This commit is contained in:
Fabian Montero 2024-08-25 14:47:29 -06:00
parent 8c4a28b66d
commit 167c519a25
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F

View file

@ -19,7 +19,9 @@ with lib; {
default = false; default = false;
type = bool; type = bool;
}; };
}; locations = mkOption {
type = attrsOf (
submodule {
config = mkIf config.enableAuthentik { config = mkIf config.enableAuthentik {
extraConfig = '' extraConfig = ''
auth_request /outpost.goauthentik.io/auth/nginx; auth_request /outpost.goauthentik.io/auth/nginx;
@ -39,17 +41,23 @@ with lib; {
proxy_set_header X-authentik-email $authentik_email; proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name; proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid; proxy_set_header X-authentik-uid $authentik_uid;
'';
proxy_redirect http:// $scheme://; };
}
);
};
};
config = mkIf config.enableAuthentik {
extraConfig = ''
proxy_buffers 8 16k; proxy_buffers 8 16k;
proxy_buffer_size 32k; proxy_buffer_size 32k;
location /outpost.goauthentik.io { location /outpost.goauthentik.io {
proxy_pass http://auth.posixlycorrect.com/outpost.goauthentik.io; proxy_pass http://localhost:9000/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured # ensure the host of this vserver matches your external URL you've configured
# in authentik # in authentik
proxy_set_header X-Forwarded-Host $host; proxy_set_header Host $host;
proxy_redirect http://localhost:9000 https://auth.posixlycorrect.com;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie; auth_request_set $auth_cookie $upstream_http_set_cookie;
@ -62,7 +70,7 @@ with lib; {
location @goauthentik_proxy_signin { location @goauthentik_proxy_signin {
internal; internal;
add_header Set-Cookie $auth_cookie; add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri; return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
} }