Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # make sure that your dns has a cname set for radarr and that your radarr container is not using a base url
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name REDACTED;
- include /config/nginx/ssl.conf;
- client_max_body_size 0;
- # enable for ldap auth, fill in ldap details in ldap.conf
- #include /config/nginx/ldap.conf;
- # enable for Authelia
- # include /config/nginx/authelia-server.conf;
- location / {
- # enable the next two lines for http auth
- #auth_basic "Restricted";
- #auth_basic_user_file /config/nginx/.htpasswd;
- # enable the next two lines for ldap auth
- #auth_request /auth;
- #error_page 401 =200 /ldaplogin;
- # enable for Authelia
- # include /config/nginx/authelia-location.conf;
- include /config/nginx/proxy.conf;
- resolver 127.0.0.11 valid=30s;
- set $upstream_app radarr;
- set $upstream_port 7878;
- set $upstream_proto http;
- proxy_pass $upstream_proto://$upstream_app:$upstream_port;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;# authentik-specific config
- # authentik-specific config
- auth_request /outpost.goauthentik.io/auth/nginx;
- error_page 401 = @goauthentik_proxy_signin;
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- add_header Set-Cookie $auth_cookie;
- # translate headers from the outposts back to the actual upstream
- auth_request_set $authentik_username $upstream_http_x_authentik_username;
- auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
- auth_request_set $authentik_email $upstream_http_x_authentik_email;
- auth_request_set $authentik_name $upstream_http_x_authentik_name;
- auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
- proxy_set_header X-authentik-username $authentik_username;
- proxy_set_header X-authentik-groups $authentik_groups;
- proxy_set_header X-authentik-email $authentik_email;
- proxy_set_header X-authentik-name $authentik_name;
- proxy_set_header X-authentik-uid $authentik_uid;
- }
- # all requests to /outpost.goauthentik.io must be accessible without authentication
- location /outpost.goauthentik.io {
- proxy_pass http://authentik:9000/outpost.goauthentik.io;
- # ensure the host of this vserver matches your external URL you've configured
- # in authentik
- proxy_set_header Host
- proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
- add_header Set-Cookie $auth_cookie;
- auth_request_set $auth_cookie $upstream_http_set_cookie;
- }
- # Special location for when the /auth endpoint returns a 401,
- # redirect to the /start URL which initiates SSO
- location @goauthentik_proxy_signin {
- internal;
- add_header Set-Cookie $auth_cookie;
- return 302 /outpost.goauthentik.io/start?rd=$request_uri;
- # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
- # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
- }
- location ~ (/radarr)?/api {
- include /config/nginx/proxy.conf;
- resolver 127.0.0.11 valid=30s;
- set $upstream_app radarr;
- set $upstream_port 7878;
- set $upstream_proto http;
- proxy_pass $upstream_proto://$upstream_app:$upstream_port;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement