Skip to content

Commit dc3ec42

Browse files
jlssmtjlssmt
committed
add tinyauth
1 parent 35deb8f commit dc3ec42

File tree

3 files changed

+45
-0
lines changed

3 files changed

+45
-0
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1+
.idea
12
.jenkins-external

root/defaults/nginx/tinyauth-location.conf.sample

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
2+
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
3+
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
4+
5+
## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
6+
auth_request /tinyauth;
7+
8+
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
9+
error_page 401 = @tinyauth_login;

root/defaults/nginx/tinyauth-server.conf.sample

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
2+
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
3+
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
4+
5+
# location for tinyauth auth requests
6+
location /tinyauth {
7+
internal;
8+
9+
include /config/nginx/proxy.conf;
10+
include /config/nginx/resolver.conf;
11+
set $upstream_tinyauth tinyauth;
12+
proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;
13+
14+
proxy_set_header x-forwarded-proto $scheme;
15+
proxy_set_header x-forwarded-host $http_host;
16+
proxy_set_header x-forwarded-uri $request_uri;
17+
}
18+
19+
# virtual location for tinyauth 401 redirects
20+
location @tinyauth_login {
21+
internal;
22+
23+
## Set the $target_url variable based on the original request
24+
set_escape_uri $target_url $scheme://$http_host$request_uri;
25+
26+
## Set the $signin_url variable
27+
set $domain $host;
28+
if ($host ~* "^[^.]+\.([^.]+\..+)$") {
29+
set $domain $1;
30+
}
31+
set $signin_url https://tinyauth.$domain/login?redirect_uri=$target_url;
32+
33+
## Redirect to login
34+
return 302 $signin_url;
35+
}

0 commit comments

Comments
 (0)