Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions readme-vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,7 @@ init_diagram: |
"swag:latest" <- Base Images
# changelog
changelogs:
- {date: "19.07.26:", desc: "Use new X-Tinyauth-Location header in Tinyauth locations."}
- {date: "10.07.26:", desc: "Add support for Let's Encrypt cert profiles. Run certbot twice daily with a random delay."}
- {date: "19.06.26:", desc: "Add support for mijn.host dns validation."}
- {date: "01.06.26:", desc: "Remove obsolete old cert check logic."}
Expand Down
8 changes: 5 additions & 3 deletions root/defaults/nginx/tinyauth-location.conf.sample
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
## Version 2026/07/19 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf

## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;

## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal
auth_request_set $redirection_url $upstream_http_x_tinyauth_location;
error_page 401 403 =302 $redirection_url;

## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the URL tinyauth returns in the X-Tinyauth-Location header
error_page 401 = @tinyauth_login;

## Translate the user information response headers from the auth subrequest into variables
Expand Down
20 changes: 1 addition & 19 deletions root/defaults/nginx/tinyauth-server.conf.sample
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
## Version 2026/07/19 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf

Expand All @@ -15,21 +15,3 @@ location /tinyauth {
proxy_set_header x-forwarded-host $http_host;
proxy_set_header x-forwarded-uri $request_uri;
}

# virtual location for tinyauth 401 redirects
location @tinyauth_login {
internal;

## Set the $target_url variable based on the original request
set_escape_uri $target_url $scheme://$http_host$request_uri;

## Set the $signin_url variable
set $domain $host;
if ($host ~* "^[^.]+\.([^.]+\..+)$") {
set $domain $1;
}
set $signin_url https://tinyauth.$domain/login?redirect_uri=$target_url;

## Redirect to login
return 302 $signin_url;
}