## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined

# location for authelia subfolder requests
location ^~ /authelia {
    auth_request off; # requests to this subfolder must be accessible without authentication
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authelia authelia;
    proxy_pass http://$upstream_authelia:9091;

    ## Include the Set-Cookie header if present
    add_header Set-Cookie $set_cookie;

    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}

# Virtual location for authelia 401 redirects
location @authelia_proxy_signin {
    internal;

    ## Include the Set-Cookie header if present
    add_header Set-Cookie $set_cookie;

    ## Set the $target_url variable based on the original request.
    set_escape_uri $target_url $scheme://$http_host$request_uri;

    ## Set $redirection_url if it is empty
    if ($redirection_url = false) {
        set $redirection_url https://$http_host/authelia/?rd=$target_url;
    }

    ## Redirect to login
    return 302 $redirection_url;
}