From 89e3042521a2b8883b7e61e45289572853415ac3 Mon Sep 17 00:00:00 2001
From: bokkoman <bokkoman@gmail.com>
Date: Wed, 8 Jun 2022 15:35:47 +0200
Subject: [PATCH] authentik_location.conf file

This is the /location for authentik.
---
 root/defaults/authentik_location.conf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 root/defaults/authentik_location.conf

diff --git a/root/defaults/authentik_location.conf b/root/defaults/authentik_location.conf
new file mode 100644
index 0000000..5db86e1
--- /dev/null
+++ b/root/defaults/authentik_location.conf
@@ -0,0 +1,24 @@
+    # all requests to /outpost.goauthentik.io must be accessible without authentication. Change proxy_pass if needed. This is the default container name.
+    location /outpost.goauthentik.io {
+        proxy_pass          http://authentik_server_1:9000/outpost.goauthentik.io;
+        # ensure the host of this vserver matches your external URL you've configured
+        # in authentik
+        proxy_set_header    Host $host;
+        proxy_set_header    X-Original-URL $scheme://$http_host$request_uri;
+        add_header          Set-Cookie $auth_cookie;
+        auth_request_set    $auth_cookie $upstream_http_set_cookie;
+
+        # required for POST requests to work
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+    }
+
+    # Special location for when the /auth endpoint returns a 401,
+    # redirect to the /start URL which initiates SSO
+    location @goauthentik_proxy_signin {
+        internal;
+        add_header Set-Cookie $auth_cookie;
+        # return 302 /outpost.goauthentik.io/start?rd=$request_uri;
+        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path. Change your domain to the subdomain for authentik.
+        return 302 https://authentik.domain.com/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
+    }