From cc26d8592f6c6fb39b8ac8b4ad83a73df71675bc Mon Sep 17 00:00:00 2001
From: Zhenya Vinogradov <zhenyavinogradov@gmail.com>
Date: Mon, 8 Feb 2021 15:04:23 +0300
Subject: [PATCH] nixos/oauth2_proxy_nginx: specify hostname in
 X-Auth-Request-Redirect

Fixes redirection after signing in when you use a single oauth2_proxy
instance for multiple domains.

X-Auth-Request-Redirect header is used to decide which URL to redirect
to after signing in. Specifying `request_uri` is enough in case you
need to redirect to the same domain that serves oauth2 callback
endpoint, but with multiple domains the you should include the scheme
and the host.
---
 nixos/modules/services/security/oauth2_proxy_nginx.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix
index be6734f439f3..553638ad4965 100644
--- a/nixos/modules/services/security/oauth2_proxy_nginx.nix
+++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix
@@ -31,7 +31,7 @@ in
         proxyPass = cfg.proxy;
         extraConfig = ''
           proxy_set_header X-Scheme                $scheme;
-          proxy_set_header X-Auth-Request-Redirect $request_uri;
+          proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
         '';
       };
       locations."/oauth2/auth" = {