diff options
| author |  otaconix <stefanhetzwaantje@gmail.com>
| 2023-07-16 14:50:42 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-07-16 14:50:42 +0200 |
| commit | a066be93b0dbb70ead9b7ab758c332b764b98400 (patch) | |
| tree | 63874b3d4c7ba27041e71871fa462f6b6130845f /Docker | |
| parent | db5d458cb24436bf6d2ab203c58b26a162ab3e74 (diff) | |
Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516) (#5523)
* Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516)
The mod_auth_oidc needs an additional directive (`OIDCXForwardedHeaders`)
in case FreshRSS is running behind a reverse proxy, so it knows what host,
protocol and port were used to access it. This information is then used
in the `redirect_uri` when directing the user agent (browser) to the identity
provider for authentication.
Please note that, if you are running FreshRSS behind a reverse proxy that
handles TLS, you may need to update your identity provider's configuration so
it accepts `https://...` as a `redirect_uri`.
* Add link to mod_auth_openidc's documentation for the OIDCXForwardedHeaders Apache configuration directive
* Minor spelling
---------
Co-authored-by: Stefan Zwanenburg <stefan@zwanenburg.info>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Diffstat (limited to 'Docker')
| -rw-r--r-- | Docker/FreshRSS.Apache.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf index 0f9b8e3fa..9330a17f4 100644 --- a/Docker/FreshRSS.Apache.conf +++ b/Docker/FreshRSS.Apache.conf @@ -41,6 +41,10 @@ TraceEnable Off <IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}> OIDCScope "${OIDC_SCOPES}" </IfDefine> + Define "Test_${OIDC_X_FORWARDED_HEADERS}" + <IfDefine !Test_${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}> + OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS} + </IfDefine> OIDCRefreshAccessTokenBeforeExpiry 30 </IfDefine> |