archive/server_config
Archived
1
0
Fork 0
Code Issues 1 Pull requests Packages Projects Releases Wiki Activity

pull locations out of extraconfig

Browse source
This commit is contained in:
Fabian Montero 2024-08-25 04:38:59 -06:00
parent 8c4a28b66d
commit 289a1e953d
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F
1 changed files with 29 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
sys/srv/authentik.nix
View file

@ -44,28 +44,6 @@ with lib; {
proxy_buffers 8 16k; proxy_buffers 8 16k;
proxy_buffer_size 32k; proxy_buffer_size 32k;
location /outpost.goauthentik.io {
proxy_pass http://auth.posixlycorrect.com/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
''; '';
}; };
} }
@ -76,6 +54,35 @@ with lib; {
config = { config = {
services = { services = {
nginx.virtualHosts."auth.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
locations = {
"/outpost.goauthentik.io" = {
proxyPass = "http://auth.posixlycorrect.com/outpost.goauthentik.io";
extraConfig = ''
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
'';
};
"@goauthentik_proxy_signin" = {
extraConfig = ''
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
'';
};
};
};
authentik = { authentik = {
enable = true; enable = true;
environmentFile = "/var/trust/authentik/authentik-env"; environmentFile = "/var/trust/authentik/authentik-env";