2025-01-14 21:24:05 +00:00
|
|
|
{ ... }:
|
|
|
|
|
{
|
2025-01-21 00:16:31 +00:00
|
|
|
services.nginx.upstreams.authentik = {
|
2025-01-14 21:24:05 +00:00
|
|
|
servers = {
|
2025-01-21 00:16:31 +00:00
|
|
|
"10.89.88.11:9000" = { };
|
|
|
|
|
"[fd31:185d:722f::11]:9000" = { };
|
2025-01-14 21:24:05 +00:00
|
|
|
};
|
2025-01-21 00:16:31 +00:00
|
|
|
extraConfig = ''
|
|
|
|
|
keepalive 10;
|
|
|
|
|
'';
|
2025-01-14 21:24:05 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."auth.oxapentane.com" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/" = {
|
2025-01-21 00:16:31 +00:00
|
|
|
proxyPass = "http://authentik";
|
2025-01-14 21:24:05 +00:00
|
|
|
extraConfig = ''
|
2025-01-21 00:16:31 +00:00
|
|
|
# general proxy settings
|
|
|
|
|
proxy_connect_timeout 60s;
|
|
|
|
|
proxy_send_timeout 60s;
|
|
|
|
|
proxy_read_timeout 60s;
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
|
|
|
# authentik specifik
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection $connection_upgrade_keepalive;
|
2025-01-14 21:24:05 +00:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
