I'm trying to get ForwardAuth to work with Vouch Proxy. For that I put an additional nginx proxy between the two. Reading the documentation of ForwardAuth I expect to get the originally requested Host as X-Forwarded-Host but instead I get forwardAuth.address.
version: '3.5'
services:
vouch:
image: voucher/vouch-proxy:alpine
restart: always
environment:
- VOUCH_DOMAINS=$SSO_DOMAINS
- OAUTH_PROVIDER=homeassistant
- OAUTH_CLIENT_ID=https://$SSO_HOST
- OAUTH_AUTH_URL=https://$HA_HOST/auth/authorize
- OAUTH_CALLBACK_URL=https://$SSO_HOST/auth
nginx:
image: nginx:alpine
restart: always
volumes:
- ./templates:/etc/nginx/templates
environment:
- SSO_HOST
networks:
- default
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.sso.rule=Host(`$SSO_HOST`)"
- "traefik.http.routers.sso.tls=true"
- "traefik.http.routers.sso.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.sso.forwardauth.address=https://$SSO_HOST/validate"
networks:
web:
external: true
server {
listen 80;
location = /validate {
proxy_pass http://vouch:9090/validate;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_intercept_errors on;
set $requested_url https://$http_x_forwarded_host$http_x_forwarded_uri;
set $auth_resp_jwt $upstream_http_x_vouch_jwt;
set $auth_resp_err $upstream_http_x_vouch_err;
set $auth_resp_failcount $upstream_http_x_vouch_failcount;
}
error_page 401 = @error401;
location @error401 {
return 302 https://$SSO_HOST/login?url=$requested_url&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err;
}
location / {
proxy_pass http://vouch:9090;
}
}
This redirects to https://$SSO_HOST/login?url=$SSO_HOST. Which is not what I want.
