everything is a nail

patch authelia config to resolve redirect errors by squishing auth and proxies onto same host config not working with hosted docs (plan to add nginx img)
zacharlie · Mar 21, 2022 · 88190be · 88190be
1 parent f28a14c
commit 88190be
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 49 deletions.
diff --git a/config/authelia/configuration.yml b/config/authelia/configuration.yml
@@ -4,7 +4,7 @@
 ###############################################################
 
 jwt_secret: a_very_important_secret
-default_redirection_url: https://auth.dev.local
+default_redirection_url: https://127.0.0.1/home
 
 server:
   host: 0.0.0.0
@@ -28,10 +28,10 @@ authentication_backend:
     path: /config/users_database.yml
 
 access_control:
-  default_policy: deny
-  rules:
-    - domain: dev.local
-      policy: one_factor
+  default_policy: one_factor
+  # rules:
+  #   - domain: dev.local
+  #     policy: one_factor
   #   # Rules applied to everyone
   #   - domain: public.example.com
   #     policy: bypass
@@ -46,7 +46,7 @@ session:
   secret: unsecure_session_secret
   expiration: 3600  # 1 hour
   inactivity: 300  # 5 minutes
-  domain: dev.local  # Should match whatever your root protected domain is
+  domain: 127.0.0.1  # Should match whatever your root protected domain is
 
   # redis:
   #   host: redis

diff --git a/config/nginx/sites-enabled/includes/auth.conf b/config/nginx/sites-enabled/includes/auth.conf
@@ -1,4 +1,4 @@
-error_page 401 /auth-redirect?rd=$target_url;
+error_page 401 /?rd=$target_url;
 
 # auth_basic "Restricted Access";
 # auth_basic_user_file /etc/nginx/.htpasswd;

diff --git a/config/nginx/sites-enabled/nginx.conf b/config/nginx/sites-enabled/nginx.conf
@@ -55,8 +55,8 @@ server {
     # redirect to https
     listen 80;
     listen [::]:80;
-    server_name dev.local;
-    return 301 https://$server_name$request_uri;
+    # server_name _;
+    return 301 https://$host$request_uri;
 }
 
 server {
@@ -68,9 +68,8 @@ server {
     error_log /dev/stdout info;
     access_log /dev/stdout;
 
-    server_name dev.local;
-
-    root /usr/share/nginx/html/www;
+    # server_name _;
+    root /usr/share/nginx/html/www/web;
     index index.html;
 
     # default max upload size
@@ -85,14 +84,11 @@ server {
     fastcgi_read_timeout        300;
 
     location / {
-        try_files $uri $uri/ =404;
+        proxy_pass http://authelia;
+        include /etc/nginx/conf.d/includes/proxy.conf;
         include /etc/nginx/conf.d/includes/cors-settings.conf;
     }
 
-    location /auth {
-        return 301 https://auth.dev.local$request_uri;
-    }
-
     location /authelia {
         internal;
         proxy_pass_request_body off;
@@ -103,9 +99,25 @@ server {
         include /etc/nginx/conf.d/includes/cors-settings.conf;
     }
 
-    location /auth-redirect {
-        internal;
-        return 302 https://$host/auth/$is_args$args;
+    location /home/ {
+        try_files $uri $uri/ =404;
+        include /etc/nginx/conf.d/includes/proxy.conf;
+        include /etc/nginx/conf.d/includes/cors-settings.conf;
+        include /etc/nginx/conf.d/includes/auth.conf;
+    }
+
+    location /web/ {
+        try_files $uri $uri/ =404;
+        include /etc/nginx/conf.d/includes/proxy.conf;
+        include /etc/nginx/conf.d/includes/cors-settings.conf;
+        include /etc/nginx/conf.d/includes/auth.conf;
+    }
+
+    location /docs/ {
+        try_files $uri $uri/ =404;
+        include /etc/nginx/conf.d/includes/proxy.conf;
+        include /etc/nginx/conf.d/includes/cors-settings.conf;
+        include /etc/nginx/conf.d/includes/auth.conf;
     }
 
     location /swagger {
@@ -243,32 +255,3 @@ server {
         root /usr/share/nginx/html;
     }
 }
-
-server {
-    # redirect to https
-    listen 80;
-    listen [::]:80;
-    server_name auth.dev.local;
-    return 301 https://$server_name$request_uri;
-}
-
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-    include ssl/certificates.conf;
-    include ssl/ssl-params.conf;
-
-    error_log /dev/stdout info;
-    access_log /dev/stdout;
-
-    server_name auth.dev.local;
-
-    location / {
-        # if ($arg_rd !~* '^($host)$') {
-        #     rewrite ^ https://$host/$is_args&rd=$host/landing permanent;
-        # }
-        proxy_pass http://authelia;
-        include /etc/nginx/conf.d/includes/proxy.conf;
-        include /etc/nginx/conf.d/includes/cors-settings.conf;
-    }
-}