Merge pull request #467 from linuxserver/authelia-auth-endpoints

another authelia auth endpoint adjustment
linuxserver · Mar 17, 2024 · 13ede8e · 13ede8e
2 parents a00d272 + a9391d0
commit 13ede8e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample
@@ -1,4 +1,4 @@
-## Version 2024/03/14 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
+## Version 2024/03/16 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample
 # Make sure that your authelia container is in the same user defined bridge network and is named authelia
 # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf
 # For authelia 4.37 and below, make sure that the authelia configuration.yml has 'path: "authelia"' defined
@@ -7,14 +7,32 @@
 # location for authelia subfolder requests
 location ^~ /authelia {
     auth_request off; # requests to this subfolder must be accessible without authentication
+
+    include /config/nginx/proxy.conf;
+    include /config/nginx/resolver.conf;
+    set $upstream_authelia authelia;
+    proxy_pass http://$upstream_authelia:9091;
+}
+
+# location for authelia 4.37 and below auth requests
+location = /authelia/api/verify {
+    internal;
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authelia authelia;
     proxy_pass http://$upstream_authelia:9091;
+
+    ## Include the Set-Cookie header if present
+    auth_request_set $set_cookie $upstream_http_set_cookie;
+    add_header Set-Cookie $set_cookie;
+
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
 }
 
-# location for authelia auth requests
-location ~ /authelia/api/(authz/auth-request|verify) {
+# location for authelia 4.38 and above auth requests
+location = /authelia/api/authz/auth-request {
     internal;
 
     include /config/nginx/proxy.conf;

diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample
@@ -5,6 +5,7 @@
 # location for authentik subfolder requests
 location ^~ /outpost.goauthentik.io {
     auth_request off; # requests to this subfolder must be accessible without authentication
+
     include /config/nginx/proxy.conf;
     include /config/nginx/resolver.conf;
     set $upstream_authentik authentik-server;