35 lines
1.8 KiB
Bash
35 lines
1.8 KiB
Bash
HTTP_PORT=80
|
|
HTTPS_PORT=443
|
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
|
API_LISTEN_IP=127.0.0.1
|
|
MULTISITE=yes
|
|
# Replace with your domains
|
|
SERVER_NAME=auth.example.com app1.example.com app2.example.com
|
|
SERVE_FILES=no
|
|
DISABLE_DEFAULT_SERVER=yes
|
|
AUTO_LETS_ENCRYPT=yes
|
|
USE_CLIENT_CACHE=yes
|
|
USE_GZIP=yes
|
|
USE_REVERSE_PROXY=yes
|
|
# Proxy to auth_request URI
|
|
REVERSE_PROXY_URL_999=/authelia
|
|
REVERSE_PROXY_HOST_999=http://127.0.0.1:9091/api/verify
|
|
REVERSE_PROXY_HEADERS_999=X-Original-URL $scheme://$http_host$request_uri;Content-Length ""
|
|
# Authelia
|
|
auth.example.com_REVERSE_PROXY_URL=/
|
|
auth.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:9091
|
|
auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
|
# Applications
|
|
app1.example.com_REVERSE_PROXY_URL=/
|
|
app1.example.com_REVERSE_PROXY_HOST=http://app1.example.com
|
|
app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri
|
|
app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email
|
|
app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email
|
|
app2.example.com_REVERSE_PROXY_URL=/
|
|
app2.example.com_REVERSE_PROXY_HOST=http://app2.example.com
|
|
app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
|
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$scheme%3A%2F%2F$host$request_uri
|
|
app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$user $upstream_http_remote_user;$groups $upstream_http_remote_groups;$name $upstream_http_remote_name;$email $upstream_http_remote_email
|
|
app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $user;Remote-Groups $groups;Remote-Name $name;Remote-Email $email
|