Advertisement
SilvanM

Untitled

Oct 22nd, 2022
1,690
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
  2.  
  3. server {
  4.     listen 443 ssl;
  5.     listen [::]:443 ssl;
  6.  
  7.     server_name REDACTED;
  8.  
  9.     include /config/nginx/ssl.conf;
  10.  
  11.     client_max_body_size 0;
  12.  
  13.     # enable for ldap auth, fill in ldap details in ldap.conf
  14.    #include /config/nginx/ldap.conf;
  15.  
  16.     # enable for Authelia
  17.    # include /config/nginx/authelia-server.conf;
  18.  
  19.     location / {
  20.        # enable the next two lines for http auth
  21.        #auth_basic "Restricted";
  22.        #auth_basic_user_file /config/nginx/.htpasswd;
  23.  
  24.         # enable the next two lines for ldap auth
  25.        #auth_request /auth;
  26.        #error_page 401 =200 /ldaplogin;
  27.  
  28.         # enable for Authelia
  29.        # include /config/nginx/authelia-location.conf;
  30.  
  31.         include /config/nginx/proxy.conf;
  32.         resolver 127.0.0.11 valid=30s;
  33.         set $upstream_app radarr;
  34.         set $upstream_port 7878;
  35.         set $upstream_proto http;
  36.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  37.  
  38.         proxy_set_header Upgrade $http_upgrade;
  39.         proxy_set_header Connection $http_connection;# authentik-specific config
  40.  
  41.         # authentik-specific config
  42.         auth_request        /outpost.goauthentik.io/auth/nginx;
  43.         error_page          401 = @goauthentik_proxy_signin;
  44.         auth_request_set $auth_cookie $upstream_http_set_cookie;
  45.         add_header Set-Cookie $auth_cookie;
  46.  
  47.         # translate headers from the outposts back to the actual upstream
  48.         auth_request_set $authentik_username $upstream_http_x_authentik_username;
  49.         auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
  50.         auth_request_set $authentik_email $upstream_http_x_authentik_email;
  51.         auth_request_set $authentik_name $upstream_http_x_authentik_name;
  52.         auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
  53.  
  54.         proxy_set_header X-authentik-username $authentik_username;
  55.         proxy_set_header X-authentik-groups $authentik_groups;
  56.         proxy_set_header X-authentik-email $authentik_email;
  57.         proxy_set_header X-authentik-name $authentik_name;
  58.         proxy_set_header X-authentik-uid $authentik_uid;
  59.     }
  60.  
  61.     # all requests to /outpost.goauthentik.io must be accessible without authentication
  62.     location /outpost.goauthentik.io {
  63.         proxy_pass          http://authentik:9000/outpost.goauthentik.io;
  64.        # ensure the host of this vserver matches your external URL you've configured
  65.        # in authentik
  66.         proxy_set_header    Host
  67.         proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
  68.         add_header          Set-Cookie $auth_cookie;
  69.         auth_request_set    $auth_cookie $upstream_http_set_cookie;
  70.     }
  71.  
  72.     # Special location for when the /auth endpoint returns a 401,
  73.    # redirect to the /start URL which initiates SSO
  74.     location @goauthentik_proxy_signin {
  75.         internal;
  76.         add_header Set-Cookie $auth_cookie;
  77.         return 302 /outpost.goauthentik.io/start?rd=$request_uri;
  78.        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
  79.        # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
  80.     }
  81.  
  82.     location ~ (/radarr)?/api {
  83.         include /config/nginx/proxy.conf;
  84.         resolver 127.0.0.11 valid=30s;
  85.         set $upstream_app radarr;
  86.         set $upstream_port 7878;
  87.         set $upstream_proto http;
  88.         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
  89.  
  90.         proxy_set_header Upgrade $http_upgrade;
  91.         proxy_set_header Connection $http_connection;
  92.     }
  93. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement