diff --git a/hosts/web-01.cloonar.com/modules/web/typo3.nix b/hosts/web-01.cloonar.com/modules/web/typo3.nix index 498d1f0..e564382 100644 --- a/hosts/web-01.cloonar.com/modules/web/typo3.nix +++ b/hosts/web-01.cloonar.com/modules/web/typo3.nix @@ -233,44 +233,44 @@ in } ''; - locations."/typo3/login" = { - extraConfig = '' - # Basic Authelia Config - # Send a subsequent request to Authelia to verify if the user is authenticated - # and has the right permissions to access the resource. - auth_request /authelia; - # Set the `target_url` variable based on the request. It will be used to build the portal - # URL with the correct redirection parameter. - auth_request_set $target_url $scheme://$http_host$request_uri; - # Set the X-Forwarded-User and X-Forwarded-Groups with the headers - # returned by Authelia for the backends which can consume them. - # This is not safe, as the backend must make sure that they come from the - # proxy. In the future, it's gonna be safe to just use OAuth. - auth_request_set $user $upstream_http_remote_user; - auth_request_set $groups $upstream_http_remote_groups; - auth_request_set $name $upstream_http_remote_name; - auth_request_set $email $upstream_http_remote_email; - proxy_set_header Remote-User $user; - proxy_set_header Remote-Groups $groups; - proxy_set_header Remote-Name $name; - proxy_set_header Remote-Email $email; - # If Authelia returns 401, then nginx redirects the user to the login portal. - # If it returns 200, then the request pass through to the backend. - # For other type of errors, nginx will handle them as usual. - error_page 401 =302 https://auth.cloonar.com/?rd=$target_url; - - fastcgi_param REMOTE_USER $user; - - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_buffer_size 32k; - fastcgi_buffers 8 16k; - fastcgi_connect_timeout 240s; - fastcgi_read_timeout 240s; - fastcgi_send_timeout 240s; - fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket}; - fastcgi_param SCRIPT_FILENAME ${cfg.dataDir}/${domain}/public/typo3/index.php; - ''; - }; + # locations."/typo3/login" = { + # extraConfig = '' + # # Basic Authelia Config + # # Send a subsequent request to Authelia to verify if the user is authenticated + # # and has the right permissions to access the resource. + # auth_request /authelia; + # # Set the `target_url` variable based on the request. It will be used to build the portal + # # URL with the correct redirection parameter. + # auth_request_set $target_url $scheme://$http_host$request_uri; + # # Set the X-Forwarded-User and X-Forwarded-Groups with the headers + # # returned by Authelia for the backends which can consume them. + # # This is not safe, as the backend must make sure that they come from the + # # proxy. In the future, it's gonna be safe to just use OAuth. + # auth_request_set $user $upstream_http_remote_user; + # auth_request_set $groups $upstream_http_remote_groups; + # auth_request_set $name $upstream_http_remote_name; + # auth_request_set $email $upstream_http_remote_email; + # proxy_set_header Remote-User $user; + # proxy_set_header Remote-Groups $groups; + # proxy_set_header Remote-Name $name; + # proxy_set_header Remote-Email $email; + # # If Authelia returns 401, then nginx redirects the user to the login portal. + # # If it returns 200, then the request pass through to the backend. + # # For other type of errors, nginx will handle them as usual. + # error_page 401 =302 https://auth.cloonar.com/?rd=$target_url; + # + # fastcgi_param REMOTE_USER $user; + # + # include ${pkgs.nginx}/conf/fastcgi.conf; + # fastcgi_buffer_size 32k; + # fastcgi_buffers 8 16k; + # fastcgi_connect_timeout 240s; + # fastcgi_read_timeout 240s; + # fastcgi_send_timeout 240s; + # fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket}; + # fastcgi_param SCRIPT_FILENAME ${cfg.dataDir}/${domain}/public/typo3/index.php; + # ''; + # }; locations."/favicon.ico".extraConfig = '' log_not_found off;