dynamically redirect auth_request
Dave Macias
davama at gmail.com
Tue Sep 19 15:06:44 UTC 2023
Hello,
Hope you are doing well.
We currently use Authelia to authenticate users but want to add a redundant
Authelia server so that users can continue to access the content.
Put simply our current nginx config is:
server {
location / {
auth_request /authelia;
error_page 401 =302 https://authelia1.domain.net/?rd=$target_url
<https://authelia_cluster/?rd=$%7BDOLLAR%7Dtarget_url>;
}
set upstream_authelia https://authelia1.domain.net/api/verify
<https://authealia1.domain.net/api/verify>;
location /authelia {
internal;
proxy_pass $upstream_authelia;
}
}
Things I have tried:
With lua-resty-upstream-healthcheck
<https://github.com/openresty/lua-resty-upstream-healthcheck> and the below
upstream:
upstream authelia_cluster {
least_conn;
server authelia1.domain.net:443;
server authelia2.domain:443 backup;
keepalive 60;
}
With this I am able to dynamically render content based on the available
upstream authelia server but cannot translate that to authentication with
`auth_request`.
location /test {
proxy_pass https://authelia_cluster/metrics;
}
My guess as to most simplest solution is to dynamically set the
upstream_authelia variable and the error_page setting based on
the available upstream authelia_cluster server but I am not sure how.
Any input is much appreciated!
Best,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230919/89885002/attachment.htm>
More information about the nginx
mailing list