3c1b70c355
* outposts/proxyv2: initial commit Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add rs256 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> more stuff Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add forward auth an sign_out Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> match cookie name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> re-add support for rs256 for backwards compat Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add error handler Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> ensure unique user-agent is used Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> set cookie duration based on id_token expiry Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> build proxy v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add ssl Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add basic auth and custom header support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add application cert loading Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> implement whitelist Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add redis Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> migrate embedded outpost to v2 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> remove old proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> providers/proxy: make token expiration configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> add metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * providers/proxy: only allow one redirect URI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix docker build for proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove default port offset Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add AUTHENTIK_HOST_BROWSER Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests: fix e2e/integration tests not using proper tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove references of old port Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix user_attributes not being loaded correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
57 lines
1.5 KiB
Go
57 lines
1.5 KiB
Go
package web
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
|
|
"goauthentik.io/internal/utils/web"
|
|
)
|
|
|
|
func (ws *WebServer) configureProxy() {
|
|
// Reverse proxy to the application server
|
|
u, _ := url.Parse("http://localhost:8000")
|
|
director := func(req *http.Request) {
|
|
req.URL.Scheme = u.Scheme
|
|
req.URL.Host = u.Host
|
|
if _, ok := req.Header["User-Agent"]; !ok {
|
|
// explicitly disable User-Agent so it's not set to default value
|
|
req.Header.Set("User-Agent", "")
|
|
}
|
|
if req.TLS != nil {
|
|
req.Header.Set("X-Forwarded-Proto", "https")
|
|
}
|
|
}
|
|
rp := &httputil.ReverseProxy{Director: director}
|
|
rp.ErrorHandler = ws.proxyErrorHandler
|
|
rp.ModifyResponse = ws.proxyModifyResponse
|
|
ws.m.PathPrefix("/akprox").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
if ws.ProxyServer != nil {
|
|
ws.ProxyServer.Handle(rw, r)
|
|
return
|
|
}
|
|
ws.proxyErrorHandler(rw, r, fmt.Errorf("proxy not running"))
|
|
})
|
|
ws.m.PathPrefix("/").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
|
host := web.GetHost(r)
|
|
if ws.ProxyServer != nil {
|
|
if ws.ProxyServer.HandleHost(host, rw, r) {
|
|
return
|
|
}
|
|
}
|
|
ws.log.WithField("host", host).Trace("routing to application server")
|
|
rp.ServeHTTP(rw, r)
|
|
})
|
|
}
|
|
|
|
func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request, err error) {
|
|
ws.log.WithError(err).Warning("proxy error")
|
|
rw.WriteHeader(http.StatusBadGateway)
|
|
}
|
|
|
|
func (ws *WebServer) proxyModifyResponse(r *http.Response) error {
|
|
r.Header.Set("server", "authentik")
|
|
return nil
|
|
}
|