linuxserver/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-10-26 02:33:50 +09:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

add tinyauth

Browse Source
This commit is contained in:
jlssmt
2025-06-07 16:32:25 +02:00
parent 35deb8f654
commit 0d952bcee1
4 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.idea
.jenkins-external

9
root/defaults/nginx/tinyauth-location.conf.sample Normal file
View File

@@ -0,0 +1,9 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login;

35
root/defaults/nginx/tinyauth-server.conf.sample Normal file
View File

@@ -0,0 +1,35 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
# location for tinyauth auth requests
location /tinyauth {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_tinyauth tinyauth;
proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;
proxy_set_header x-forwarded-proto $scheme;
proxy_set_header x-forwarded-host $http_host;
proxy_set_header x-forwarded-uri $request_uri;
}
# virtual location for tinyauth 401 redirects
location @tinyauth_login {
internal;
## Set the $target_url variable based on the original request
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Set the $signin_url variable
set $domain $host;
if ($host ~* "^[^.]+\.([^.]+\..+)$") {
set $domain $1;
}
set $signin_url https://tinyauth.$domain/login?redirect_uri=$target_url;
## Redirect to login
return 302 $signin_url;
}

8
root/etc/s6-overlay/s6-rc.d/init-swag-config/run
View File

@@ -22,6 +22,14 @@ if [[ ! -f /config/nginx/authentik-server.conf ]]; then
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
fi
# copy tinyauth config files if they don't exist
if [[ ! -f /config/nginx/tinyauth-location.conf ]]; then
cp /defaults/nginx/tinyauth-location.conf.sample /config/nginx/tinyauth-location.conf
fi
if [[ ! -f /config/nginx/tinyauth-server.conf ]]; then
cp /defaults/nginx/tinyauth-server.conf.sample /config/nginx/tinyauth-server.conf
fi
# copy old ldap config file to new location
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf