50 lines
1.7 KiB
Plaintext
50 lines
1.7 KiB
Plaintext
server {
|
||
listen 443 ssl;
|
||
server_name issue.tlyq.ai;
|
||
|
||
ssl_certificate /etc/letsencrypt/live/www.tlyq.ai/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/www.tlyq.ai/privkey.pem;
|
||
|
||
# Authelia 认证端点(internal = 仅子请求可访问)
|
||
location /authelia-auth {
|
||
internal;
|
||
proxy_pass http://authelia:9091/api/authz/auth-request;
|
||
proxy_set_header Cookie $http_cookie;
|
||
proxy_set_header X-Original-Method $request_method;
|
||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header X-Forwarded-Host $http_host;
|
||
proxy_set_header X-Forwarded-URI $request_uri;
|
||
proxy_pass_request_body off;
|
||
proxy_set_header Content-Length "";
|
||
}
|
||
|
||
location / {
|
||
auth_request /authelia-auth;
|
||
|
||
auth_request_set $user $upstream_http_remote_user;
|
||
auth_request_set $groups $upstream_http_remote_groups;
|
||
|
||
proxy_set_header X-Remote-User $user;
|
||
proxy_set_header X-Remote-Groups $groups;
|
||
proxy_set_header X-Auth-Proxy-Key "internal-auth-key-tlyq-2026";
|
||
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
||
proxy_pass http://issue-ai:3000;
|
||
}
|
||
|
||
error_page 401 =302 https://sso.tlyq.ai/?rd=$scheme://$http_host$request_uri;
|
||
error_page 502 503 = @fallback;
|
||
|
||
location @fallback {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Forwarded-For $remote_addr;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://issue-ai:3000;
|
||
}
|
||
}
|