Created
November 25, 2022 21:05
-
-
Save githubsaturn/9245e2cedeb0ef67bd459fa139bfdaa5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location /authelia { | |
| internal; | |
| set $upstream_authelia http://srv-captain-auth:9091/api/verify; #change the service name to match yours | |
| proxy_pass_request_body off; | |
| proxy_pass $upstream_authelia; | |
| proxy_set_header Content-Length ""; | |
| # Timeout if the real server is dead | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
| client_body_buffer_size 128k; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Original-URL $scheme://$http_host$request_uri; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-Uri $request_uri; | |
| proxy_set_header X-Forwarded-Ssl on; | |
| proxy_redirect http:// $scheme://; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_cache_bypass $cookie_session; | |
| proxy_no_cache $cookie_session; | |
| proxy_buffers 4 32k; | |
| send_timeout 5m; | |
| proxy_read_timeout 240; | |
| proxy_send_timeout 240; | |
| proxy_connect_timeout 240; | |
| } | |
| ## add these to your "location /" part of the nginx config | |
| auth_request /authelia; | |
| auth_request_set $target_url https://$http_host$request_uri; | |
| auth_request_set $user $upstream_http_remote_user; | |
| auth_request_set $email $upstream_http_remote_email; | |
| auth_request_set $groups $upstream_http_remote_groups; | |
| proxy_set_header Remote-User $user; | |
| proxy_set_header Remote-Email $email; | |
| proxy_set_header Remote-Groups $groups; | |
| error_page 401 =302 https://auth.yourdomain.com/?rd=$target_url; #change this to match your authentication domain/subdomain | |
| client_body_buffer_size 128k; | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; | |
| send_timeout 5m; | |
| proxy_read_timeout 360; | |
| proxy_send_timeout 360; | |
| proxy_connect_timeout 360; | |
| proxy_set_header Host $host; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection upgrade; | |
| proxy_set_header Accept-Encoding gzip; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-Uri $request_uri; | |
| proxy_set_header X-Forwarded-Ssl on; | |
| proxy_redirect http:// $scheme://; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_cache_bypass $cookie_session; | |
| proxy_no_cache $cookie_session; | |
| proxy_buffers 64 256k; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment