docker-swag/root/defaults/nginx/authentik-server.conf.sample

49 lines
1.7 KiB
Plaintext
Raw Normal View History

## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
2023-02-05 13:05:18 -05:00
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
2023-03-28 20:32:47 -04:00
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
2023-02-05 13:05:18 -05:00
2023-02-08 14:25:36 -05:00
# location for authentik subfolder requests
location ^~ /outpost.goauthentik.io {
auth_request off; # requests to this subfolder must be accessible without authentication
2023-02-08 14:25:36 -05:00
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000;
2023-04-27 16:53:07 -04:00
}
# location for authentik auth requests
location = /outpost.goauthentik.io/auth/nginx {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000;
2023-02-05 13:05:18 -05:00
## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
2023-02-05 13:05:18 -05:00
proxy_pass_request_body off;
proxy_set_header Content-Length "";
2023-02-05 13:05:18 -05:00
}
2023-04-27 16:53:07 -04:00
# virtual location for authentik 401 redirects
location @goauthentik_proxy_signin {
2023-02-05 13:05:18 -05:00
internal;
## Include the Set-Cookie header if present
auth_request_set $set_cookie $upstream_http_set_cookie;
2023-02-05 13:05:18 -05:00
add_header Set-Cookie $set_cookie;
## Set the $target_url variable based on the original request
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Set the $signin_url variable
set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url;
## Redirect to login
return 302 $signin_url;
2023-02-05 13:05:18 -05:00
}