2

I'm posting this topic because I have a problem with nginx configuration on authelia with ip filtering.

Here is my current configuration.

####BABBYBUDDY####
    map $remote_addr $is_allowed {
        192.168.1.120 1;
        default 0;
    }

include /etc/nginx/conf/user-agent/user-agent-babby.domain.tld.conf;

server {
    listen 80;
    listen 443 ssl http2;
    server_name babby.domain.tld;

        if ($scheme != "https") {
                rewrite ^ https://$host$uri permanent;
        }

    include /etc/nginx/conf/ssl/ssl.conf;
    include /etc/nginx/conf/ssl/domain/cert.domain.tld.conf;
    include /etc/nginx/conf/error-page/error-page.conf;
    charset utf-8;

    include /etc/nginx/conf/auth/authelia/authelia-location.conf;

    location / {
        if ($user_agent = 0) { return 403; }
        if ($is_allowed = 0) {
            include /etc/nginx/conf/auth/authelia/authelia-authrequest.conf;
        }

        proxy_pass http://babybuddy:8000;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
    }
}

authelia-authrequest.conf

## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia;

## Set the $target_url variable based on the original request.
auth_request_set $target_url $scheme://$http_host$request_uri;

## Save the upstream response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;

## Inject the response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;

## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 =302 https://auth.domain.tld/?rd=$target_url;

I want to load the selement file based on the remote ip.

Error nginxnginx: [emerg] "auth_request" directive is not allowed here in /etc/nginx/conf/auth/authelia/authelia-authrequest.conf:2 

Thank you in advance.

Transfer the config from authelia-authrequest.conf to the base file.

0 Answers0