about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorK900 <me@0upti.me>2024-05-24 10:48:07 +0300
committerGitHub <noreply@github.com>2024-05-24 10:48:07 +0300
commit69aa70cddf9d8c7b535c0f456a5574f5e85c4271 (patch)
treeb3e6dbc9f9ccfd6334f38758f10969d234b62cf8 /nixos
parent1478fde15ff8950d7bca60f1a0d2a857baad55fb (diff)
parentf221b4f5f5ab5d8608df03ba5566c717a2bb4f57 (diff)
Merge pull request #307766 from SuperSandro2000/oauth2-proxy-fix-headers
nixos/oauth2_proxy_nginx: fix proxy_set_header
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/security/oauth2-proxy-nginx.nix18
1 files changed, 11 insertions, 7 deletions
diff --git a/nixos/modules/services/security/oauth2-proxy-nginx.nix b/nixos/modules/services/security/oauth2-proxy-nginx.nix
index 07192e7287b05..44bf56233e95e 100644
--- a/nixos/modules/services/security/oauth2-proxy-nginx.nix
+++ b/nixos/modules/services/security/oauth2-proxy-nginx.nix
@@ -83,6 +83,15 @@ in
   } ++ (lib.mapAttrsToList (vhost: conf: {
     virtualHosts.${vhost} = {
       locations = {
+        "/".extraConfig = ''
+          # pass information via X-User and X-Email headers to backend, requires running with --set-xauthrequest flag
+          proxy_set_header X-User  $user;
+          proxy_set_header X-Email $email;
+
+          # if you enabled --cookie-refresh, this is needed for it to work with auth_request
+          add_header Set-Cookie $auth_cookie;
+        '';
+
         "/oauth2/auth" = let
           maybeQueryArg = name: value:
             if value == null then null
@@ -102,6 +111,7 @@ in
             proxy_pass_request_body           off;
           '';
         };
+
         "@redirectToAuth2ProxyLogin" = {
           return = "307 https://${cfg.domain}/oauth2/start?rd=$scheme://$host$request_uri";
           extraConfig = ''
@@ -114,16 +124,10 @@ in
         auth_request /oauth2/auth;
         error_page 401 = @redirectToAuth2ProxyLogin;
 
-        # pass information via X-User and X-Email headers to backend,
-        # requires running with --set-xauthrequest flag
+        # set variables being used in locations."/".extraConfig
         auth_request_set $user   $upstream_http_x_auth_request_user;
         auth_request_set $email  $upstream_http_x_auth_request_email;
-        proxy_set_header X-User  $user;
-        proxy_set_header X-Email $email;
-
-        # if you enabled --cookie-refresh, this is needed for it to work with auth_request
         auth_request_set $auth_cookie $upstream_http_set_cookie;
-        add_header Set-Cookie $auth_cookie;
       '';
     };
   }) cfg.virtualHosts)));
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-01 08:09:02 +0000