nginx.conf

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name secure.example.com;

    large_client_header_buffers 4 32k;
    
    root /usr/share/nginx/html;

    location / {
        auth_request /is_authed;
        auth_request_set $auth_status $upstream_status;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_intercept_errors on;
        error_page 401 = @RedirectToAuth;
    }

    location /auth {
        proxy_pass https://localhost:7161;

        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
        
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location = /is_authed {
        internal;
        proxy_pass https://localhost:7161;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Original-URI $request_uri;

        proxy_intercept_errors on;
        error_page 302 = @Unauthroized;
    }

    location @RedirectToAuth {
        return 302 /auth/login;
    }

    location @Unauthroized {
        return 401;
    }
}