From 5b98b4d0901377e470b8d6af38b164c16bf96e7d Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Wed, 23 Sep 2020 09:06:26 +1000 Subject: [PATCH] [BUGFIX] Fix HAProxy redirects (#1333) Including updates to docs examples. --- docs/deployment/supported-proxies/haproxy.md | 8 ++++---- internal/suites/example/compose/haproxy/haproxy.cfg | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/deployment/supported-proxies/haproxy.md b/docs/deployment/supported-proxies/haproxy.md index 52cab97c..71ea3745 100644 --- a/docs/deployment/supported-proxies/haproxy.md +++ b/docs/deployment/supported-proxies/haproxy.md @@ -94,7 +94,7 @@ frontend fe_http http-request set-var(req.scheme) str(http) if !{ ssl_fc } http-request set-var(req.questionmark) str(?) if { query -m found } - # Headers to construct redirection URL + # Required headers http-request set-header X-Real-IP %[src] http-request set-header X-Forwarded-Proto %[var(req.scheme)] http-request set-header X-Forwarded-Host %[req.hdr(Host)] @@ -107,7 +107,7 @@ frontend fe_http # Authelia backend route use_backend be_authelia if host-authelia # Redirect protected-frontends to Authelia if not authenticated - use_backend be_authelia if protected-frontends !{ var(txn.auth_response_successful) -m bool } + http-request redirect location https://auth.example.com/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool } # Service backend route(s) use_backend be_nextcloud if host-nextcloud @@ -151,7 +151,7 @@ frontend fe_http http-request set-var(req.scheme) str(http) if !{ ssl_fc } http-request set-var(req.questionmark) str(?) if { query -m found } - # Headers to construct redirection URL + # Required headers http-request set-header X-Real-IP %[src] http-request set-header X-Forwarded-Proto %[var(req.scheme)] http-request set-header X-Forwarded-Host %[req.hdr(Host)] @@ -164,7 +164,7 @@ frontend fe_http # Authelia backend route use_backend be_authelia if host-authelia # Redirect protected-frontends to Authelia if not authenticated - use_backend be_authelia if protected-frontends !{ var(txn.auth_response_successful) -m bool } + http-request redirect location https://auth.example.com/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool } # Service backend route(s) use_backend be_nextcloud if host-nextcloud diff --git a/internal/suites/example/compose/haproxy/haproxy.cfg b/internal/suites/example/compose/haproxy/haproxy.cfg index 872ec577..f05bce6c 100644 --- a/internal/suites/example/compose/haproxy/haproxy.cfg +++ b/internal/suites/example/compose/haproxy/haproxy.cfg @@ -39,7 +39,7 @@ frontend fe_http # does not know how to handle it (see https://github.com/TimWolla/haproxy-auth-request/issues/12). http-request lua.auth-request be_auth_request /api/verify if protected-frontends - http-request redirect location https://login.example.com:8080 if protected-frontends !{ var(txn.auth_response_successful) -m bool } + http-request redirect location https://login.example.com:8080/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool } use_backend be_authelia if host-authelia-portal api-path use_backend fe_authelia if host-authelia-portal !api-path @@ -51,13 +51,13 @@ backend be_authelia server authelia-backend authelia-backend:9091 ssl verify none backend be_auth_request - mode http - server proxy 127.0.0.1:8085 + mode http + server proxy 127.0.0.1:8085 listen be_auth_request_proxy - mode http - bind 127.0.0.1:8085 - server authelia-backend authelia-backend:9091 ssl verify none + mode http + bind 127.0.0.1:8085 + server authelia-backend authelia-backend:9091 ssl verify none backend fe_authelia server authelia-frontend authelia-frontend:3000