From 69afc4de5860151d25d568c515367bd916ba07f0 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 18 Jul 2026 12:28:50 -0500 Subject: [PATCH 1/3] Update Nginx configuration to replace $http_host with $host:$server_port for better compatibility Signed-off-by: Eric Nemchik --- root/defaults/nginx/authelia-server.conf.sample | 2 +- root/defaults/nginx/authentik-server.conf.sample | 4 ++-- root/defaults/nginx/proxy.conf.sample | 2 +- root/defaults/nginx/tinyauth-server.conf.sample | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index d969a05a..f53a278d 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -28,7 +28,7 @@ location @authelia_proxy_signin { add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$http_host$request_uri; + set_escape_uri $target_url $scheme://$host:$server_port$request_uri; ## Translate the Location response header from the auth subrequest into a variable auth_request_set $signin_url $upstream_http_location; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index 7b08ff9d..bb879b85 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -38,10 +38,10 @@ location @goauthentik_proxy_signin { add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$http_host$request_uri; + set_escape_uri $target_url $scheme://$host:$server_port$request_uri; ## Set the $signin_url variable - set $signin_url https://$http_host/outpost.goauthentik.io/start?rd=$target_url; + set $signin_url https://$host:$server_port/outpost.goauthentik.io/start?rd=$target_url; ## Redirect to login return 302 $signin_url; diff --git a/root/defaults/nginx/proxy.conf.sample b/root/defaults/nginx/proxy.conf.sample index 967d170e..38ec26e0 100644 --- a/root/defaults/nginx/proxy.conf.sample +++ b/root/defaults/nginx/proxy.conf.sample @@ -33,5 +33,5 @@ proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Original-Method $request_method; -proxy_set_header X-Original-URL $scheme://$http_host$request_uri; +proxy_set_header X-Original-URL $scheme://$host:$server_port$request_uri; proxy_set_header X-Real-IP $remote_addr; diff --git a/root/defaults/nginx/tinyauth-server.conf.sample b/root/defaults/nginx/tinyauth-server.conf.sample index a4256c82..a19e371b 100644 --- a/root/defaults/nginx/tinyauth-server.conf.sample +++ b/root/defaults/nginx/tinyauth-server.conf.sample @@ -12,7 +12,7 @@ location /tinyauth { proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx; proxy_set_header x-forwarded-proto $scheme; - proxy_set_header x-forwarded-host $http_host; + proxy_set_header x-forwarded-host $host:$server_port; proxy_set_header x-forwarded-uri $request_uri; } @@ -21,8 +21,8 @@ location @tinyauth_login { internal; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$http_host$request_uri; - + set_escape_uri $target_url $scheme://$host:$server_port$request_uri; + ## Set the $signin_url variable set $domain $host; if ($host ~* "^[^.]+\.([^.]+\..+)$") { From a393925f4495479e40f6e1a18cde0ff9455b9133 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 18 Jul 2026 12:30:42 -0500 Subject: [PATCH 2/3] Update dates in files to version 2026/07/18 Signed-off-by: Eric Nemchik --- root/defaults/nginx/authelia-server.conf.sample | 2 +- root/defaults/nginx/authentik-server.conf.sample | 2 +- root/defaults/nginx/proxy.conf.sample | 2 +- root/defaults/nginx/tinyauth-server.conf.sample | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index f53a278d..e67346e7 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample +## Version 2026/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authelia-server.conf.sample # Make sure that your authelia container is in the same user defined bridge network and is named authelia # Rename /config/nginx/proxy-confs/authelia.subdomain.conf.sample to /config/nginx/proxy-confs/authelia.subdomain.conf diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index bb879b85..33d0cdde 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/03/25 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample +## Version 2026/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/authentik-server.conf.sample # Make sure that your authentik container is in the same user defined bridge network and is named authentik-server # Rename /config/nginx/proxy-confs/authentik.subdomain.conf.sample to /config/nginx/proxy-confs/authentik.subdomain.conf diff --git a/root/defaults/nginx/proxy.conf.sample b/root/defaults/nginx/proxy.conf.sample index 38ec26e0..32558440 100644 --- a/root/defaults/nginx/proxy.conf.sample +++ b/root/defaults/nginx/proxy.conf.sample @@ -1,4 +1,4 @@ -## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample +## Version 2026/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; diff --git a/root/defaults/nginx/tinyauth-server.conf.sample b/root/defaults/nginx/tinyauth-server.conf.sample index a19e371b..4d7d02aa 100644 --- a/root/defaults/nginx/tinyauth-server.conf.sample +++ b/root/defaults/nginx/tinyauth-server.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample +## Version 2026/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample # Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth # Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf From a2509cc44ea3cbbaf010771adf900fdd5c9b1504 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 18 Jul 2026 13:42:25 -0500 Subject: [PATCH 3/3] Update Nginx configuration to use $is_request_port and $request_port for improved compatibility Signed-off-by: Eric Nemchik --- root/defaults/nginx/authelia-server.conf.sample | 2 +- root/defaults/nginx/authentik-server.conf.sample | 4 ++-- root/defaults/nginx/proxy.conf.sample | 6 +++--- root/defaults/nginx/tinyauth-server.conf.sample | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/root/defaults/nginx/authelia-server.conf.sample b/root/defaults/nginx/authelia-server.conf.sample index e67346e7..6917b809 100644 --- a/root/defaults/nginx/authelia-server.conf.sample +++ b/root/defaults/nginx/authelia-server.conf.sample @@ -28,7 +28,7 @@ location @authelia_proxy_signin { add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$host:$server_port$request_uri; + set_escape_uri $target_url $scheme://$host$is_request_port$request_port$request_uri; ## Translate the Location response header from the auth subrequest into a variable auth_request_set $signin_url $upstream_http_location; diff --git a/root/defaults/nginx/authentik-server.conf.sample b/root/defaults/nginx/authentik-server.conf.sample index 33d0cdde..cd7deb67 100644 --- a/root/defaults/nginx/authentik-server.conf.sample +++ b/root/defaults/nginx/authentik-server.conf.sample @@ -38,10 +38,10 @@ location @goauthentik_proxy_signin { add_header Set-Cookie $set_cookie; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$host:$server_port$request_uri; + set_escape_uri $target_url $scheme://$host$is_request_port$request_port$request_uri; ## Set the $signin_url variable - set $signin_url https://$host:$server_port/outpost.goauthentik.io/start?rd=$target_url; + set $signin_url https://$host$is_request_port$request_port/outpost.goauthentik.io/start?rd=$target_url; ## Redirect to login return 302 $signin_url; diff --git a/root/defaults/nginx/proxy.conf.sample b/root/defaults/nginx/proxy.conf.sample index 32558440..f3bea250 100644 --- a/root/defaults/nginx/proxy.conf.sample +++ b/root/defaults/nginx/proxy.conf.sample @@ -21,11 +21,11 @@ proxy_no_cache $cookie_session; # Proxy Header Settings proxy_set_header Connection $connection_upgrade; proxy_set_header Early-Data $ssl_early_data; -proxy_set_header Host $host; +proxy_set_header Host $host$is_request_port$request_port; proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Host $host$is_request_port$request_port; proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; @@ -33,5 +33,5 @@ proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Original-Method $request_method; -proxy_set_header X-Original-URL $scheme://$host:$server_port$request_uri; +proxy_set_header X-Original-URL $scheme://$host$is_request_port$request_port$request_uri; proxy_set_header X-Real-IP $remote_addr; diff --git a/root/defaults/nginx/tinyauth-server.conf.sample b/root/defaults/nginx/tinyauth-server.conf.sample index 4d7d02aa..8bac75a5 100644 --- a/root/defaults/nginx/tinyauth-server.conf.sample +++ b/root/defaults/nginx/tinyauth-server.conf.sample @@ -12,7 +12,7 @@ location /tinyauth { proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx; proxy_set_header x-forwarded-proto $scheme; - proxy_set_header x-forwarded-host $host:$server_port; + proxy_set_header x-forwarded-host $host$is_request_port$request_port; proxy_set_header x-forwarded-uri $request_uri; } @@ -21,7 +21,7 @@ location @tinyauth_login { internal; ## Set the $target_url variable based on the original request - set_escape_uri $target_url $scheme://$host:$server_port$request_uri; + set_escape_uri $target_url $scheme://$host$is_request_port$request_port$request_uri; ## Set the $signin_url variable set $domain $host;