I am very close setting up my auth module. Here is the config. My issue is I cannot pass $query to an external site without using resolver 8.8.8.8 and if I do that then I cannot get redirected after authentication, I receive a 404. Can someone help?

server {
listen 8080 ssl;
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;


location / {
auth_request /auth;

auth_request_set $auth_status $upstream_status;


proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "Basic *****************"; # base64-encoded username:password to pass in header
proxy_pass https://172.16.1.221:2101; L
}

location = /auth {
internal;
# proxy_ssl_verify off;
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
resolver 8.8.8.8;
proxy_pass https://externalwebsite/auth.php?$query;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# proxy_set_header X-Original-URI $request_uri;
}

error_page 401 = @error401;

# If the user is not logged in, redirect them to Vouch's login URL
location @error401 {
return 302 https://192.168.1.221:3000;
}
}