# Source: https://www.authelia.com/docs/deployment/supported-proxies/nginx.html location /authelia { internal; set $upstream_authelia https://auth.megabyte.space/api/verify; proxy_pass $upstream_authelia; proxy_pass_request_body off; proxy_redirect http:// $scheme://; proxy_set_header Content-Length ""; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; client_body_buffer_size 128k; # include snippets/proxy.conf; with different proxy_buffers # Source: https://www.authelia.com/docs/deployment/supported-proxies/nginx.html proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_http_version 1.1; # Proxy headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Forwarded-Ssl on; # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Proxy timeouts proxy_connect_timeout 240; proxy_read_timeout 240; proxy_send_timeout 240; send_timeout 5m; # Proxy buffers proxy_buffers 4 32k; # If behind reverse proxy, forwards the correct IP set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.0.0.0/8; set_real_ip_from 192.168.0.0/16; set_real_ip_from fc00::/7; real_ip_header X-Forwarded-For; real_ip_recursive on; }