Improve the Nginx auth_request example (#2278)

* The `X-Forwarded-Uri` was required to bypass authentication

- Fix the `skip_auth_routes` option not working in Nginx

* Add tests for allowed requests with proxied `X-Forwarded-Uri` header

* Avoid nginx startup failure: host not found in upstream "oauth2-proxy"

* The `--reverse-proxy` option is required for nginx

* Update the change logs

* Use the authOnlyPath constant

* Remove the unused header `X-Scheme`

contrib/local-environment/docker-compose-nginx.yaml

@@ -31,6 +31,7 @@ services:
   nginx:
     container_name: nginx
     image: nginx:1.18
+    restart: unless-stopped
     ports:
       - 80:80/tcp
     hostname: nginx

contrib/local-environment/nginx.conf

@@ -38,6 +38,7 @@ server {
     # Make sure the OAuth2 Proxy knows where the original request came from.
     proxy_set_header Host       $host;
     proxy_set_header X-Real-IP  $remote_addr;
+    proxy_set_header X-Forwarded-Uri $request_uri;
 
     proxy_pass http://oauth2-proxy:4180/;
   }
@@ -78,6 +79,7 @@ server {
     # Make sure the OAuth2 Proxy knows where the original request came from.
     proxy_set_header Host       $host;
     proxy_set_header X-Real-IP  $remote_addr;
+    proxy_set_header X-Forwarded-Uri $request_uri;
 
     proxy_pass http://oauth2-proxy:4180/;
   }

contrib/local-environment/oauth2-proxy-nginx.cfg

@@ -10,3 +10,5 @@ cookie_secure="false"
 redirect_url="http://oauth2-proxy.oauth2-proxy.localhost/oauth2/callback"
 cookie_domains=".oauth2-proxy.localhost" # Required so cookie can be read on all subdomains.
 whitelist_domains=".oauth2-proxy.localhost" # Required to allow redirection back to original requested target.
+# Enables the use of `X-Forwarded-*` headers to determine request correctly
+reverse_proxy="true"