refactor: move auth_request_set in nginx

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
refactor-nginx-header-location
James Elliott 2023-05-01 13:36:25 +10:00
parent 908ca811e6
commit c7cc70d6a8
No known key found for this signature in database
GPG Key ID: 0F1C4A096E857E49
1 changed files with 30 additions and 54 deletions

View File

@ -166,30 +166,6 @@ http {
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /internal/authelia/authz; auth_request /internal/authelia/authz;
## Save the upstream authorization response headers from Authelia to variables.
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
## Inject the authorization response headers from the variables into the request made to the backend.
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Name $name;
## Include the Set-Cookie header if present.
auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie;
## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method' ## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method'
## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url ## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url
## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily. ## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily.
@ -257,12 +233,6 @@ http {
proxy_read_timeout 240; proxy_read_timeout 240;
proxy_send_timeout 240; proxy_send_timeout 240;
proxy_connect_timeout 240; proxy_connect_timeout 240;
}
# Used by suites to test the forwarded users and groups headers produced by Authelia.
location /headers {
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /internal/authelia/authz;
## Save the upstream authorization response headers from Authelia to variables. ## Save the upstream authorization response headers from Authelia to variables.
auth_request_set $authorization $upstream_http_authorization; auth_request_set $authorization $upstream_http_authorization;
@ -287,6 +257,12 @@ http {
## Include the Set-Cookie header if present. ## Include the Set-Cookie header if present.
auth_request_set $cookie $upstream_http_set_cookie; auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie; add_header Set-Cookie $cookie;
}
# Used by suites to test the forwarded users and groups headers produced by Authelia.
location /headers {
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /internal/authelia/authz;
## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method' ## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method'
## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url ## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url
@ -333,30 +309,6 @@ http {
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource. ## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /internal/authelia/authz; auth_request /internal/authelia/authz;
## Save the upstream authorization response headers from Authelia to variables.
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
## Inject the authorization response headers from the variables into the request made to the backend.
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Name $name;
## Include the Set-Cookie header if present.
auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie;
## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method' ## Configure the redirection when the Authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method'
## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url ## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url
## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily. ## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily.
@ -417,6 +369,30 @@ http {
proxy_read_timeout 240; proxy_read_timeout 240;
proxy_send_timeout 240; proxy_send_timeout 240;
proxy_connect_timeout 240; proxy_connect_timeout 240;
## Save the upstream authorization response headers from Authelia to variables.
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;
## Inject the authorization response headers from the variables into the request made to the backend.
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Name $name;
## Include the Set-Cookie header if present.
auth_request_set $cookie $upstream_http_set_cookie;
add_header Set-Cookie $cookie;
} }
} }