reverse-proxy-confs/authelia.subdomain.conf.sample

## Version 2023/02/12
# make sure that your authelia container is named authelia
# make sure that your dns has a cname set for authelia
# the default authelia-server and authelia-location confs included with swag rely on
# a built-in subfolder proxy at "/authelia" and enabling this proxy conf is not necessary.
# But if you'd like to use authelia via subdomain, you can enable this proxy and set
# the $authelia_backed variable in the authelia-server.conf.

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name authelia.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app authelia;
        set $upstream_port 9091;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/authelia)?/api {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app authelia;
        set $upstream_port 9091;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }

    location ~ (/authelia)?/metrics {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # block metrics access by default because it is unprotected
        # you can comment out the next line to enable remote metrics
        deny all;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app authelia;
        set $upstream_port 9959;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}