Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-06-26 06:32:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust auth confs to fix cookie header conflict

Browse Source
This commit is contained in:
Eric Nemchik 2023-04-27 18:48:27 +00:00 committed by GitHub
parent 9cdedad1c8
commit d8f252dd73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 133 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/call_issue_pr_tracker.yml vendored
View File

@ -2,9 +2,11 @@ name: Issue & PR Tracker
on:
issues:
types: [opened,reopened,labeled,unlabeled]
types: [opened,reopened,labeled,unlabeled,closed]
pull_request_target:
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled]
types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
pull_request_review:
types: [submitted,edited,dismissed]
jobs:
manage-project:

8
.github/workflows/external_trigger.yml vendored
View File

@ -14,9 +14,11 @@ jobs:
run: |
if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving external version ****"
EXT_RELEASE=$(curl -sL "https://pypi.python.org/pypi/certbot/json" |jq -r '. | .info.version')
if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
@ -30,6 +32,7 @@ jobs:
fi
EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
echo "**** External version: ${EXT_RELEASE} ****"
echo "External version: ${EXT_RELEASE}" >> $GITHUB_STEP_SUMMARY
echo "**** Retrieving last pushed version ****"
image="linuxserver/swag"
tag="latest"
@ -65,14 +68,18 @@ jobs:
exit 1
fi
echo "**** Last pushed version: ${IMAGE_VERSION} ****"
echo "Last pushed version: ${IMAGE_VERSION}" >> $GITHUB_STEP_SUMMARY
if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
echo "Version ${EXT_RELEASE} already pushed, exiting" >> $GITHUB_STEP_SUMMARY
exit 0
elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
echo "New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
exit 0
else
echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
echo "New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=false \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@ -82,6 +89,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \

18
.github/workflows/external_trigger_scheduler.yml vendored
View File

@ -2,7 +2,7 @@ name: External Trigger Scheduler
on:
schedule:
- cron: '50 * * * *'
- cron: '2 * * * *'
workflow_dispatch:
jobs:
@ -17,18 +17,18 @@ jobs:
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
if [ "$br" == "$ls_branch" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml)
ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
echo "**** Branch ${br} appears to be live and trigger is not os; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
echo "Triggering external trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
-H "Accept: application/vnd.github.v3+json" \
@ -36,8 +36,10 @@ jobs:
https://api.github.com/repos/linuxserver/docker-swag/actions/workflows/external_trigger.yml/dispatches
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "**** ${br} is either a dev branch, or has no external version; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
fi
done

4
.github/workflows/package_trigger.yml vendored
View File

@ -14,13 +14,16 @@ jobs:
run: |
if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_SWAG_MASTER }}" ]; then
echo "**** Github secret PAUSE_PACKAGE_TRIGGER_SWAG_MASTER is set; skipping trigger. ****"
echo "Github secret \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\` is set; skipping trigger." >> $GITHUB_STEP_SUMMARY
exit 0
fi
if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
echo "There already seems to be an active build on Jenkins; skipping package trigger" >> $GITHUB_STEP_SUMMARY
exit 0
fi
echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\". ****"
echo "Package trigger running off of master branch. To disable, set a Github secret named \`PAUSE_PACKAGE_TRIGGER_SWAG_MASTER\`" >> $GITHUB_STEP_SUMMARY
response=$(curl -iX POST \
https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-swag/job/master/buildWithParameters?PACKAGE_CHECK=true \
--user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
@ -30,6 +33,7 @@ jobs:
buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
buildurl="${buildurl%$'\r'}"
echo "**** Jenkins job build url: ${buildurl} ****"
echo "Jenkins job build url: ${buildurl}" >> $GITHUB_STEP_SUMMARY
echo "**** Attempting to change the Jenkins job description ****"
curl -iX POST \
"${buildurl}submitDescription" \

8
.github/workflows/package_trigger_scheduler.yml vendored
View File

@ -17,18 +17,16 @@ jobs:
run: |
echo "**** Branches found: ****"
git for-each-ref --format='%(refname:short)' refs/remotes
echo "**** Pulling the yq docker image ****"
docker pull ghcr.io/linuxserver/yq
for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
do
br=$(echo "$br" | sed 's|origin/||g')
echo "**** Evaluating branch ${br} ****"
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml \
| docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/jenkins-vars.yml | yq -r '.ls_branch')
if [ "${br}" == "${ls_branch}" ]; then
echo "**** Branch ${br} appears to be live; checking workflow. ****"
if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-swag/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
echo "Triggering package trigger workflow for branch ${br}" >> $GITHUB_STEP_SUMMARY
triggered_branches="${triggered_branches}${br} "
curl -iX POST \
-H "Authorization: token ${{ secrets.CR_PAT }}" \
@ -38,9 +36,11 @@ jobs:
sleep 30
else
echo "**** Workflow doesn't exist; skipping trigger. ****"
echo "Skipping branch ${br} due to no package trigger workflow present." >> $GITHUB_STEP_SUMMARY
fi
else
echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
fi
done
echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"

91
Jenkinsfile vendored
View File

@ -40,10 +40,11 @@ pipeline {
// Setup all the basic environment variables needed for the build
stage("Set ENV Variables base"){
steps{
sh '''docker pull quay.io/skopeo/stable:v1 || : '''
script{
env.EXIT_STATUS = ''
env.LS_RELEASE = sh(
script: '''docker run --rm ghcr.io/linuxserver/alexeiled-skopeo sh -c 'skopeo inspect docker://docker.io/'${DOCKERHUB_IMAGE}':latest 2>/dev/null' | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
script: '''docker run --rm quay.io/skopeo/stable:v1 inspect docker://ghcr.io/${LS_USER}/${CONTAINER_NAME}:latest 2>/dev/null | jq -r '.Labels.build_version' | awk '{print $3}' | grep '\\-ls' || : ''',
returnStdout: true).trim()
env.LS_RELEASE_NOTES = sh(
script: '''cat readme-vars.yml | awk -F \\" '/date: "[0-9][0-9].[0-9][0-9].[0-9][0-9]:/ {print $4;exit;}' | sed -E ':a;N;$!ba;s/\\r{0,1}\\n/\\\\n/g' ''',
@ -228,7 +229,7 @@ pipeline {
script{
env.SHELLCHECK_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/shellcheck-result.xml'
}
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-shellcheck/master/checkrun.sh | /bin/bash'''
sh '''curl -sL https://raw.githubusercontent.com/linuxserver/docker-jenkins-builder/master/checkrun.sh | /bin/bash'''
sh '''#! /bin/bash
docker run --rm \
-v ${WORKSPACE}:/mnt \
@ -376,6 +377,26 @@ pipeline {
}
}
}
// If this is a master build check the S6 service file perms
stage("Check S6 Service file Permissions"){
when {
branch "master"
environment name: 'CHANGE_ID', value: ''
environment name: 'EXIT_STATUS', value: ''
}
steps {
script{
sh '''#! /bin/bash
WRONG_PERM=$(find ./ -path "./.git" -prune -o \\( -name "run" -o -name "finish" -o -name "check" \\) -not -perm -u=x,g=x,o=x -print)
if [[ -n "${WRONG_PERM}" ]]; then
echo "The following S6 service files are missing the executable bit; canceling the faulty build: ${WRONG_PERM}"
exit 1
else
echo "S6 service file perms look good."
fi '''
}
}
}
/* #######################
GitLab Mirroring
####################### */
@ -668,6 +689,7 @@ pipeline {
]) {
script{
env.CI_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/index.html'
env.CI_JSON_URL = 'https://ci-tests.linuxserver.io/' + env.IMAGE + '/' + env.META_TAG + '/report.json'
}
sh '''#! /bin/bash
set -e
@ -694,8 +716,6 @@ pipeline {
-e WEB_SCREENSHOT=\"${CI_WEB}\" \
-e WEB_AUTH=\"${CI_AUTH}\" \
-e WEB_PATH=\"${CI_WEBPATH}\" \
-e DO_REGION="ams3" \
-e DO_BUCKET="lsio-ci" \
-t ghcr.io/linuxserver/ci:latest \
python3 test_build.py'''
}
@ -949,8 +969,67 @@ pipeline {
environment name: 'EXIT_STATUS', value: ''
}
steps {
sh '''curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST https://api.github.com/repos/${LS_USER}/${LS_REPO}/issues/${PULL_REQUEST}/comments \
-d '{"body": "I am a bot, here are the test results for this PR: \\n'${CI_URL}' \\n'${SHELLCHECK_URL}'"}' '''
sh '''#! /bin/bash
# Function to retrieve JSON data from URL
get_json() {
local url="$1"
local response=$(curl -s "$url")
if [ $? -ne 0 ]; then
echo "Failed to retrieve JSON data from $url"
return 1
fi
local json=$(echo "$response" | jq .)
if [ $? -ne 0 ]; then
echo "Failed to parse JSON data from $url"
return 1
fi
echo "$json"
}
build_table() {
local data="$1"
# Get the keys in the JSON data
local keys=$(echo "$data" | jq -r 'to_entries | map(.key) | .[]')
# Check if keys are empty
if [ -z "$keys" ]; then
echo "JSON report data does not contain any keys or the report does not exist."
return 1
fi
# Build table header
local header="| Tag | Passed |\\n| --- | --- |\\n"
# Loop through the JSON data to build the table rows
local rows=""
for build in $keys; do
local status=$(echo "$data" | jq -r ".[\\"$build\\"].test_success")
if [ "$status" = "true" ]; then
status="✅"
else
status="❌"
fi
local row="| "$build" | "$status" |\\n"
rows="${rows}${row}"
done
local table="${header}${rows}"
local escaped_table=$(echo "$table" | sed 's/\"/\\\\"/g')
echo "$escaped_table"
}
# Retrieve JSON data from URL
data=$(get_json "$CI_JSON_URL")
# Create table from JSON data
table=$(build_table "$data")
echo -e "$table"
curl -X POST -H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/$LS_USER/$LS_REPO/issues/$PULL_REQUEST/comments" \
-d "{\\"body\\": \\"I am a bot, here are the test results for this PR: \\n${CI_URL}\\n${SHELLCHECK_URL}\\n${table}\\"}"'''
}
}
}

2
README.md
View File

@ -336,7 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38.
* **27.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug.
* **13.04.23:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik.
* **25.03.23:** - Fix renewal post hook.
* **10.03.23:** - Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0).

2
readme-vars.yml
View File

@ -154,7 +154,7 @@ app_setup_block: |
# changelog
changelogs:
- { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-server.conf - Simplify auth configs and include updates for Authelia 4.38." }
- { date: "27.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-location.conf, authelia-server.conf, authentik-location.conf, authentik-server.conf - Simplify auth configs and fix Set-Cookie header bug." }
- { date: "13.04.23:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, authelia-location.conf, authentik-location.conf, and site-confs/default.conf - Move ssl.conf include to default.conf. Remove Authorization headers in authelia. Sort proxy_set_header in authelia and authentik." }
- { date: "25.03.23:", desc: "Fix renewal post hook." }
- { date: "10.03.23:", desc: "Cleanup unused csr and keys folders. See [certbot 2.3.0 release notes](https://github.com/certbot/certbot/releases/tag/v2.3.0)." }

13
root/defaults/nginx/authelia-location.conf.sample
View File

@ -1,28 +1,27 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia/api/authz/auth-request;
auth_request /authelia/api/verify;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @authelia_proxy_signin;
## Translate response headers from Authelia into variables
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;
## Inject the response header variables into the request made to the actual upstream
## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;
## Include the Set-Cookie header if present.
## Translate the Set-Cookie response header from auth subrequest into a variable
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;
## Set $redirection_url to the location header of the response from the auth request
## Translate the Location response header from auth subrequest into a variable
auth_request_set $redirection_url $upstream_http_location;

8
root/defaults/nginx/authelia-server.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined
@ -11,8 +11,7 @@ location ^~ /authelia {
set $upstream_authelia authelia;
proxy_pass http://$upstream_authelia:9091;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
## Include the Set-Cookie header if present
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
@ -23,8 +22,7 @@ location ^~ /authelia {
location @authelia_proxy_signin {
internal;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
## Include the Set-Cookie header if present
add_header Set-Cookie $set_cookie;
## Set the $target_url variable based on the original request.

9
root/defaults/nginx/authentik-location.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-location.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
@ -7,20 +7,19 @@ auth_request /outpost.goauthentik.io/auth/nginx;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @goauthentik_proxy_signin;
## Translate response headers from Authentik into variables
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
auth_request_set $authentik_username $upstream_http_x_authentik_username;
## Inject the response header variables into the request made to the actual upstream
## Inject the user information into the request made to the actual upstream
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
## Include the Set-Cookie header if present.
## Translate the Set-Cookie response header from auth subrequest into a variable
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

8
root/defaults/nginx/authentik-server.conf.sample
View File

@ -1,4 +1,4 @@
## Version 2023/04/24 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
## Version 2023/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
# Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf
@ -10,8 +10,7 @@ location ^~ /outpost.goauthentik.io {
set $upstream_authentik authentik-server;
proxy_pass http://$upstream_authentik:9000;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
## Include the Set-Cookie header if present
add_header Set-Cookie $set_cookie;
proxy_pass_request_body off;
@ -22,8 +21,7 @@ location ^~ /outpost.goauthentik.io {
location @goauthentik_proxy_signin {
internal;
## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
## Include the Set-Cookie header if present
add_header Set-Cookie $set_cookie;
## Set the $target_url variable based on the original request.