authentik/nginx.conf

server {
    listen 443 ssl;
    listen [::]:443 ssl;
   # proxy_cache my_cache;
    server_name authentik.example.com;
    # listen 80;
    # listen [::]:80;
    # allow large file uploads
    client_max_body_size 50M;
    # Set headers
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # enable websockets: http://nginx.org/en/docs/http/websocket.html
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_redirect off;
    ssl_certificate /etc/nginx/ssl/*.example.com_2048/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/*.example.com.com_2048/private.key;
    location / {
        proxy_pass http://0.0.0.0:8986;
    }
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_pass http://127.0.0.1:9180;
        proxy_cache_key $scheme://$host$uri$is_args$query_string;
        proxy_cache_valid 200 10m;
    }
}