# Source: https://www.authelia.com/docs/deployment/supported-proxies/nginx.html
  
location /authelia {
    internal;
    set $upstream_authelia https://auth.megabyte.space/api/verify;

    proxy_pass                 $upstream_authelia;
    proxy_pass_request_body    off;
    proxy_redirect             http://  $scheme://;
    proxy_set_header           Content-Length "";
    proxy_set_header           X-Original-URL $scheme://$http_host$request_uri;
    
    client_body_buffer_size    128k;

    # include snippets/proxy.conf; with different proxy_buffers
    # Source: https://www.authelia.com/docs/deployment/supported-proxies/nginx.html
    proxy_cache_bypass  $cookie_session;
    proxy_no_cache      $cookie_session;
    proxy_http_version  1.1;

    # Proxy headers
    proxy_set_header Upgrade            $http_upgrade;
    proxy_set_header Connection         "";
    proxy_set_header Host               $host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_set_header X-Forwarded-Host   $http_host;
    proxy_set_header X-Forwarded-Port   $server_port;
    proxy_set_header X-Forwarded-Uri    $request_uri;
    proxy_set_header X-Forwarded-Ssl    on;

    # Timeout if the real server is dead
    proxy_next_upstream                 error timeout invalid_header http_500 http_502 http_503;

    # Proxy timeouts
    proxy_connect_timeout               240;
    proxy_read_timeout                  240;
    proxy_send_timeout                  240;
    send_timeout                        5m;

    # Proxy buffers
    proxy_buffers                       4 32k;

    # If behind reverse proxy, forwards the correct IP
    set_real_ip_from                    10.0.0.0/8;
    set_real_ip_from                    172.0.0.0/8;
    set_real_ip_from                    192.168.0.0/16;
    set_real_ip_from                    fc00::/7;
    real_ip_header                      X-Forwarded-For;
    real_ip_recursive                   on;
}