chore: ⚰️ remove authelia 4.37 and below comments #554
Conversation
Signed-off-by: GitHub <[email protected]>
|
I am a bot, here is the pushed image/manifest for this PR:
|
Signed-off-by: GitHub <[email protected]>
Signed-off-by: GitHub <[email protected]>
|
Added new commit to set the Ref: https://www.authelia.com/integration/proxies/swag/#adjust-authelia-serverconf |
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
@drizuid Is this good to go? |
|
I am a bot, here is the pushed image/manifest for this PR:
|
Im on vacation and dont use our confs, it might be better to have someone that encountered an issue test or have those authelia guys (that we hope will provide support for the confs as-is) test; but i will give a visual on monday |
| @@ -62,11 +33,6 @@ location @authelia_proxy_signin { | |||
| ## Translate the Location response header from the auth subrequest into a variable | |||
| auth_request_set $signin_url $upstream_http_location; | |||
|
|
|||
There was a problem hiding this comment.
i think you need the below, at least I have this in mine
if ($signin_url = '') {
## Set the $signin_url variable
set $signin_url https://$upstream_authelia/authelia/auth-request;
}
https://www.authelia.com/reference/guides/proxy-authorization/#authrequest
and
https://www.authelia.com/blog/4.38-release-notes/
For example if your previous proxy configuration included http://authelia:9091/api/verify?rd=https://auth.example.com it now by default becomes http://authelia:9091/api/authz/forward-auth for Traefik / Caddy / HAProxy, by default becomes http://authelia:9091/api/authz/auth-request for NGINX based proxies, and by default becomes http://authelia:9091/api/authz/ext-authz for Envoy.
There was a problem hiding this comment.
This was removed because signin_url should always be set via header response from authelia in 4.38. If it somehow does not get set that would mean authelia didn't send it and the auth has failed in some way.
Having set $signin_url https://$upstream_authelia/authelia/auth-request; would need authelia configured to respond with the subpath /authelia, which we're removing comment instructions to configure since that seemed to be a complication with users trying to set up authelia.
There was a problem hiding this comment.
I do not have the subpath set and what I showed works fine (believe it listens on all paths, so likely I could remove the Authelia path and it'd still work, admittedly I made my config before the migration guide came out from them), we will definitely need to test because I'm pretty sure the 4.38 migration guide says it's needed(without the subpath )(I think I linked but I'm on mobile)
I'm in agreement that asking someone from the Authelia discord server is a good move. I have not tested these confs either. I'm currently not running any auth 😅 I do recall one user had made the adjustments I recommended but it was more ad-hoc and not that they had the fully modified files from this PR. I'll ping in their discord to ask if someone wouldn't mind testing and then replying here to let us know. |
Description:
Benefits of this PR and context:
How Has This Been Tested?
Source / References: