diff options
| author | Zhenya Vinogradov <zhenyavinogradov@gmail.com> | 2021-02-08 15:04:23 +0300 |
|---|---|---|
| committer | Zhenya Vinogradov <zhenyavinogradov@gmail.com> | 2021-02-08 15:28:52 +0300 |
| commit | cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc (patch) | |
| tree | 17c8c9f4a22964ba913465074b138a14e0527edc | |
| parent | c9f6a7f349a4608fc5c85c5cac756ba400320dba (diff) | |
| download | nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar.gz nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar.bz2 nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar.lz nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar.xz nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.tar.zst nixpkgs-cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc.zip | |
nixos/oauth2_proxy_nginx: specify hostname in X-Auth-Request-Redirect
Fixes redirection after signing in when you use a single oauth2_proxy instance for multiple domains. X-Auth-Request-Redirect header is used to decide which URL to redirect to after signing in. Specifying `request_uri` is enough in case you need to redirect to the same domain that serves oauth2 callback endpoint, but with multiple domains the you should include the scheme and the host.
| -rw-r--r-- | nixos/modules/services/security/oauth2_proxy_nginx.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix index be6734f439f..553638ad496 100644 --- a/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix @@ -31,7 +31,7 @@ in proxyPass = cfg.proxy; extraConfig = '' proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $request_uri; + proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; ''; }; locations."/oauth2/auth" = { |