-
-
Notifications
You must be signed in to change notification settings - Fork 874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
website/docs: Upgrade nginx reverse porxy config #8947
Conversation
Signed-off-by: Vince <wlmqpsc@gmail.com>
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8947 +/- ##
===========================================
+ Coverage 46.62% 92.19% +45.57%
===========================================
Files 626 640 +14
Lines 30996 31549 +553
===========================================
+ Hits 14451 29086 +14635
+ Misses 16545 2463 -14082
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
* main: web: bump API Client version (#9021) sources/ldap: add ability to disable password write on login (#8377) web: bump API Client version (#9020) lifecycle: migrate: ensure template schema exists before migrating (#8952) website/integrations: Update nextcloud Admin Group Expression (#7314) web/flow: general ux improvements (#8558) website: bump @types/react from 18.2.67 to 18.2.69 in /website (#9016) core: bump requests-oauthlib from 1.4.0 to 2.0.0 (#9018) web: bump the sentry group in /web with 2 updates (#9017) web/admin: small fixes (#9002) website: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /website (#9001) core: bump ruff from 0.3.3 to 0.3.4 (#8998) website/docs: Upgrade nginx reverse porxy config (#8947) website/docs: improve flow inspector docs (#8993) website/deverlop-docs website/integrations: add links to integrations template (#8995)
Details
The original nginx reverse proxy config is using
$host
var, which does not pass the port part to authentik.When nginx host on different port rather than 443, is will make CSRF error.
with the
%host
, on pagehttps://authentik:port/api/v3/admin/system/
HTTP_HOST
will only gethttps://authentik
without port. However, when nginx host on different port, the origin in post headers will contain port number, which cause CSRF error.