2023-02-09 19:19:50 -05:00
|
|
|
## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
2023-02-05 13:05:18 -05:00
|
|
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
2023-02-09 19:32:49 -05:00
|
|
|
# Rename /config/nginx/proxy-confs/authentik.conf.sample to /config/nginx/proxy-confs/authentik.conf
|
2023-02-05 13:05:18 -05:00
|
|
|
|
2023-02-08 14:25:36 -05:00
|
|
|
# location for authentik subfolder requests
|
|
|
|
location ^~ /outpost.goauthentik.io {
|
2023-02-09 19:19:50 -05:00
|
|
|
auth_request off; # requests to this subfolder must be accessible without authentication
|
2023-02-08 14:25:36 -05:00
|
|
|
include /config/nginx/proxy.conf;
|
|
|
|
include /config/nginx/resolver.conf;
|
|
|
|
set $upstream_authentik authentik-server;
|
|
|
|
proxy_pass http://$upstream_authentik:9000;
|
|
|
|
}
|
|
|
|
|
2023-02-05 13:05:18 -05:00
|
|
|
# location for authentik auth requests
|
2023-02-08 14:25:36 -05:00
|
|
|
location = /outpost.goauthentik.io/auth/nginx {
|
|
|
|
internal;
|
|
|
|
|
|
|
|
include /config/nginx/proxy.conf;
|
2023-02-05 13:05:18 -05:00
|
|
|
include /config/nginx/resolver.conf;
|
|
|
|
set $upstream_authentik authentik-server;
|
2023-02-08 14:25:36 -05:00
|
|
|
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
|
2023-02-05 13:05:18 -05:00
|
|
|
|
2023-02-09 19:32:49 -05:00
|
|
|
## Include the Set-Cookie header if present.
|
|
|
|
auth_request_set $set_cookie $upstream_http_set_cookie;
|
|
|
|
add_header Set-Cookie $set_cookie;
|
|
|
|
|
2023-02-05 13:05:18 -05:00
|
|
|
proxy_pass_request_body off;
|
2023-02-09 19:32:49 -05:00
|
|
|
proxy_set_header Content-Length "";
|
2023-02-05 13:05:18 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
# Virtual location for authentik 401 redirects
|
2023-02-05 17:50:45 -05:00
|
|
|
location @goauthentik_proxy_signin {
|
2023-02-05 13:05:18 -05:00
|
|
|
internal;
|
|
|
|
|
|
|
|
## Set the $target_url variable based on the original request.
|
|
|
|
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
|
|
|
|
|
|
|
## Include the Set-Cookie header if present.
|
|
|
|
auth_request_set $set_cookie $upstream_http_set_cookie;
|
|
|
|
add_header Set-Cookie $set_cookie;
|
|
|
|
|
2023-02-05 17:59:48 -05:00
|
|
|
## Set $authentik_backend to route requests to the current domain by default
|
|
|
|
set $authentik_backend $http_host;
|
2023-02-08 10:26:46 -05:00
|
|
|
return 302 https://$authentik_backend/outpost.goauthentik.io/start?rd=$target_url;
|
2023-02-05 13:05:18 -05:00
|
|
|
}
|