{#
# This file gets imported to configure forward auth in handlers.
# - Section: Reverse Proxy Configurations
#}
{% if generalSettings.AuthProvider == 'authelia' %}
    {# Check if the domain is IPv6 and wrap in square brackets if necessary #}
    {% set is_ipv6 = (':' in generalSettings.AuthToDomain and generalSettings.AuthToDomain.count(':') >= 2) %}
    forward_auth {% if generalSettings.AuthToTls|default("0") == "1" %}https://{% endif %}{{ '[' if is_ipv6 else '' }}{{ generalSettings.AuthToDomain|default("") }}{{ ']' if is_ipv6 else '' }}{% if generalSettings.AuthToPort %}:{{ generalSettings.AuthToPort }}{% endif %} {
    {% if generalSettings.AuthToUri %}uri {{ generalSettings.AuthToUri|default("") }}{% endif %}

    copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
    }
{% endif %}
