mirror of
https://github.com/linuxserver/docker-swag.git
synced 2025-04-06 21:33:41 -04:00
Merge 8b8d33a81a84c6fe80c13514c1918a9bee1c393b into 82ba5dd791eba63158ade18b623ad60da6884404
This commit is contained in:
Eric Nemchik
GitHub
commit
8591617b27
@ -1,13 +1,8 @@
|
||||
## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
||||
## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
|
||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||
# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
|
||||
|
||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource
|
||||
## For authelia 4.37 and below, use the following line
|
||||
# auth_request /authelia/api/verify;
|
||||
## For authelia 4.38 and above, use the following line
|
||||
auth_request /authelia/api/authz/auth-request;
|
||||
|
||||
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
|
||||
|
||||
@ -1,44 +1,15 @@
|
||||
## Version 2024/03/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
|
||||
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
|
||||
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
|
||||
# For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
|
||||
# For authelia 4.38 and above, make sure that the authelia configuration.yml has 'address: "tcp://:9091/authelia"' defined
|
||||
|
||||
# location for authelia subfolder requests
|
||||
location ^~ /authelia {
|
||||
auth_request off; # requests to this subfolder must be accessible without authentication
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
}
|
||||
|
||||
# location for authelia 4.37 and below auth requests
|
||||
location = /authelia/api/verify {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
|
||||
## Include the Set-Cookie header if present
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
add_header Set-Cookie $set_cookie;
|
||||
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
}
|
||||
|
||||
# location for authelia 4.38 and above auth requests
|
||||
# location for authelia auth requests
|
||||
location = /authelia/api/authz/auth-request {
|
||||
internal;
|
||||
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authelia authelia;
|
||||
proxy_pass http://$upstream_authelia:9091;
|
||||
proxy_pass http://$upstream_authelia:9091/api/authz/auth-request;
|
||||
|
||||
## Include the Set-Cookie header if present
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
@ -62,11 +33,6 @@ location @authelia_proxy_signin {
|
||||
## Translate the Location response header from the auth subrequest into a variable
|
||||
auth_request_set $signin_url $upstream_http_location;
|
||||
|
||||
if ($signin_url = '') {
|
||||
## Set the $signin_url variable
|
||||
set $signin_url https://$http_host/authelia/?rd=$target_url;
|
||||
}
|
||||
|
||||
## Redirect to login
|
||||
return 302 $signin_url;
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
||||
## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
|
||||
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
||||
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
|
||||
|
||||
@ -19,7 +19,7 @@ location = /outpost.goauthentik.io/auth/nginx {
|
||||
include /config/nginx/proxy.conf;
|
||||
include /config/nginx/resolver.conf;
|
||||
set $upstream_authentik authentik-server;
|
||||
proxy_pass http://$upstream_authentik:9000;
|
||||
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io/auth/nginx;
|
||||
|
||||
## Include the Set-Cookie header if present
|
||||
auth_request_set $set_cookie $upstream_http_set_cookie;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user