API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 14th, 2025
12
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.91 KB | None | 0 0
raw download clone embed print report
  1. # Increase buffer size for large headers
  2. # This is needed only if you get 'upstream sent too big header while reading response
  3. # header from upstream' error when trying to access an application protected by goauthentik
  4. proxy_buffers 8 16k;
  5. proxy_buffer_size 32k;
  6.  
  7. # Make sure not to redirect traffic to a port 4443
  8. port_in_redirect off;
  9.  
  10. location / {
  11. # Put your proxy_pass to your application here
  12. proxy_pass $forward_scheme://$server:$port;
  13. proxy_set_header X-Forwarded-Proto $scheme;
  14. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  15. proxy_set_header Host $host;
  16. proxy_set_header X-Real-IP $remote_addr;
  17. proxy_set_header Upgrade $http_upgrade;
  18. proxy_set_header Connection "upgrade";
  19. proxy_http_version 1.1;
  20.  
  21. ##############################
  22. # authentik-specific config
  23. ##############################
  24. auth_request /outpost.goauthentik.io/auth/nginx;
  25. error_page 401 = @goauthentik_proxy_signin;
  26. auth_request_set $auth_cookie $upstream_http_set_cookie;
  27. add_header Set-Cookie $auth_cookie;
  28.  
  29. # translate headers from the outposts back to the actual upstream
  30. auth_request_set $authentik_username $upstream_http_x_authentik_username;
  31. auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
  32. auth_request_set $authentik_email $upstream_http_x_authentik_email;
  33. auth_request_set $authentik_name $upstream_http_x_authentik_name;
  34. auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
  35.  
  36. proxy_set_header X-authentik-username $authentik_username;
  37. proxy_set_header X-authentik-groups $authentik_groups;
  38. proxy_set_header X-authentik-email $authentik_email;
  39. proxy_set_header X-authentik-name $authentik_name;
  40. proxy_set_header X-authentik-uid $authentik_uid;
  41. }
  42.  
  43. # all requests to /outpost.goauthentik.io must be accessible without authentication
  44. location /outpost.goauthentik.io {
  45. proxy_pass http://192.168.0.101:9000/outpost.goauthentik.io;
  46. # ensure the host of this vserver matches your external URL you've configured
  47. # in authentik
  48. proxy_set_header Host $host;
  49. proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
  50. add_header Set-Cookie $auth_cookie;
  51. auth_request_set $auth_cookie $upstream_http_set_cookie;
  52. proxy_pass_request_body off;
  53. proxy_set_header Content-Length "";
  54. }
  55.  
  56. # Special location for when the /auth endpoint returns a 401,
  57. # redirect to the /start URL which initiates SSO
  58. location @goauthentik_proxy_signin {
  59. internal;
  60. add_header Set-Cookie $auth_cookie;
  61. return 302 /outpost.goauthentik.io/start?rd=$request_uri;
  62. # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
  63. # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
  64. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!