@lamalibre/create-portlama 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/vendor/panel-server/src/lib/nginx.js +31 -21
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lamalibre/create-portlama",
3
- "version": "1.0.13",
3
+ "version": "1.0.15",
4
4
  "description": "One-command setup for secure reverse tunnels with a management dashboard",
5
5
  "type": "module",
6
6
  "license": "MIT",
package/vendor/panel-server/src/lib/nginx.js CHANGED
@@ -187,26 +187,31 @@ export async function writeAppVhost(subdomain, domain, port, certPath) {
187
187
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
188
188
  proxy_set_header X-Forwarded-Proto $scheme;
189
189
 
190
- # Authelia forward authentication
191
- location /authelia {
190
+ # Authelia forward authentication (AuthRequest implementation for nginx)
191
+ location /internal/authelia/authz {
192
192
  internal;
193
- proxy_pass http://127.0.0.1:9091/api/authz/forward-auth;
193
+
194
+ proxy_pass http://127.0.0.1:9091/api/authz/auth-request;
194
195
  proxy_pass_request_body off;
196
+
195
197
  proxy_set_header Content-Length "";
198
+ proxy_set_header Connection "";
199
+ proxy_set_header X-Original-Method $request_method;
196
200
  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
197
- proxy_set_header X-Forwarded-Method $request_method;
198
- proxy_set_header X-Forwarded-Proto $scheme;
199
- proxy_set_header X-Forwarded-Host $http_host;
200
- proxy_set_header X-Forwarded-Uri $request_uri;
201
201
  proxy_set_header X-Forwarded-For $remote_addr;
202
+
203
+ proxy_http_version 1.1;
204
+ proxy_buffers 4 32k;
205
+ proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
202
206
  }
203
207
 
204
208
  location / {
205
- auth_request /authelia;
209
+ auth_request /internal/authelia/authz;
206
210
  auth_request_set $user $upstream_http_remote_user;
207
211
  auth_request_set $groups $upstream_http_remote_groups;
208
212
  auth_request_set $name $upstream_http_remote_name;
209
213
  auth_request_set $email $upstream_http_remote_email;
214
+ auth_request_set $redirection_url $upstream_http_location;
210
215
 
211
216
  proxy_set_header Remote-User $user;
212
217
  proxy_set_header Remote-Groups $groups;
@@ -224,8 +229,8 @@ export async function writeAppVhost(subdomain, domain, port, certPath) {
224
229
  proxy_send_timeout 86400s;
225
230
  }
226
231
 
227
- # Error page for unauthenticated requests redirect to Authelia
228
- error_page 401 =302 https://auth.${domain}/?rd=$scheme://$http_host$request_uri;
232
+ # Redirect unauthenticated requests to Authelia login portal
233
+ error_page 401 =302 $redirection_url;
229
234
  }
230
235
  `;
231
236
 
@@ -315,24 +320,29 @@ export async function writeStaticSiteVhost(site, certDir, domain) {
315
320
 
316
321
  if (site.autheliaProtected && domain) {
317
322
  autheliaBlock = `
318
- # Authelia forward authentication
319
- location /authelia {
323
+ # Authelia forward authentication (AuthRequest implementation for nginx)
324
+ location /internal/authelia/authz {
320
325
  internal;
321
- proxy_pass http://127.0.0.1:9091/api/authz/forward-auth;
326
+
327
+ proxy_pass http://127.0.0.1:9091/api/authz/auth-request;
322
328
  proxy_pass_request_body off;
329
+
323
330
  proxy_set_header Content-Length "";
331
+ proxy_set_header Connection "";
332
+ proxy_set_header X-Original-Method $request_method;
324
333
  proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
325
- proxy_set_header X-Forwarded-Method $request_method;
326
- proxy_set_header X-Forwarded-Proto $scheme;
327
- proxy_set_header X-Forwarded-Host $http_host;
328
- proxy_set_header X-Forwarded-Uri $request_uri;
329
334
  proxy_set_header X-Forwarded-For $remote_addr;
335
+
336
+ proxy_http_version 1.1;
337
+ proxy_buffers 4 32k;
338
+ proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
330
339
  }
331
340
  `;
332
341
  locationAuthDirectives = `
333
- auth_request /authelia;
342
+ auth_request /internal/authelia/authz;
334
343
  auth_request_set $user $upstream_http_remote_user;
335
- auth_request_set $groups $upstream_http_remote_groups;`;
344
+ auth_request_set $groups $upstream_http_remote_groups;
345
+ auth_request_set $redirection_url $upstream_http_location;`;
336
346
  }
337
347
 
338
348
  const config = `server {
@@ -357,8 +367,8 @@ ${autheliaBlock}
357
367
  ${tryFiles};
358
368
  }
359
369
  ${site.autheliaProtected && domain ? `
360
- # Error page for unauthenticated requests redirect to Authelia
361
- error_page 401 =302 https://auth.${domain}/?rd=$scheme://$http_host$request_uri;
370
+ # Redirect unauthenticated requests to Authelia login portal
371
+ error_page 401 =302 $redirection_url;
362
372
  ` : ''}
363
373
  }
364
374
  `;