Authelia + Jellyfin + Swag(Nginx)

问题描述 投票:0回答:1

我一直在努力将我的 jellyfin 本地容器打开到互联网,同时通过 Authelia(用于 2FA)保护它。我有一个用于 swag (nginx)、authelia 和 jellyfin 的 docker 容器,它们的命名方式都相同。

我使用了 Jellyfin 的 swag 中的 示例子域配置,并添加了 authelia 导入以在 jellyfin 之前通过 authelia 进行重定向。 Authelia 与服务器上的其他服务配合良好。

如果我删除 jellyfin 配置中的 authelia include 行,我可以毫无问题地访问 jellyfin

https://jellyfin.myserver.com

如果我有 authelia 处于活动状态,我可以毫无问题地通过

https://jellyfin.myserver.com 进入 authelia 登录页面,但在通过 authelia 检查后,我从 Nginx 收到错误 500。

我在日志中看不到相关事件,所以我在这里有点盲目。

知道可能出了什么问题吗?

这是我的 jellyfin.subdomain.conf:

## Version 2023/05/31 # make sure that your jellyfin container is named jellyfin # make sure that your dns has a cname set for jellyfin # if jellyfin is running in bridge mode and the container is named "jellyfin", the below config should work a s is # if not, replace the line "set $upstream_app jellyfin;" with "set $upstream_app <containername>;" # or "set $upstream_app <HOSTIP>;" for host mode, HOSTIP being the IP address of jellyfin # in jellyfin settings, under "Advanced/Networking" add subdomain.mydomain.tld as a known proxy server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name jellyfin.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { # enable for Authelia (requires authelia-server.conf in the server block) include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; } location ~ (/jellyfin)?/socket { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app jellyfin; set $upstream_port 8096; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } 
还有 authelia.conf:


## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-location.conf.sample
# Make sure that your authelia container is in the same user defined bridge network and is named authelia
# Rename /config/nginx/proxy-confs/authelia.conf.sample to /config/nginx/proxy-confs/authelia.conf
# Make sure that the authelia configuration.yml has 'path: "authelia"' defined

## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /authelia/api/verify;
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
error_page 401 = @authelia_proxy_signin;

## Translate response headers from Authelia into variables
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
auth_request_set $authorization $upstream_http_authorization;
auth_request_set $proxy_authorization $upstream_http_proxy_authorization;

## Inject the response header variables into the request made to the actual upstream
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
proxy_set_header Authorization $authorization;
proxy_set_header Proxy-Authorization $proxy_authorization;

## Include the Set-Cookie header if present.
auth_request_set $set_cookie $upstream_http_set_cookie;
add_header Set-Cookie $set_cookie;

和 proxy.conf:


## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample

# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;

# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;

# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

    



    
    nginx
    
    nginx-reverse-proxy
    
    jellyfin
    
    
1个回答

    

      
      
      

        

          

            

              
0
投票

              
            

          

        

        
它看起来像“include /config/nginx/authelia-server.conf;” jellyfin.subdomain.conf 中的服务器块中缺少。这应该添加到位置块上方的某个位置,如 
LinuxServer 的博客文章所示。

server {
    [server block code]

    include /config/nginx/authelia-server.conf;

    location / {
        [location block code]

        include /config/nginx/authelia-location.conf;

仔细检查 Docker 网络也可能是谨慎的做法。让 SWAG 无缝工作的最简单的解决方案是让任何 SWAG 管理的容器与 SWAG 容器位于同一网络上,如 
SWAG GitHub 上所述。由于 SWAG 默认情况下使用容器名称作为 DNS 主机名,因此它将无法在单独的网络上找到您的容器,除非您修改配置以包含服务器的 IP 地址。
    



      

      
    

  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.