website/docs: improve nginx examples

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-25 14:25:21 +01:00 · 2022-01-25 14:25:21 +01:00 · 63b3434b6f
parent 947ecec02b
commit 63b3434b6f
5 changed files with 12 additions and 10 deletions
--- a/internal/outpost/proxyv2/application/mode_common.go
+++ b/internal/outpost/proxyv2/application/mode_common.go
@ -74,9 +74,9 @@ func (a *Application) getTraefikForwardUrl(r *http.Request) *url.URL {
 	return u
 }

-// getNginxForwardUrl See https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl#L1044
+// getNginxForwardUrl See https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl
 func (a *Application) getNginxForwardUrl(r *http.Request) *url.URL {
-	h := r.Header.Get("X-Original-URI")
+	h := r.Header.Get("X-Original-URL")
 	if len(h) < 1 {
 		a.log.WithError(errors.New("blank URL")).Warning("blank URL")
 		return r.URL
--- a/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
+++ b/internal/outpost/proxyv2/application/mode_forward_nginx_test.go
@ -23,7 +23,7 @@ func TestForwardHandleNginx_Single_Blank(t *testing.T) {
 func TestForwardHandleNginx_Single_Skip(t *testing.T) {
 	a := newTestApplication()
 	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
-	req.Header.Set("X-Original-URI", "http://test.goauthentik.io/skip")
+	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/skip")

 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
@ -34,7 +34,7 @@ func TestForwardHandleNginx_Single_Skip(t *testing.T) {
 func TestForwardHandleNginx_Single_Headers(t *testing.T) {
 	a := newTestApplication()
 	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
-	req.Header.Set("X-Original-URI", "http://test.goauthentik.io/app")
+	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")

 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
@ -110,7 +110,7 @@ func TestForwardHandleNginx_Domain_Header(t *testing.T) {
 	a.proxyConfig.CookieDomain = api.PtrString("foo")
 	a.proxyConfig.ExternalHost = "http://auth.test.goauthentik.io"
 	req, _ := http.NewRequest("GET", "/akprox/auth/nginx", nil)
-	req.Header.Set("X-Original-URI", "http://test.goauthentik.io/app")
+	req.Header.Set("X-Original-URL", "http://test.goauthentik.io/app")

 	rr := httptest.NewRecorder()
 	a.forwardHandleNginx(rr, req)
--- a/website/docs/providers/proxy/_nginx_ingress.md
+++ b/website/docs/providers/proxy/_nginx_ingress.md
@ -32,5 +32,5 @@ metadata:
    nginx.ingress.kubernetes.io/auth-response-headers: |
      Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
    nginx.ingress.kubernetes.io/auth-snippet: |
-       proxy_set_header X-Forwarded-Host $http_host;
+       proxy_set_header Host $http_host;
 ```
--- a/website/docs/providers/proxy/_nginx_proxy_manager.md
+++ b/website/docs/providers/proxy/_nginx_proxy_manager.md
@ -6,8 +6,6 @@ For Nginx Proxy Manager you can use this snippet
 # header from upstream' error when trying to access an application protected by goauthentik
 proxy_buffers 8 16k;
 proxy_buffer_size 32k;
-fastcgi_buffers 16 16k;
-fastcgi_buffer_size 32k;

 location / {
    # Put your proxy_pass to your application here
@ -16,6 +14,8 @@ location / {
    # authentik-specific config
    auth_request        /akprox/auth/nginx;
    error_page          401 = @akprox_signin;
+    auth_request_set $auth_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $auth_cookie;

    # translate headers from the outposts back to the actual upstream
    auth_request_set $authentik_username $upstream_http_x_authentik_username;
@ -37,6 +37,7 @@ location /akprox {
    # ensure the host of this vserver matches your external URL you've configured
    # in authentik
    proxy_set_header    Host $host;
+    proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
    add_header          Set-Cookie $auth_cookie;
    auth_request_set    $auth_cookie $upstream_http_set_cookie;
 }
--- a/website/docs/providers/proxy/_nginx_standalone.md
+++ b/website/docs/providers/proxy/_nginx_standalone.md
@ -13,8 +13,6 @@ server {
    # header from upstream' error when trying to access an application protected by goauthentik
    proxy_buffers 8 16k;
    proxy_buffer_size 32k;
-    fastcgi_buffers 16 16k;
-    fastcgi_buffer_size 32k;

    location / {
        # Put your proxy_pass to your application here
@ -25,6 +23,8 @@ server {
        error_page          401 = @akprox_signin;
        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
        # error_page          401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header Set-Cookie $auth_cookie;

        # translate headers from the outposts back to the actual upstream
        auth_request_set $authentik_username $upstream_http_x_authentik_username;
@ -46,6 +46,7 @@ server {
        # ensure the host of this vserver matches your external URL you've configured
        # in authentik
        proxy_set_header    Host $host;
+        proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
        add_header          Set-Cookie $auth_cookie;
        auth_request_set    $auth_cookie $upstream_http_set_cookie;
    }