fix

llama/nginx.conf

@@ -1,67 +0,0 @@
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    gzip on;
-    gzip_vary on;
-    gzip_min_length 256;
-    gzip_proxied any;
-    gzip_types
-        application/json
-        application/javascript
-        application/xml
-        application/xml+rss
-        text/css
-        text/javascript
-        text/plain
-        text/xml;
-
-    # CORS headers for OAuth redirects
-    map $http_origin $cors_origin {
-        default "";
-        "https://llama.story-basking.ts.net" $http_origin;
-    }
-
-    server {
-        listen 80;
-        server_name _;
-
-        client_max_body_size 100M;
-
-        location / {
-            # Add CORS headers to all responses
-            add_header Access-Control-Allow-Origin $cors_origin always;
-            add_header Access-Control-Allow-Credentials true always;
-            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-            add_header Access-Control-Allow-Headers "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
-
-            # Handle preflight requests
-            if ($request_method = OPTIONS) {
-                return 204;
-            }
-
-            proxy_pass http://llama_oauth2_proxy:4180;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header X-Auth-Request-Redirect $request_uri;
-
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-
-            proxy_connect_timeout 60s;
-            proxy_send_timeout 60s;
-            proxy_read_timeout 60s;
-
-            # Important: Pass cookies properly
-            proxy_pass_header Set-Cookie;
-            proxy_cookie_domain localhost llama.story-basking.ts.net;
-        }
-    }
-}

llama/oauth2-proxy.cfg

@@ -1,50 +0,0 @@
-## OAuth2 Proxy Configuration
-## Using GitHub as the identity provider
-
-# Provider settings
-provider = "github"
-
-# Get these from GitHub Settings → Developer settings → OAuth Apps
-client_id = "${GITHUB_CLIENT_ID}"
-client_secret = "${GITHUB_CLIENT_SECRET}"
-
-# Cookie settings
-cookie_name = "llama_session"
-cookie_secret = "${OAUTH2_PROXY_COOKIE_SECRET}"
-cookie_domains = [".story-basking.ts.net"]
-cookie_expire = "168h0m0s"
-cookie_refresh = "60m"
-cookie_secure = true
-cookie_httponly = true
-cookie_samesite = "none"
-
-# Redirect URL - must match GitHub OAuth settings
-redirect_url = "https://llama.story-basking.ts.net/oauth2/callback"
-
-# GitHub specific - restrict to specific orgs/users (optional)
-# github_org = "your-org"
-# github_team = "your-team"
-github_user = "brycecovert"
-
-# Upstream - your llama service
-upstreams = [ "http://workstation:5082" ]
-
-# Server settings
-http_address = "0.0.0.0:4180"
-reverse_proxy = true
-
-# Pass user info to upstream
-pass_authorization_header = true
-pass_access_token = true
-set_xauthrequest = true
-
-# Skip the provider selection button
-skip_provider_button = true
-
-# Session storage
-session_store_type = "cookie"
-
-# Logging
-standard_logging = true
-auth_logging = true
-request_logging = true