Closed lee44 closed 1 year ago
Maybe you meant to open a PR to update the documentation at https://github.com/stashapp/Stash-Docs instead of creating an issue in the Stash repo?
Closing as I'm not sure what the action here is supposed to be.
EDIT: Got it working by adding proxy_hide_header Content-Security-Policy;
@lee44 Wondering if you have an updated working config? Adding proxy_set_header Host $http_host;
get's the images to load on the main page, but when trying to play I get met with this message.
The media could not be loaded, either because the server or network failed or because the format is not supported.
I had to add support for websocket upgrade in my config as well. Here's my config:
# Increase buffer size for large headers
# This is needed only if you get 'upstream sent too big header while reading response
# header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
# Support for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Set any other headers your application might need
# proxy_set_header Host $host;
# proxy_set_header ...
proxy_set_header Host $http_host;
proxy_hide_header Content-Security-Policy;
# bypass authentik when on local network
satisfy any;
allow 123.456.7.8/24;
deny all;
# authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass http://123.45.6.7:1234/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
}
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.mydomain.me/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
Currently using authelia with no issues but trying to make the jump to authentik
After setting up Stash with Nginx Proxy Manager and Authentik, images and videos weren't showing properly until I added
proxy_set_header Host $http_host
to the Nginx Configuration. Make sure to change proxy pass to your local IP