fix(authelia): Update configuration and setup script for Tailscale domain handling in Authelia v4.38+

2025-04-26 00:41:41 +08:00
parent 6d9139408d
commit 4ad7bf0a38
3 changed files with 27 additions and 21 deletions
--- a/update-setup.sh
+++ b/update-setup.sh
@@ -233,22 +233,22 @@ update_authelia_config() {
        TAILSCALE_HOSTNAME=$(grep -o "TAILSCALE_HOSTNAME=.*" "$ENV_FILE" | cut -d'=' -f2 | tr -d '"' | tr -d "'")
        
        if [ -n "$TAILNET_DOMAIN" ] && [ -n "$TAILSCALE_HOSTNAME" ]; then
-            # Extract the base domain (e.g., from "example.ts.net" get "ts.net")
-            BASE_DOMAIN=$(echo "$TAILNET_DOMAIN" | grep -o '[^.]\+\.[^.]\+$')
+            # Use the full Tailnet domain (e.g., "example.ts.net") for cookies 
+            # not just "ts.net" which is a public suffix and not allowed
            
-            # Replace placeholders with actual values
-            # For cookie domain, use the base domain (e.g., "ts.net" not "*.ts.net")
-            sed -i "s/domain: 'ts.net'/domain: '$BASE_DOMAIN'/g" "$AUTHELIA_CONFIG"
+            # Replace domain placeholder with actual Tailnet domain
+            sed -i "s/domain: 'your-tailnet.ts.net'/domain: '$TAILNET_DOMAIN'/g" "$AUTHELIA_CONFIG"
            
-            # For access control rules, wildcard pattern is allowed
-            sed -i "s/domain: '\*.ts.net'/domain: '\*.$BASE_DOMAIN'/g" "$AUTHELIA_CONFIG"
+            # For access control rules, update both wildcards and direct domain
+            sed -i "s/domain: '\*.your-tailnet.ts.net'/domain: '\*.$TAILNET_DOMAIN'/g" "$AUTHELIA_CONFIG"
+            sed -i "s/domain: 'your-tailnet.ts.net'/domain: '$TAILNET_DOMAIN'/g" "$AUTHELIA_CONFIG"
            
            # For URLs, use the full hostname
-            sed -i "s/https:\/\/tailscale-nas.ts.net/https:\/\/$TAILSCALE_HOSTNAME.$TAILNET_DOMAIN/g" "$AUTHELIA_CONFIG"
+            sed -i "s/https:\/\/tailscale-nas.your-tailnet.ts.net/https:\/\/$TAILSCALE_HOSTNAME.$TAILNET_DOMAIN/g" "$AUTHELIA_CONFIG"
            
            echo -e "${GREEN}Configured Authelia with your Tailscale domain:${NC}"
-            echo -e "${CYAN}  - Base domain for cookies: ${GREEN}$BASE_DOMAIN${NC}"
-            echo -e "${CYAN}  - Access control for: ${GREEN}*.$BASE_DOMAIN${NC}"
+            echo -e "${CYAN}  - Cookie domain: ${GREEN}$TAILNET_DOMAIN${NC}"
+            echo -e "${CYAN}  - Access control for: ${GREEN}*.$TAILNET_DOMAIN and $TAILNET_DOMAIN${NC}"
            echo -e "${CYAN}  - Authelia URL: ${GREEN}https://$TAILSCALE_HOSTNAME.$TAILNET_DOMAIN${NC}"
        else
            echo -e "${YELLOW}Warning: Could not find both TAILSCALE_HOSTNAME and TAILSCALE_TAILNET_DOMAIN in .env${NC}"