|
1 | | -## Version 2022/08/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample |
| 1 | +## Version 2022/09/22 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample |
2 | 2 | # Make sure that your authelia container is in the same user defined bridge network and is named authelia |
3 | 3 |
|
4 | 4 | location ^~ /authelia { |
5 | | - |
6 | | - set $upstream_app authelia; |
7 | | - set $upstream_port 9091; |
8 | | - set $upstream_proto http; |
9 | | - proxy_pass $upstream_proto://$upstream_app:$upstream_port; |
| 5 | + include /config/nginx/proxy.conf; |
| 6 | + include /config/nginx/resolver.conf; |
| 7 | + set $upstream_authelia authelia; |
| 8 | + proxy_pass http://$upstream_authelia:9091; |
10 | 9 | } |
11 | 10 |
|
12 | 11 | location = /authelia/api/verify { |
13 | 12 | internal; |
14 | | - |
15 | | - set $upstream_app authelia; |
16 | | - set $upstream_port 9091; |
17 | | - set $upstream_proto http; |
18 | | - proxy_pass $upstream_proto://$upstream_app:$upstream_port; |
| 13 | + if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) { |
| 14 | + return 401; |
| 15 | + } |
| 16 | + include /config/nginx/resolver.conf; |
| 17 | + set $upstream_authelia authelia; |
| 18 | + proxy_pass_request_body off; |
| 19 | + proxy_pass http://$upstream_authelia:9091; |
| 20 | + proxy_set_header Content-Length ""; |
19 | 21 |
|
20 | 22 | # Timeout if the real server is dead |
21 | 23 | proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; |
22 | 24 |
|
| 25 | + # [REQUIRED] Needed by Authelia to check authorizations of the resource. |
| 26 | + # Provide either X-Original-URL and X-Forwarded-Proto or |
| 27 | + # X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Uri or both. |
| 28 | + # Those headers will be used by Authelia to deduce the target url of the user. |
| 29 | + # Basic Proxy Config |
23 | 30 | client_body_buffer_size 128k; |
| 31 | + proxy_set_header Host $host; |
| 32 | + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; |
| 33 | + proxy_set_header X-Real-IP $remote_addr; |
| 34 | + proxy_set_header X-Forwarded-For $remote_addr; |
| 35 | + proxy_set_header X-Forwarded-Method $request_method; |
| 36 | + proxy_set_header X-Forwarded-Proto $scheme; |
| 37 | + proxy_set_header X-Forwarded-Host $http_host; |
| 38 | + proxy_set_header X-Forwarded-Uri $request_uri; |
| 39 | + proxy_set_header X-Forwarded-Ssl on; |
| 40 | + proxy_redirect http:// $scheme://; |
| 41 | + proxy_http_version 1.1; |
| 42 | + proxy_set_header Connection ""; |
| 43 | + proxy_cache_bypass $cookie_session; |
| 44 | + proxy_no_cache $cookie_session; |
24 | 45 | proxy_buffers 4 32k; |
25 | | - proxy_pass_request_body off; |
26 | | - proxy_set_header Content-Length ""; |
| 46 | + |
| 47 | + # Advanced Proxy Config |
27 | 48 | send_timeout 5m; |
| 49 | + proxy_read_timeout 240; |
| 50 | + proxy_send_timeout 240; |
| 51 | + proxy_connect_timeout 240; |
28 | 52 | } |
0 commit comments