website/docs: update forward_auth for nginx config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-29 20:32:49 +02:00
parent 8b9ce4a745
commit 1e6c081e5c

View file

@ -46,24 +46,46 @@ import TabItem from '@theme/TabItem';
<TabItem value="standalone-nginx">
```
location /akprox {
proxy_pass http://*ip of your outpost*:4180;
error_page 401 = @akprox_signin;
proxy_set_header X-Forwarded-Host $http_host;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
}
server {
# SSL and VHost configuration
listen 443 ssl http2;
server_name _;
location @akprox_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /akprox/start?rd=$request_uri;
}
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
location / {
auth_request /akprox/auth?nginx;
# All your other options...
# Put your proxy_pass to your application here
# proxy_pass http://localhost:5000;
# authentik-specific config
auth_request /akprox/auth;
error_page 401 = @akprox_signin;
# translate headers from the outposts back to the actual upstream
auth_request_set $username $upstream_http_x_auth_username;
auth_request_set $email $upstream_http_X_Forwarded_Email;
proxy_set_header X-Auth-Username $username;
proxy_set_header X-Forwarded-Email $email;
}
# all requests to /akprox must be accessible without authentication
location /akprox {
proxy_pass http://*ip or hostname of the authentik OUTPOST*:4180;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
}
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @akprox_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /akprox/start?rd=$request_uri;
}
}
```
</TabItem>