fix: fix x-forwarded-proto borked by authentik
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s

This commit is contained in:
Xavier Morel
2026-03-26 22:14:37 +01:00
parent aea12b3bda
commit 1fe2817294
3 changed files with 23 additions and 6 deletions
+3 -3
View File
@@ -25,9 +25,9 @@ in
DB_DATABASE = name;
DB_USERNAME = name;
DB_PASSWORD = config.my-lxc.finances.db.password;
# AUTHENTICATION_GUARD = "remote_user_guard";
# AUTHENTICATION_GUARD_HEADER = "HTTP_X_AUTHENTIK_EMAIL";
# AUTHENTICATION_GUARD_EMAIL = "HTTP_X_AUTHENTIK_EMAIL";
AUTHENTICATION_GUARD = "remote_user_guard";
AUTHENTICATION_GUARD_HEADER = "HTTP_X_AUTHENTIK_EMAIL";
AUTHENTICATION_GUARD_EMAIL = "HTTP_X_AUTHENTIK_EMAIL";
APP_URL = "https://${tools.build_hostname "finances"}";
APP_KEY_FILE = "/etc/firefly-iii/app.key";
TRUSTED_PROXIES = tools.build_ip "proxy";
+19 -2
View File
@@ -175,6 +175,10 @@ in
"Remote-Name"
];
};
fix-headers.headers.customRequestHeaders = {
X-Forwarded-Proto = "https";
X-Forwarded-Ssl = "on";
};
matrix-wellknown-mw = {
plugin = {
staticResponse = {
@@ -204,7 +208,13 @@ in
);
service = "${d.subdomain}-service";
entryPoints = [ "websecure" ];
middlewares = if (d.auth) then [ "authentik" ] else [ ];
middlewares =
if (d.auth) then
[
"authentik"
]
else
[ ];
tls.certResolver = "letsencrypt";
};
}
@@ -215,7 +225,14 @@ in
rule = "Host(`${ct}${dmn}`) " + (if (def.private == true) then internal else "");
service = "${ct}-service";
entryPoints = [ "websecure" ];
middlewares = if (def.auth) then [ "authentik" ] else [ ];
middlewares =
if (def.auth) then
[
"authentik"
"fix-headers"
]
else
[ ];
tls.certResolver = "letsencrypt";
};
})
+1 -1
View File
@@ -36,6 +36,6 @@ in
password = db_pass.finances;
};
private = true;
auth = false;
auth = true;
};
}