Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove typo3 sso

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-08-29 09:41:19 +02:00
parent 3e9de29a97
commit c607abcbf5
1 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
hosts/web-01.cloonar.com/modules/web/typo3.nix
View File

@@ -233,44 +233,44 @@ in
} }
''; '';
locations."/typo3/login" = { # locations."/typo3/login" = {
extraConfig = '' # extraConfig = ''
# Basic Authelia Config # # Basic Authelia Config
# Send a subsequent request to Authelia to verify if the user is authenticated # # Send a subsequent request to Authelia to verify if the user is authenticated
# and has the right permissions to access the resource. # # and has the right permissions to access the resource.
auth_request /authelia; # auth_request /authelia;
# Set the `target_url` variable based on the request. It will be used to build the portal # # Set the `target_url` variable based on the request. It will be used to build the portal
# URL with the correct redirection parameter. # # URL with the correct redirection parameter.
auth_request_set $target_url $scheme://$http_host$request_uri; # auth_request_set $target_url $scheme://$http_host$request_uri;
# Set the X-Forwarded-User and X-Forwarded-Groups with the headers # # Set the X-Forwarded-User and X-Forwarded-Groups with the headers
# returned by Authelia for the backends which can consume them. # # returned by Authelia for the backends which can consume them.
# This is not safe, as the backend must make sure that they come from the # # This is not safe, as the backend must make sure that they come from the
# proxy. In the future, it's gonna be safe to just use OAuth. # # proxy. In the future, it's gonna be safe to just use OAuth.
auth_request_set $user $upstream_http_remote_user; # auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups; # auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name; # auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email; # auth_request_set $email $upstream_http_remote_email;
proxy_set_header Remote-User $user; # proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups; # proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name; # proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email; # proxy_set_header Remote-Email $email;
# If Authelia returns 401, then nginx redirects the user to the login portal. # # If Authelia returns 401, then nginx redirects the user to the login portal.
# If it returns 200, then the request pass through to the backend. # # If it returns 200, then the request pass through to the backend.
# For other type of errors, nginx will handle them as usual. # # For other type of errors, nginx will handle them as usual.
error_page 401 =302 https://auth.cloonar.com/?rd=$target_url; # error_page 401 =302 https://auth.cloonar.com/?rd=$target_url;
#
fastcgi_param REMOTE_USER $user; # fastcgi_param REMOTE_USER $user;
#
include ${pkgs.nginx}/conf/fastcgi.conf; # include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_buffer_size 32k; # fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k; # fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s; # fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s; # fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s; # fastcgi_send_timeout 240s;
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket}; # fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
fastcgi_param SCRIPT_FILENAME ${cfg.dataDir}/${domain}/public/typo3/index.php; # fastcgi_param SCRIPT_FILENAME ${cfg.dataDir}/${domain}/public/typo3/index.php;
''; # '';
}; # };
locations."/favicon.ico".extraConfig = '' locations."/favicon.ico".extraConfig = ''
log_not_found off; log_not_found off;