mirror of
https://github.com/linuxserver/docker-swag.git
synced 2024-10-01 05:35:49 +00:00
28 lines
1.4 KiB
Plaintext
28 lines
1.4 KiB
Plaintext
## Version 2022/09/22
|
|
# Make sure that your authentik container is in the same user defined bridge network and is named authentik-server
|
|
|
|
# all requests to /outpost.goauthentik.io must be accessible without authentication
|
|
location /outpost.goauthentik.io {
|
|
include /config/nginx/resolver.conf;
|
|
set $upstream_authentik authentik-server;
|
|
proxy_pass http://$upstream_authentik:9000/outpost.goauthentik.io;
|
|
# ensure the host of this vserver matches your external URL you've configured
|
|
# in authentik
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
|
add_header Set-Cookie $auth_cookie;
|
|
auth_request_set $auth_cookie $upstream_http_set_cookie;
|
|
proxy_pass_request_body off;
|
|
proxy_set_header Content-Length "";
|
|
}
|
|
|
|
# Special location for when the /auth endpoint returns a 401,
|
|
# redirect to the /start URL which initiates SSO
|
|
location @goauthentik_proxy_signin {
|
|
internal;
|
|
add_header Set-Cookie $auth_cookie;
|
|
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
|
|
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
|
|
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
|
|
}
|