From 38e1845e73e60f17ed2d101fd43e60b2011a3ccc Mon Sep 17 00:00:00 2001
From: driz <40674481+drizuid@users.noreply.github.com>
Date: Wed, 1 Feb 2023 17:09:59 -0500
Subject: [PATCH] Add files via upload

---
 root/defaults/nginx/authentik-location.conf | 23 +++++++++++++++++++
 root/defaults/nginx/authentik-server.conf   | 25 +++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 root/defaults/nginx/authentik-location.conf
 create mode 100644 root/defaults/nginx/authentik-server.conf

diff --git a/root/defaults/nginx/authentik-location.conf b/root/defaults/nginx/authentik-location.conf
new file mode 100644
index 0000000..a2c32f3
--- /dev/null
+++ b/root/defaults/nginx/authentik-location.conf
@@ -0,0 +1,23 @@
+## Version 2022/08/20 
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik
+
+        ##############################
+        # authentik-specific config
+        ##############################
+        auth_request     /outpost.goauthentik.io/auth/nginx;
+        error_page       401 = @goauthentik_proxy_signin;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header       Set-Cookie $auth_cookie;
+
+        # translate headers from the outposts back to the actual upstream
+        auth_request_set $authentik_username $upstream_http_x_authentik_username;
+        auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
+        auth_request_set $authentik_email $upstream_http_x_authentik_email;
+        auth_request_set $authentik_name $upstream_http_x_authentik_name;
+        auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
+
+        proxy_set_header X-authentik-username $authentik_username;
+        proxy_set_header X-authentik-groups $authentik_groups;
+        proxy_set_header X-authentik-email $authentik_email;
+        proxy_set_header X-authentik-name $authentik_name;
+        proxy_set_header X-authentik-uid $authentik_uid;
\ No newline at end of file
diff --git a/root/defaults/nginx/authentik-server.conf b/root/defaults/nginx/authentik-server.conf
new file mode 100644
index 0000000..b3fb941
--- /dev/null
+++ b/root/defaults/nginx/authentik-server.conf
@@ -0,0 +1,25 @@
+## Version 2022/09/22 
+# Make sure that your authentik container is in the same user defined bridge network and is named authentik
+
+    # all requests to /outpost.goauthentik.io must be accessible without authentication
+    location /outpost.goauthentik.io {
+        proxy_pass              http://authentik-server:9000/outpost.goauthentik.io;
+        # ensure the host of this vserver matches your external URL you've configured
+        # in authentik
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
+        add_header              Set-Cookie $auth_cookie;
+        auth_request_set        $auth_cookie $upstream_http_set_cookie;
+        proxy_pass_request_body off;
+        proxy_set_header        Content-Length "";
+    }
+	
+	# Special location for when the /auth endpoint returns a 401,
+    # redirect to the /start URL which initiates SSO
+    location @goauthentik_proxy_signin {
+        internal;
+        add_header Set-Cookie $auth_cookie;
+        return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
+        # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
+    }
\ No newline at end of file