From e116a1829e3dbe759f56422ae2033fbf91cbbbd5 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Wed, 21 Apr 2021 13:17:25 +1000 Subject: [PATCH 1/2] feat(authelia): add remote name/email headers and pass http method This adds newer remote credential information from the auth_request headers sent by Authelia, Remote-Name includes the users display name, and Remote-Email includes their email. Additionally it sets the X-Forwarded-Method header to the original $request_method detected by nginx, which is used for the new acl rule method filter. --- root/defaults/authelia-location.conf | 6 +++++- root/defaults/authelia-server.conf | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/root/defaults/authelia-location.conf b/root/defaults/authelia-location.conf index ee7c92f..e3c1e98 100644 --- a/root/defaults/authelia-location.conf +++ b/root/defaults/authelia-location.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-location.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Make sure that the authelia configuration.yml has 'path: "authelia"' defined @@ -6,6 +6,10 @@ auth_request /authelia/api/verify; auth_request_set $target_url $scheme://$http_host$request_uri; auth_request_set $user $upstream_http_remote_user; auth_request_set $groups $upstream_http_remote_groups; +auth_request_set $name $upstream_http_remote_name; +auth_request_set $email $upstream_http_remote_email; proxy_set_header Remote-User $user; proxy_set_header Remote-Groups $groups; +proxy_set_header Remote-Name $name; +proxy_set_header Remote-Email $email; error_page 401 =302 https://$http_host/authelia/?rd=$target_url; diff --git a/root/defaults/authelia-server.conf b/root/defaults/authelia-server.conf index cd6a6f6..2d88a06 100644 --- a/root/defaults/authelia-server.conf +++ b/root/defaults/authelia-server.conf @@ -1,4 +1,4 @@ -## Version 2020/05/31 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf +## Version 2021/04/21 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/authelia-server.conf # Make sure that your authelia container is in the same user defined bridge network and is named authelia location ^~ /authelia { @@ -28,7 +28,8 @@ location = /authelia/api/verify { proxy_set_header Host $host; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; From 1cb549ede1d042ad2b5043af6f23fb9e0e14914d Mon Sep 17 00:00:00 2001 From: James Elliott Date: Fri, 23 Apr 2021 07:43:44 +1000 Subject: [PATCH 2/2] docs: add readme-vars update as per code review --- readme-vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/readme-vars.yml b/readme-vars.yml index 9885382..4566de8 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." } - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." } - { date: "12.04.21:", desc: "Add support for vultr dns validation." } - { date: "14.03.21:", desc: "Add support for directadmin dns validation." }