri;
     }
-
-    location / {
-        proxy_pass http://naarad;
-
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
 }