TinyAuth SSO for an App via Nginx Proxy Manager

The TinyAuth app requires an identoty service such as LDAP to check credentials against

name: core
services:
  tinyauth:
    container_name: tinyauth
    image: ghcr.io/steveiliop56/tinyauth:v3
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=login.notflix.pknw1.co.uk,login.pknw1.co.uk
      - VIRTUAL_PORT=3000
      - SECRET=12345678901234567890123456789012
      - APP_URL=https://login.pknw1.co.uk
      - COOKIE_SECURE=true
      - APP_TITLE=Notflix SSO
      - TINYAUTH_IP_BYPASS=149.202.72.112/32,172.22.0.0/16
      - BACKGROUND_IMAGE=https://www.pknw1.co.uk/assets/images/ezgif-3-e3824c3d11-1.gif
      - LDAP_ADDRESS=ldap://lldap:3890
      - LDAP_BIND_DN=uid=tinyproxy_read,ou=people,dc=pknw1,dc=co,dc=uk
      - LDAP_BIND_PASSWORD=organic-aroma-mexico-speed
      - LDAP_BASE_DN=ou=people,dc=pknw1,dc=co,dc=uk
      - LDAP_SEARCH_FILTER=(user_id=%s)
      - LDAP_INSECURE=true
    networks:
      - proxy
      - admin
    ports:
      - 172.22.20.1:3891:3000
      - 172.22.22.1:3891:3000
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:3000" ]
      interval: 1m30s
      timeout: 5s
      retries: 2
      start_period: 20s

networks:
  proxy:
    external: true
  admin:
    external: true

# Root location
location / {
  # Pass the request to the app
  proxy_pass          $forward_scheme://$server:$port;

  # Add other app-specific config here

  # Tinyauth auth request
  auth_request /tinyauth;
  error_page 401 = @tinyauth_login;
}

# Tinyauth auth request
location /tinyauth {
  # Pass request to Tinyauth
  proxy_pass http://172.22.20.1:3891/api/auth/nginx;

  # Pass the request headers
  proxy_set_header x-forwarded-proto $scheme;
  proxy_set_header x-forwarded-host $http_host;
  proxy_set_header x-forwarded-uri $request_uri;
}

# Tinyauth login redirect
location @tinyauth_login {
  return 302 http://login.pknw1.co.uk/login?redirect_uri=$scheme://$http_host$request_uri; # Replace with your app URL
}