authelia/example/compose/nginx/minimal/nginx.conf

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    server {
        listen 443 ssl;
        server_name     login.example.com;

        resolver 127.0.0.11 ipv6=off;
        set $upstream_endpoint http://authelia:8080;

        ssl on;
        ssl_certificate     /etc/ssl/server.crt;
        ssl_certificate_key /etc/ssl/server.key;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Frame-Options "SAMEORIGIN";

        location / {
            proxy_set_header  Host $http_host;
            proxy_set_header  X-Original-URI $request_uri;
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header  X-Forwarded-Proto $scheme;
            proxy_intercept_errors on;

            proxy_pass        $upstream_endpoint;

            if ($request_method !~ ^(POST)$){
              error_page 401 = /error/401;
              error_page 403 = /error/403;
              error_page 404 = /error/404;
            }
        }
    }

    server {
        listen 443 ssl;
        server_name     home.example.com;

        resolver 127.0.0.11 ipv6=off;
        set $upstream_endpoint http://nginx-backend;

        root /usr/share/nginx/html/home;

        ssl on;
        ssl_certificate     /etc/ssl/server.crt;
        ssl_certificate_key /etc/ssl/server.key;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Frame-Options "SAMEORIGIN";
    }

    server {
        listen 443 ssl; 
        server_name     admin.example.com;

        root /usr/share/nginx/html/admin;

        resolver 127.0.0.11 ipv6=off;
        set $upstream_verify http://authelia:8080/api/verify;

        ssl on;
        ssl_certificate     /etc/ssl/server.crt;
        ssl_certificate_key /etc/ssl/server.key;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Frame-Options "SAMEORIGIN";

        location /auth_verify {
            internal;
            proxy_set_header            Host $http_host;

            proxy_set_header            X-Original-URI $request_uri;
            proxy_set_header            X-Original-URL $scheme://$http_host$request_uri;
            proxy_set_header            X-Real-IP $remote_addr;
            proxy_set_header            X-Forwarded-Proto $scheme;

            proxy_pass_request_body     off;
            proxy_set_header            Content-Length "";

            proxy_pass        $upstream_verify;
        }

        location / {
            auth_request /auth_verify;

            auth_request_set $redirect $upstream_http_redirect;
            auth_request_set $user $upstream_http_remote_user;
            auth_request_set $groups $upstream_http_remote_groups;

            error_page 401 =302 https://login.example.com:8080?rd=$redirect;
            error_page 403 = https://login.example.com:8080/error/403;
        }
    }
}
Add tests for minimal configuration 2018-08-09 20:24:02 +00:00			`worker_processes 1;`

			`events {`
			`worker_connections 1024;`
			`}`

			`http {`
			`server {`
			`listen 443 ssl;`
			`server_name login.example.com;`

			`resolver 127.0.0.11 ipv6=off;`
			`set $upstream_endpoint http://authelia:8080;`

			`ssl on;`
			`ssl_certificate /etc/ssl/server.crt;`
			`ssl_certificate_key /etc/ssl/server.key;`

			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
			`add_header X-Frame-Options "SAMEORIGIN";`

			`location / {`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Original-URI $request_uri;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_intercept_errors on;`

			`proxy_pass $upstream_endpoint;`

			`if ($request_method !~ ^(POST)$){`
			`error_page 401 = /error/401;`
			`error_page 403 = /error/403;`
			`error_page 404 = /error/404;`
			`}`
			`}`
			`}`

			`server {`
			`listen 443 ssl;`
			`server_name home.example.com;`

			`resolver 127.0.0.11 ipv6=off;`
			`set $upstream_endpoint http://nginx-backend;`

			`root /usr/share/nginx/html/home;`

			`ssl on;`
			`ssl_certificate /etc/ssl/server.crt;`
			`ssl_certificate_key /etc/ssl/server.key;`

			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
			`add_header X-Frame-Options "SAMEORIGIN";`
			`}`

			`server {`
			`listen 443 ssl;`
			`server_name admin.example.com;`

			`root /usr/share/nginx/html/admin;`

			`resolver 127.0.0.11 ipv6=off;`
			`set $upstream_verify http://authelia:8080/api/verify;`

			`ssl on;`
			`ssl_certificate /etc/ssl/server.crt;`
			`ssl_certificate_key /etc/ssl/server.key;`

			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
			`add_header X-Frame-Options "SAMEORIGIN";`

			`location /auth_verify {`
			`internal;`
			`proxy_set_header Host $http_host;`

			`proxy_set_header X-Original-URI $request_uri;`
			`proxy_set_header X-Original-URL $scheme://$http_host$request_uri;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`

			`proxy_pass_request_body off;`
			`proxy_set_header Content-Length "";`

			`proxy_pass $upstream_verify;`
			`}`

			`location / {`
			`auth_request /auth_verify;`

			`auth_request_set $redirect $upstream_http_redirect;`
			`auth_request_set $user $upstream_http_remote_user;`
			`auth_request_set $groups $upstream_http_remote_groups;`

			`error_page 401 =302 https://login.example.com:8080?rd=$redirect;`
			`error_page 403 = https://login.example.com:8080/error/403;`
			`}`
			`}`
			`}`