linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-11-01 21:47:43 +09:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Adjustments to bring it closer to authentik docs

Browse Source
This commit is contained in:
Eric Nemchik
2023-02-05 16:50:45 -06:00
parent 3ef896e611
commit 01c28da51e
2 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
root/defaults/nginx/authentik-location.conf.sample
View File

@@ -3,6 +3,8 @@
## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource. ## Send a subrequest to Authentik to verify if the user is authenticated and has permission to access the resource.
auth_request /outpost.goauthentik.io/auth/nginx; auth_request /outpost.goauthentik.io/auth/nginx;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @goauthentik_proxy_signin;
## Save the upstream metadata response headers from Authentik to variables. ## Save the upstream metadata response headers from Authentik to variables.
auth_request_set $authentik_username $upstream_http_x_authentik_username; auth_request_set $authentik_username $upstream_http_x_authentik_username;
@@ -18,5 +20,6 @@ proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid; proxy_set_header X-authentik-uid $authentik_uid;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal. ## Include the Set-Cookie header if present.
error_page 401 = @authentik_auth_request; auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

23
root/defaults/nginx/authentik-server.conf.sample
View File

@@ -8,20 +8,16 @@ location /outpost.goauthentik.io {
set $upstream_authentik authentik-server; set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io; proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io;
## Headers proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host; # overwrite header from proxy.conf to not include $server_port proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header Content-Length ""; add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
## Basic Proxy Configuration
proxy_pass_request_body off; proxy_pass_request_body off;
client_body_buffer_size 128k; proxy_set_header Content-Length "";
## Advanced Proxy Configuration
send_timeout 5m;
} }
# Virtual location for authentik 401 redirects # Virtual location for authentik 401 redirects
location @authentik_401_redirect { location @goauthentik_proxy_signin {
internal; internal;
## Set the $target_url variable based on the original request. ## Set the $target_url variable based on the original request.
@@ -31,16 +27,13 @@ location @authentik_401_redirect {
auth_request_set $set_cookie $upstream_http_set_cookie; auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie; add_header Set-Cookie $set_cookie;
## Set $authentik_backend to route requests to the current domain by default
set $authentik_backend $http_host;
## In order for Webauthn to work with multiple domains authentik must operate on a separate subdomain ## In order for Webauthn to work with multiple domains authentik must operate on a separate subdomain
## To use authentik on a separate subdomain: ## To use authentik on a separate subdomain:
## * comment the $authentik_backend line above
## * rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf ## * rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
## * make sure that your dns has a cname set for authentik ## * make sure that your dns has a cname set for authentik
## * uncomment the $authentik_backend line below and change example.com to your domain ## * modify the $authentik_backend line below to set example.com to your domain
## * restart the swag container ## * restart the swag container
#set $authentik_backend authentik.example.com; set $authentik_backend authentik.example.com;
return 302 https://$authentik_backend/authentik/?rd=$target_url; return 302 https://$authentik_backend/authentik/?rd=$target_url;
} }