September 19, 2023 11:08AM
Hello,

Hope you are doing well.
We currently use Authelia to authenticate users but want to add a redundant
Authelia server so that users can continue to access the content.

Put simply our current nginx config is:

server {
location / {
auth_request /authelia;
error_page 401 =302 https://authelia1.domain.net/?rd=$target_url
https://authelia_cluster/?rd=$%7BDOLLAR%7Dtarget_url;
}
set upstream_authelia https://authelia1.domain.net/api/verify
https://authealia1.domain.net/api/verify;
location /authelia {
internal;
proxy_pass $upstream_authelia;
}
}

Things I have tried:

With lua-resty-upstream-healthcheck
https://github.com/openresty/lua-resty-upstream-healthcheck and the below
upstream:

upstream authelia_cluster {
least_conn;
server authelia1.domain.net:443;
server authelia2.domain:443 backup;
keepalive 60;
}

With this I am able to dynamically render content based on the available
upstream authelia server but cannot translate that to authentication with
`auth_request`.

location /test {
proxy_pass https://authelia_cluster/metrics;
}

My guess as to most simplest solution is to dynamically set the
upstream_authelia variable and the error_page setting based on
the available upstream authelia_cluster server but I am not sure how.

Any input is much appreciated!

Best,
Dave
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

dynamically redirect auth_request

davama September 19, 2023 11:08AM

Re: dynamically redirect auth_request

davama September 19, 2023 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 88
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready