Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-09-18 03:24:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #570 from jlssmt/add-tinyauth

Browse source
This commit is contained in:
Adam 2025-06-16 18:34:21 +01:00 committed by GitHub
commit 0c910b9a7b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 53 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
.idea
.jenkins-external

9
root/defaults/nginx/tinyauth-location.conf.sample Normal file
View file

@ -0,0 +1,9 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
error_page 401 = @tinyauth_login;

35
root/defaults/nginx/tinyauth-server.conf.sample Normal file
View file

@ -0,0 +1,35 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
# location for tinyauth auth requests
location /tinyauth {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_tinyauth tinyauth;
proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;
proxy_set_header x-forwarded-proto $scheme;
proxy_set_header x-forwarded-host $http_host;
proxy_set_header x-forwarded-uri $request_uri;
}
# virtual location for tinyauth 401 redirects
location @tinyauth_login {
internal;
## Set the $target_url variable based on the original request
set_escape_uri $target_url $scheme://$http_host$request_uri;
## Set the $signin_url variable
set $domain $host;
if ($host ~* "^[^.]+\.([^.]+\..+)$") {
set $domain $1;
}
set $signin_url https://tinyauth.$domain/login?redirect_uri=$target_url;
## Redirect to login
return 302 $signin_url;
}

8
root/etc/s6-overlay/s6-rc.d/init-swag-config/run
View file

@ -22,6 +22,14 @@ if [[ ! -f /config/nginx/authentik-server.conf ]]; then
cp /defaults/nginx/authentik-server.conf.sample /config/nginx/authentik-server.conf
fi
# copy tinyauth config files if they don't exist
if [[ ! -f /config/nginx/tinyauth-location.conf ]]; then
cp /defaults/nginx/tinyauth-location.conf.sample /config/nginx/tinyauth-location.conf
fi
if [[ ! -f /config/nginx/tinyauth-server.conf ]]; then
cp /defaults/nginx/tinyauth-server.conf.sample /config/nginx/tinyauth-server.conf
fi
# copy old ldap config file to new location
if [[ -f /config/nginx/ldap.conf ]] && [[ ! -f /config/nginx/ldap-server.conf ]]; then
cp /config/nginx/ldap.conf /config/nginx/ldap-server.conf