website/docs: improve nginx examples

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-25 14:25:21 +01:00
parent 947ecec02b
commit 63b3434b6f
5 changed files with 12 additions and 10 deletions

View file

@ -74,9 +74,9 @@ func (a *Application) getTraefikForwardUrl(r *http.Request) *url.URL {
return u
}
// getNginxForwardUrl See https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl#L1044
// getNginxForwardUrl See https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl
func (a *Application) getNginxForwardUrl(r *http.Request) *url.URL {
h := r.Header.Get("X-Original-URI")
h := r.Header.Get("X-Original-URL")
if len(h) < 1 {
a.log.WithError(errors.New("blank URL")).Warning("blank URL")
return r.URL

View file

@ -23,7 +23,7 @@ func TestForwardHandleNginx_Single_Blank(t *testing.T) {
func TestForwardHandleNginx_Single_Skip(t *testing.T) {
a := newTestApplication()
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
req.Header.Set("X-Original-URI", "http://test.goauthentik.io/skip")
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/skip")
rr := httptest.NewRecorder()
a.forwardHandleNginx(rr, req)
@ -34,7 +34,7 @@ func TestForwardHandleNginx_Single_Skip(t *testing.T) {
func TestForwardHandleNginx_Single_Headers(t *testing.T) {
a := newTestApplication()
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
req.Header.Set("X-Original-URI", "http://test.goauthentik.io/app")
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
rr := httptest.NewRecorder()
a.forwardHandleNginx(rr, req)
@ -110,7 +110,7 @@ func TestForwardHandleNginx_Domain_Header(t *testing.T) {
a.proxyConfig.CookieDomain = api.PtrString("foo")
a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
req.Header.Set("X-Original-URI", "http://test.goauthentik.io/app")
req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")
rr := httptest.NewRecorder()
a.forwardHandleNginx(rr, req)

View file

@ -32,5 +32,5 @@ metadata:
nginx.ingress.kubernetes.io/auth-response-headers: |
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $http_host;
```

View file

@ -6,8 +6,6 @@ For Nginx Proxy Manager you can use this snippet
# header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
@ -16,6 +14,8 @@ location / {
# authentik-specific config
auth_request /akprox/auth/nginx;
error_page 401 = @akprox_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
@ -37,6 +37,7 @@ location /akprox {
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
}

View file

@ -13,8 +13,6 @@ server {
# header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
@ -25,6 +23,8 @@ server {
error_page 401 = @akprox_signin;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
@ -46,6 +46,7 @@ server {
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
}