nginx.conf

server {
  listen 80;
  server_name oauth2-proxy.localhost;

  location / {
    auth_request /oauth2/auth;
    # If the auth_request denies the request (401), redirect to the sign_in page
    # and include the final rd URL back to the user's original request.
    error_page 401 =403 /oauth2/sign_in;

    # Alternatively send the request to `start` to skip the provider button
#     error_page 401 = /oauth2/start?rd=$scheme://$host$request_uri;

    root   /var/www/html/build;
    index index.html;

    location = /style.css {
      auth_request off;
    }
    location /fonts/ {
      auth_request off;
    }

    location ~* \.(?:woff2|woff|ttf)$ {
      auth_request off;
      add_header Cache-Control "max-age=31536000";
    }
  }

  # redirect server error pages to the static page /50x.html
  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   /usr/share/nginx/html;
  }

  location /oauth2/ {
    proxy_pass http://oauth2-proxy:4180;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
  }
  location = /oauth2/auth {
    internal;
    proxy_pass http://oauth2-proxy:4180;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Uri $request_uri;
    proxy_set_header Content-Length "";
    proxy_pass_request_body off;
  }

  location /mail-handler/ {
    auth_request /oauth2/auth;
    error_page 401 =403 /oauth2/sign_in;

    proxy_pass http://mail-handler:8000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;

    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;
  }
}