RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: misc nginx fixes (#4153)

pull/4155/head
James Elliott 2022-10-09 12:48:42 +11:00 committed by GitHub
parent 644616d8b1
commit ef61acb3a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/content/en/integration/proxies/nginx-proxy-manager/index.md
View File

@ -208,7 +208,7 @@ Protected Application (Nextcloud) `Advanced` tab example:
{{< figure src="protectedapp.advanced.png" alt="Step 4" width="450" >}} {{< figure src="protectedapp.advanced.png" alt="Step 4" width="450" >}}
### Protected Application Custom Locations #### Protected Application Custom Locations
It's important to note if you define locations in the `Custom Locations` tab of a proxy host that they will not be It's important to note if you define locations in the `Custom Locations` tab of a proxy host that they will not be
checked with Authelia for authorization effectively bypassing the authorization policies you implement. If you want a checked with Authelia for authorization effectively bypassing the authorization policies you implement. If you want a

8
docs/content/en/integration/proxies/nginx.md
View File

@ -139,10 +139,10 @@ services:
Below you will find commented examples of the following configuration: Below you will find commented examples of the following configuration:
* [Authelia Portal](#authelia-portal) * [Authelia Portal](#standard-example)
* Running in Docker * Running in Docker
* Has the container name `authelia` * Has the container name `authelia`
* [Protected Endpoint (Nextcloud)](#protected-endpoint) * [Protected Endpoint (Nextcloud)](#standard-example)
* Running in Docker * Running in Docker
* Has the container name `nextcloud` * Has the container name `nextcloud`
* [Supporting Configuration Snippets](#supporting-configuration-snippets) * [Supporting Configuration Snippets](#supporting-configuration-snippets)
@ -168,6 +168,10 @@ This example is for using the __Authelia__ portal redirection flow on a specific
files exist in the `/config/nginx/snippets/` directory. The `/config/nginx/snippets/ssl.conf` snippet is expected to have files exist in the `/config/nginx/snippets/` directory. The `/config/nginx/snippets/ssl.conf` snippet is expected to have
the configuration for TLS or SSL but is not included as part of the examples. the configuration for TLS or SSL but is not included as part of the examples.
The directive `include /config/nginx/snippets/authelia-authrequest.conf;` within the `location` block is what directs
[NGINX] to perform authorization with Authelia. Every `location` block you wish for Authelia to perform authorization for
should include this directive.
{{< details "/config/nginx/site-confs/auth.conf (Authelia Portal)" >}} {{< details "/config/nginx/site-confs/auth.conf (Authelia Portal)" >}}
```nginx ```nginx
server { server {

13
docs/content/en/integration/proxies/swag.md
View File

@ -40,6 +40,19 @@ bootstrapping *Authelia*.
[SWAG] supports the required [NGINX](nginx.md#requirements) requirements for __Authelia__ out-of-the-box. [SWAG] supports the required [NGINX](nginx.md#requirements) requirements for __Authelia__ out-of-the-box.
### SWAG Caveat
One current caveat of the [SWAG] implementation is that it serves Authelia as a subpath for each domain. We
*__strongly recommend__* instead of using the out of the box method and guide for [SWAG] that you follow the
[NGINX](nginx.md) guide (which *can be used* with [SWAG]) and run Authelia as it's own subdomain.
This is partly because Webauthn requires that the domain is an exact match when registering and authenticating and it is
possible that due to web standards this will never change.
In addition this represents a bad user experience in some instances as users sometimes visit the
`https://app.example.com/auth` URL which doesn't automatically redirect the user to `https://app.example.com` (if they
visit `https://app.example.com` then they'll be redirected to authenticate then redirected back to their original URL).
## Trusted Proxies ## Trusted Proxies
*__Important:__ You should read the [Forwarded Headers] section and this section as part of any proxy configuration. *__Important:__ You should read the [Forwarded Headers] section and this section as part of any proxy configuration.