From 8caf2a1841503cb83906cc8e5894cb20dcac60bb Mon Sep 17 00:00:00 2001
From: Eric Nemchik <eric@nemchik.com>
Date: Tue, 25 Mar 2025 21:28:54 +0000
Subject: [PATCH] feat: :poop: proxy pass the full authelia auth request
 subpath

Signed-off-by: GitHub <noreply@github.com>
---
 .../nginx/authelia-location.conf.sample        |  1 -
 .../defaults/nginx/authelia-server.conf.sample | 18 +-----------------
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/root/defaults/nginx/authelia-location.conf.sample b/root/defaults/nginx/authelia-location.conf.sample
index 61df66b..f927a71 100644
--- a/root/defaults/nginx/authelia-location.conf.sample
+++ b/root/defaults/nginx/authelia-location.conf.sample
@@ -1,7 +1,6 @@
 ## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
-# Make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
 
 ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource
 auth_request /authelia/api/authz/auth-request;
diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample
index 0e654ee..d969a05 100644
--- a/root/defaults/nginx/authelia-server.conf.sample
+++ b/root/defaults/nginx/authelia-server.conf.sample
@@ -1,17 +1,6 @@
 ## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
-# Make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
-
-# location for authelia subfolder requests
-location ^~ /authelia {
-    auth_request off; # requests to this subfolder must be accessible without authentication
-
-    include /config/nginx/proxy.conf;
-    include /config/nginx/resolver.conf;
-    set $upstream_authelia authelia;
-    proxy_pass http://$upstream_authelia:9091;
-}
 
 # location for authelia auth requests
 location = /authelia/api/authz/auth-request {
@@ -20,7 +9,7 @@ location = /authelia/api/authz/auth-request {
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
-    proxy_pass http://$upstream_authelia:9091;
+    proxy_pass http://$upstream_authelia:9091/api/authz/auth-request;
 
     ## Include the Set-Cookie header if present
     auth_request_set $set_cookie $upstream_http_set_cookie;
@@ -44,11 +33,6 @@ location @authelia_proxy_signin {
     ## Translate the Location response header from the auth subrequest into a variable
     auth_request_set $signin_url $upstream_http_location;
 
-    if ($signin_url = '') {
-        ## Set the $signin_url variable
-        set $signin_url https://$http_host/authelia/?rd=$target_url;
-    }
-
     ## Redirect to login
     return 302 $signin_url;
 }