fix: fix x-forwarded-proto borked by authentik
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 4s
This commit is contained in:
@@ -25,9 +25,9 @@ in
|
|||||||
DB_DATABASE = name;
|
DB_DATABASE = name;
|
||||||
DB_USERNAME = name;
|
DB_USERNAME = name;
|
||||||
DB_PASSWORD = config.my-lxc.finances.db.password;
|
DB_PASSWORD = config.my-lxc.finances.db.password;
|
||||||
# AUTHENTICATION_GUARD = "remote_user_guard";
|
AUTHENTICATION_GUARD = "remote_user_guard";
|
||||||
# AUTHENTICATION_GUARD_HEADER = "HTTP_X_AUTHENTIK_EMAIL";
|
AUTHENTICATION_GUARD_HEADER = "HTTP_X_AUTHENTIK_EMAIL";
|
||||||
# AUTHENTICATION_GUARD_EMAIL = "HTTP_X_AUTHENTIK_EMAIL";
|
AUTHENTICATION_GUARD_EMAIL = "HTTP_X_AUTHENTIK_EMAIL";
|
||||||
APP_URL = "https://${tools.build_hostname "finances"}";
|
APP_URL = "https://${tools.build_hostname "finances"}";
|
||||||
APP_KEY_FILE = "/etc/firefly-iii/app.key";
|
APP_KEY_FILE = "/etc/firefly-iii/app.key";
|
||||||
TRUSTED_PROXIES = tools.build_ip "proxy";
|
TRUSTED_PROXIES = tools.build_ip "proxy";
|
||||||
|
|||||||
@@ -175,6 +175,10 @@ in
|
|||||||
"Remote-Name"
|
"Remote-Name"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
fix-headers.headers.customRequestHeaders = {
|
||||||
|
X-Forwarded-Proto = "https";
|
||||||
|
X-Forwarded-Ssl = "on";
|
||||||
|
};
|
||||||
matrix-wellknown-mw = {
|
matrix-wellknown-mw = {
|
||||||
plugin = {
|
plugin = {
|
||||||
staticResponse = {
|
staticResponse = {
|
||||||
@@ -204,7 +208,13 @@ in
|
|||||||
);
|
);
|
||||||
service = "${d.subdomain}-service";
|
service = "${d.subdomain}-service";
|
||||||
entryPoints = [ "websecure" ];
|
entryPoints = [ "websecure" ];
|
||||||
middlewares = if (d.auth) then [ "authentik" ] else [ ];
|
middlewares =
|
||||||
|
if (d.auth) then
|
||||||
|
[
|
||||||
|
"authentik"
|
||||||
|
]
|
||||||
|
else
|
||||||
|
[ ];
|
||||||
tls.certResolver = "letsencrypt";
|
tls.certResolver = "letsencrypt";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -215,7 +225,14 @@ in
|
|||||||
rule = "Host(`${ct}${dmn}`) " + (if (def.private == true) then internal else "");
|
rule = "Host(`${ct}${dmn}`) " + (if (def.private == true) then internal else "");
|
||||||
service = "${ct}-service";
|
service = "${ct}-service";
|
||||||
entryPoints = [ "websecure" ];
|
entryPoints = [ "websecure" ];
|
||||||
middlewares = if (def.auth) then [ "authentik" ] else [ ];
|
middlewares =
|
||||||
|
if (def.auth) then
|
||||||
|
[
|
||||||
|
"authentik"
|
||||||
|
"fix-headers"
|
||||||
|
]
|
||||||
|
else
|
||||||
|
[ ];
|
||||||
tls.certResolver = "letsencrypt";
|
tls.certResolver = "letsencrypt";
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -36,6 +36,6 @@ in
|
|||||||
password = db_pass.finances;
|
password = db_pass.finances;
|
||||||
};
|
};
|
||||||
private = true;
|
private = true;
|
||||||
auth = false;
|
auth = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user