From c51ae10f47c3ae6daf6d015ef5c0698687283a64 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 22 Sep 2022 13:50:02 -0500 Subject: [PATCH 1/2] Update authelia-server.conf.sample --- .../nginx/authelia-server.conf.sample | 50 ++++++++++++++----- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 32e61d1..07e4620 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,28 +1,52 @@ -## Version 2022/08/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia location ^~ /authelia { - - set $upstream_app authelia; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + include /config/nginx/proxy.conf; + include /config/nginx/resolver.conf; + set $upstream_authelia authelia; + proxy_pass http://$upstream_authelia:9091; } location = /authelia/api/verify { internal; - - set $upstream_app authelia; - set $upstream_port 9091; - set $upstream_proto http; - proxy_pass $upstream_proto://$upstream_app:$upstream_port; + if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) { + return 401; + } + include /config/nginx/resolver.conf; + set $upstream_authelia authelia; + proxy_pass_request_body off; + proxy_pass http://$upstream_authelia:9091; + proxy_set_header Content-Length ""; # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + # [REQUIRED] Needed by Authelia to check authorizations of the resource. + # Provide either X-Original-URL and X-Forwarded-Proto or + # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both. + # Those headers will be used by Authelia to deduce the target url of the user. + # Basic Proxy Config client_body_buffer_size 128k; + proxy_set_header Host $host; + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Method $request_method; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Uri $request_uri; + proxy_set_header X-Forwarded-Ssl on; + proxy_redirect http:// $scheme://; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_cache_bypass $cookie_session; + proxy_no_cache $cookie_session; proxy_buffers 4 32k; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; + + # Advanced Proxy Config send_timeout 5m; + proxy_read_timeout 240; + proxy_send_timeout 240; + proxy_connect_timeout 240; } From b346b4610cdd43191a31dd4879b1f35768679d9c Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 22 Sep 2022 14:02:22 -0500 Subject: [PATCH 2/2] Update authelia-server.conf.sample --- root/defaults/nginx/authelia-server.conf.sample | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index 07e4620..dfb34f3 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -10,9 +10,7 @@ location ^~ /authelia { location = /authelia/api/verify { internal; - if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) { - return 401; - } + include /config/nginx/resolver.conf; set $upstream_authelia authelia; proxy_pass_request_body off;