dynamically redirect auth_request

Dave Macias davama at gmail.com
Tue Sep 19 15:06:44 UTC 2023


Hope you are doing well.
We currently use Authelia to authenticate users but want to add a redundant
Authelia server so that users can continue to access the content.

Put simply our current nginx config is:

server {
  location / {
    auth_request /authelia;
    error_page 401 =302 https://authelia1.domain.net/?rd=$target_url
  set upstream_authelia https://authelia1.domain.net/api/verify
  location /authelia {
    proxy_pass $upstream_authelia;

Things I have tried:

With lua-resty-upstream-healthcheck
<https://github.com/openresty/lua-resty-upstream-healthcheck> and the below

upstream authelia_cluster {
    server authelia1.domain.net:443;
    server authelia2.domain:443 backup;
    keepalive 60;

With this I am able to dynamically render content based on the available
upstream authelia server but cannot translate that to authentication with

location /test {
  proxy_pass https://authelia_cluster/metrics;

My guess as to most simplest solution is to dynamically set the
upstream_authelia variable and the error_page setting based on
the available upstream authelia_cluster server but I am not sure how.

Any input is much appreciated!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230919/89885002/attachment.htm>

More information about the nginx mailing list