diff options
author | K900 <me@0upti.me> | 2024-05-24 10:48:07 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-24 10:48:07 +0300 |
commit | 69aa70cddf9d8c7b535c0f456a5574f5e85c4271 (patch) | |
tree | b3e6dbc9f9ccfd6334f38758f10969d234b62cf8 /nixos | |
parent | 1478fde15ff8950d7bca60f1a0d2a857baad55fb (diff) | |
parent | f221b4f5f5ab5d8608df03ba5566c717a2bb4f57 (diff) |
Merge pull request #307766 from SuperSandro2000/oauth2-proxy-fix-headers
nixos/oauth2_proxy_nginx: fix proxy_set_header
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/security/oauth2-proxy-nginx.nix | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/nixos/modules/services/security/oauth2-proxy-nginx.nix b/nixos/modules/services/security/oauth2-proxy-nginx.nix index 07192e7287b05..44bf56233e95e 100644 --- a/nixos/modules/services/security/oauth2-proxy-nginx.nix +++ b/nixos/modules/services/security/oauth2-proxy-nginx.nix @@ -83,6 +83,15 @@ in } ++ (lib.mapAttrsToList (vhost: conf: { virtualHosts.${vhost} = { locations = { + "/".extraConfig = '' + # pass information via X-User and X-Email headers to backend, requires running with --set-xauthrequest flag + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + add_header Set-Cookie $auth_cookie; + ''; + "/oauth2/auth" = let maybeQueryArg = name: value: if value == null then null @@ -102,6 +111,7 @@ in proxy_pass_request_body off; ''; }; + "@redirectToAuth2ProxyLogin" = { return = "307 https://${cfg.domain}/oauth2/start?rd=$scheme://$host$request_uri"; extraConfig = '' @@ -114,16 +124,10 @@ in auth_request /oauth2/auth; error_page 401 = @redirectToAuth2ProxyLogin; - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag + # set variables being used in locations."/".extraConfig auth_request_set $user $upstream_http_x_auth_request_user; auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - - # if you enabled --cookie-refresh, this is needed for it to work with auth_request auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; ''; }; }) cfg.virtualHosts))); |