2024-03-14 22:57:51 -04:00
|
|
|
## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
2021-10-14 15:01:48 -04:00
|
|
|
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
2023-03-28 20:34:10 -04:00
|
|
|
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
2024-03-15 10:41:19 -04:00
|
|
|
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
|
|
|
|
# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
|
2021-10-14 15:01:48 -04:00
|
|
|
|
2023-02-05 17:45:56 -05:00
|
|
|
# location for authelia subfolder requests
|
2021-10-14 15:01:48 -04:00
|
|
|
location ^~ /authelia {
|
2023-02-09 19:32:49 -05:00
|
|
|
auth_request off; # requests to this subfolder must be accessible without authentication
|
2022-09-22 14:50:02 -04:00
|
|
|
include /config/nginx/proxy.conf;
|
|
|
|
|
include /config/nginx/resolver.conf;
|
|
|
|
|
set $upstream_authelia authelia;
|
|
|
|
|
proxy_pass http://$upstream_authelia:9091;
|
2023-04-27 16:53:07 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# location for authelia auth requests
|
2024-03-14 22:57:51 -04:00
|
|
|
location ~ /authelia/api/(authz/auth-request|verify) {
|
2023-04-27 16:53:07 -04:00
|
|
|
internal;
|
|
|
|
|
|
|
|
|
|
include /config/nginx/proxy.conf;
|
|
|
|
|
include /config/nginx/resolver.conf;
|
|
|
|
|
set $upstream_authelia authelia;
|
|
|
|
|
proxy_pass http://$upstream_authelia:9091;
|
2021-10-14 15:01:48 -04:00
|
|
|
|
2023-04-27 14:48:27 -04:00
|
|
|
## Include the Set-Cookie header if present
|
2023-04-27 15:34:14 -04:00
|
|
|
auth_request_set $set_cookie $upstream_http_set_cookie;
|
2023-02-09 19:32:49 -05:00
|
|
|
add_header Set-Cookie $set_cookie;
|
2023-02-01 12:50:56 -05:00
|
|
|
|
|
|
|
|
proxy_pass_request_body off;
|
2023-02-09 19:32:49 -05:00
|
|
|
proxy_set_header Content-Length "";
|
2023-02-05 17:45:56 -05:00
|
|
|
}
|
|
|
|
|
|
2023-04-27 16:53:07 -04:00
|
|
|
# virtual location for authelia 401 redirects
|
2023-02-05 17:45:56 -05:00
|
|
|
location @authelia_proxy_signin {
|
|
|
|
|
internal;
|
|
|
|
|
|
2023-04-27 14:48:27 -04:00
|
|
|
## Include the Set-Cookie header if present
|
2023-04-27 15:34:14 -04:00
|
|
|
auth_request_set $set_cookie $upstream_http_set_cookie;
|
2023-02-05 17:45:56 -05:00
|
|
|
add_header Set-Cookie $set_cookie;
|
|
|
|
|
|
2023-04-27 15:34:14 -04:00
|
|
|
## Set the $target_url variable based on the original request
|
2023-04-24 15:00:52 -04:00
|
|
|
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
|
|
|
|
|
2023-04-27 15:34:14 -04:00
|
|
|
## Translate the Location response header from the auth subrequest into a variable
|
|
|
|
|
auth_request_set $signin_url $upstream_http_location;
|
|
|
|
|
|
|
|
|
|
if ($signin_url = '') {
|
|
|
|
|
## Set the $signin_url variable
|
|
|
|
|
set $signin_url https://$http_host/authelia/?rd=$target_url;
|
2023-04-24 15:00:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## Redirect to login
|
2023-04-27 15:34:14 -04:00
|
|
|
return 302 $signin_url;
|
2021-10-14 15:01:48 -04:00
|
|
|
}
|
