|
|
|
|
|
|
by zrail
1503 days ago
|
|
|
That's an interesting issue, thanks for linking. I could see something like this working well: location /auth {
...
proxy_set_header X-Required-Caps $required_caps;
...
}
location /grafana {
...
set $required_caps "grafana.com/read,grafana.com/write"
auth_request_set $auth_caps $upstream_http_tailscale_caps;
proxy_set_header X-Webauth-Caps $auth_caps;
...
}
I.e. pass the caps through an nginx variable up to the `/auth` location, then out to `nginx-auth`, then nginx-auth passes all(?) of the user's caps to the upstream. |
|
|