mirror of
https://github.com/linuxserver/docker-swag.git
synced 2025-01-23 05:01:18 -05:00
Add files via upload
This commit is contained in:
driz
GitHub
parent
f6438c4a66
commit
38e1845e73
23
root/defaults/nginx/authentik-location.conf
Normal file
23
root/defaults/nginx/authentik-location.conf
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Version 2022/08/20
|
||||||
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# authentik-specific config
|
||||||
|
##############################
|
||||||
|
auth_request /outpost.goauthentik.io/auth/nginx;
|
||||||
|
error_page 401 = @goauthentik_proxy_signin;
|
||||||
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||||
|
add_header Set-Cookie $auth_cookie;
|
||||||
|
|
||||||
|
# translate headers from the outposts back to the actual upstream
|
||||||
|
auth_request_set $authentik_username $upstream_http_x_authentik_username;
|
||||||
|
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
|
||||||
|
auth_request_set $authentik_email $upstream_http_x_authentik_email;
|
||||||
|
auth_request_set $authentik_name $upstream_http_x_authentik_name;
|
||||||
|
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
|
||||||
|
|
||||||
|
proxy_set_header X-authentik-username $authentik_username;
|
||||||
|
proxy_set_header X-authentik-groups $authentik_groups;
|
||||||
|
proxy_set_header X-authentik-email $authentik_email;
|
||||||
|
proxy_set_header X-authentik-name $authentik_name;
|
||||||
|
proxy_set_header X-authentik-uid $authentik_uid;
|
||||||
25
root/defaults/nginx/authentik-server.conf
Normal file
25
root/defaults/nginx/authentik-server.conf
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
## Version 2022/09/22
|
||||||
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik
|
||||||
|
|
||||||
|
# all requests to /outpost.goauthentik.io must be accessible without authentication
|
||||||
|
location /outpost.goauthentik.io {
|
||||||
|
proxy_pass http://authentik-server:9000/outpost.goauthentik.io;
|
||||||
|
# ensure the host of this vserver matches your external URL you've configured
|
||||||
|
# in authentik
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||||||
|
add_header Set-Cookie $auth_cookie;
|
||||||
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
||||||
|
proxy_pass_request_body off;
|
||||||
|
proxy_set_header Content-Length "";
|
||||||
|
}
|
||||||
|
|
||||||
|
# Special location for when the /auth endpoint returns a 401,
|
||||||
|
# redirect to the /start URL which initiates SSO
|
||||||
|
location @goauthentik_proxy_signin {
|
||||||
|
internal;
|
||||||
|
add_header Set-Cookie $auth_cookie;
|
||||||
|
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
|
||||||
|
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
|
||||||
|
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user