caddy/snippets/auth/authelia-forward.snippet

0.7 KB · 22 lines · 2024-10-20 · 6d97322

# caddy/snippets/auth/authelia-forward.snippet
# Delegate auth to Authelia via forward_auth. Apps that need to be
# reached without a session (e.g. jellyfin APIs for clients) should
# skip importing this snippet and handle their own auth.

forward_auth authelia:9091 {
    uri /api/authz/forward-auth
    copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
    header_up Host {upstream_hostport}
    header_up X-Forwarded-Method {method}
    header_up X-Forwarded-Proto {scheme}
    header_up X-Forwarded-Host {host}
    header_up X-Forwarded-Uri {uri}
    header_up X-Forwarded-For {remote_host}

    @unauth status 401
    handle_response @unauth {
        redir * https://auth.home.arpa?rd={scheme}://{host}{uri} 302
    }
}