docker-swag/root/defaults/nginx/authentik-server.conf.sample

## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf

# location for authentik subfolder requests
location ^~ /outpost.goauthentik.io {
    auth_request off; # requests to this subfolder must be accessible without authentication

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authentik authentik-server;
    proxy_pass http://$upstream_authentik:9000;
}

# location for authentik auth requests
location = /outpost.goauthentik.io/auth/nginx {
    internal;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_authentik authentik-server;
    proxy_pass http://$upstream_authentik:9000;

    ## Include the Set-Cookie header if present
    auth_request_set $set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $set_cookie;

    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
}

# virtual location for authentik 401 redirects
location @goauthentik_proxy_signin {
    internal;

    ## Include the Set-Cookie header if present
    auth_request_set $set_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $set_cookie;

    ## Set the $target_url variable based on the original request
    set_escape_uri $target_url $scheme://$http_host$request_uri;

    ## Set the $signin_url variable
    set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url;

    ## Redirect to login
    return 302 $signin_url;
}
Adjust auth confs to fix cookie header conflict 2023-04-27 18:48:27 +00:00			`## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample`
Unify auth config approach 2023-02-05 12:05:18 -06:00			`# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server`
Update authentik-server.conf.sample 2023-03-28 20:32:47 -04:00			`# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf`
Unify auth config approach 2023-02-05 12:05:18 -06:00
Update authentik-server.conf.sample 2023-02-08 13:25:36 -06:00			`# location for authentik subfolder requests`
			`location ^~ /outpost.goauthentik.io {`
Prevent auth_request on auth subfolder adjust dates and comments 2023-02-09 18:19:50 -06:00			`auth_request off; # requests to this subfolder must be accessible without authentication`
another authelia auth endpoint adjustment Signed-off-by: Eric Nemchik <eric@nemchik.com> 2024-03-16 12:34:59 -05:00
Update authentik-server.conf.sample 2023-02-08 13:25:36 -06:00			`include /config/nginx/proxy.conf;`
			`include /config/nginx/resolver.conf;`
			`set $upstream_authentik authentik-server;`
			`proxy_pass http://$upstream_authentik:9000;`
Unsimplify 2023-04-27 20:53:07 +00:00			`}`

			`# location for authentik auth requests`
			`location = /outpost.goauthentik.io/auth/nginx {`
			`internal;`

			`include /config/nginx/proxy.conf;`
			`include /config/nginx/resolver.conf;`
			`set $upstream_authentik authentik-server;`
			`proxy_pass http://$upstream_authentik:9000;`
Unify auth config approach 2023-02-05 12:05:18 -06:00
Adjust auth confs to fix cookie header conflict 2023-04-27 18:48:27 +00:00			`## Include the Set-Cookie header if present`
Backwards compatibility and additional cookie handling tweaks 2023-04-27 19:34:14 +00:00			`auth_request_set $set_cookie $upstream_http_set_cookie;`
Additional config comments and consolidation 2023-02-09 18:32:49 -06:00			`add_header Set-Cookie $set_cookie;`

Unify auth config approach 2023-02-05 12:05:18 -06:00			`proxy_pass_request_body off;`
Additional config comments and consolidation 2023-02-09 18:32:49 -06:00			`proxy_set_header Content-Length "";`
Unify auth config approach 2023-02-05 12:05:18 -06:00			`}`

Unsimplify 2023-04-27 20:53:07 +00:00			`# virtual location for authentik 401 redirects`
Adjustments to bring it closer to authentik docs 2023-02-05 16:50:45 -06:00			`location @goauthentik_proxy_signin {`
Unify auth config approach 2023-02-05 12:05:18 -06:00			`internal;`

Adjust auth confs to fix cookie header conflict 2023-04-27 18:48:27 +00:00			`## Include the Set-Cookie header if present`
Backwards compatibility and additional cookie handling tweaks 2023-04-27 19:34:14 +00:00			`auth_request_set $set_cookie $upstream_http_set_cookie;`
Unify auth config approach 2023-02-05 12:05:18 -06:00			`add_header Set-Cookie $set_cookie;`

Backwards compatibility and additional cookie handling tweaks 2023-04-27 19:34:14 +00:00			`## Set the $target_url variable based on the original request`
Simplify auth configs and include updates for Authelia 4.38 2023-04-24 19:00:52 +00:00			`set_escape_uri $target_url $scheme://$http_host$request_uri;`

Backwards compatibility and additional cookie handling tweaks 2023-04-27 19:34:14 +00:00			`## Set the $signin_url variable`
			`set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url;`
Simplify auth configs and include updates for Authelia 4.38 2023-04-24 19:00:52 +00:00
			`## Redirect to login`
Backwards compatibility and additional cookie handling tweaks 2023-04-27 19:34:14 +00:00			`return 302 $signin_url;`
Unify auth config approach 2023-02-05 12:05:18 -06:00			`}`