upstream protected {
	server 127.0.0.1:10000;
}
server {
	listen 8080;
	location / {
		auth_request /auth;
		set $original_full_url $scheme://$host$request_uri;
		error_page 401 =200 /login;
		proxy_set_header X-Original-URI $scheme://$host$request_uri;
		proxy_pass http://protected/;
	}
	location = /auth {
		internal;
		proxy_pass http://localhost:3000/auth;
		proxy_pass_request_body off;
		proxy_set_header Content-Length "";
		proxy_set_header X-Original-URI $request_uri; #可用来控制权限
		proxy_set_header X-Original-Remote-Addr $remote_addr;
		proxy_set_header X-Original-Host $host;
	}
	location /login {
		proxy_pass http://localhost:3000/login;
		proxy_set_header X-Original-Remote-Addr $remote_addr;
		proxy_set_header X-Original-Host $host;
		proxy_set_header X-Original-URI $original_full_url;
	}
}