website/docs: remove duplicate proxy docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
66bfa6879d
commit
285a9b8b1d
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title: LDAP Outpost
|
||||
title: LDAP Provider
|
||||
---
|
||||
|
||||
:::info
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
title: Proxy Provider
|
||||
---
|
||||
|
||||
:::info
|
||||
This provider is to be used in conjunction with [Outposts](../outposts/outposts.md)
|
||||
:::
|
||||
|
||||
This provider protects applications, which have no built-in support for OAuth2 or SAML. This is done by running a lightweight Reverse Proxy in front of the application, which authenticates the requests.
|
||||
|
||||
authentik Proxy is based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), but has been integrated more tightly with authentik.
|
||||
|
||||
The Proxy these extra headers to the application:
|
||||
|
||||
| Header Name | Value |
|
||||
| ------------------------------ | --------------------------------------------------- |
|
||||
| X-Forwarded-User | The user's unique identifier (**not the username**) |
|
||||
| X-Forwarded-Email | The user's email address |
|
||||
| X-Forwarded-Preferred-Username | The user's username |
|
||||
| X-Auth-Username | The user's username |
|
||||
|
||||
Additionally, you can add more custom headers using `additionalHeaders` in the User or Group Properties, for example
|
||||
|
||||
```yaml
|
||||
additionalHeaders:
|
||||
X-additional-header: bar
|
||||
```
|
|
@ -117,7 +117,7 @@ metadata:
|
|||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User,X-Auth-Groups
|
||||
nginx.ingress.kubernetes.io/auth-snippet: |
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
```
|
||||
|
@ -145,6 +145,7 @@ http:
|
|||
authResponseHeaders:
|
||||
- Set-Cookie
|
||||
- X-Auth-Username
|
||||
- X-Auth-Groups
|
||||
- X-Forwarded-Email
|
||||
- X-Forwarded-Preferred-Username
|
||||
- X-Forwarded-User
|
||||
|
@ -211,7 +212,7 @@ services:
|
|||
traefik.http.routers.authentik.tls: true
|
||||
traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:4180/akprox/auth?traefik
|
||||
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
|
||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
|
||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Auth-Groups,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
|
||||
restart: unless-stopped
|
||||
|
||||
whoami:
|
||||
|
@ -241,6 +242,7 @@ spec:
|
|||
authResponseHeaders:
|
||||
- Set-Cookie
|
||||
- X-Auth-Username
|
||||
- X-Auth-Groups
|
||||
- X-Forwarded-Email
|
||||
- X-Forwarded-Preferred-Username
|
||||
- X-Forwarded-User
|
|
@ -1,11 +1,12 @@
|
|||
---
|
||||
title: Proxy Outpost
|
||||
title: Proxy provider
|
||||
---
|
||||
|
||||
The proxy outpost sets the following headers:
|
||||
|
||||
```
|
||||
X-Auth-Username: akadmin # The username of the currently logged in user
|
||||
X-Auth-Groups: foo|bar|baz # The groups the user is member of, separated by a pipe
|
||||
X-Forwarded-Email: root@localhost # The email address of the currently logged in user
|
||||
X-Forwarded-Preferred-Username: akadmin # The username of the currently logged in user
|
||||
X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
|
|
@ -13,7 +13,7 @@ This update brings a lot of big features, such as:
|
|||
|
||||
Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more.
|
||||
|
||||
See [Proxy](../providers/proxy.md)
|
||||
See [Proxy](../providers/proxy/proxy.md)
|
||||
|
||||
- Outpost System
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in
|
|||
- Compatibility with forwardAuth/auth_request
|
||||
|
||||
The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,
|
||||
and the correct config from [here](../outposts/proxy/forward_auth.mdx).
|
||||
and the correct config from [here](../providers/proxy/forward_auth.mdx).
|
||||
|
||||
- Docker images for ARM
|
||||
|
||||
|
|
|
@ -23,7 +23,19 @@ module.exports = {
|
|||
{
|
||||
type: "category",
|
||||
label: "Providers",
|
||||
items: ["providers/oauth2", "providers/saml", "providers/proxy"],
|
||||
items: [
|
||||
"providers/oauth2",
|
||||
"providers/saml",
|
||||
{
|
||||
type: "category",
|
||||
label: "Proxy",
|
||||
items: [
|
||||
"providers/proxy/proxy",
|
||||
"providers/proxy/forward_auth",
|
||||
],
|
||||
},
|
||||
"providers/ldap",
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
|
@ -39,21 +51,6 @@ module.exports = {
|
|||
"outposts/manual-deploy-kubernetes",
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "Proxy",
|
||||
items: [
|
||||
"outposts/proxy/proxy",
|
||||
"outposts/proxy/forward_auth",
|
||||
],
|
||||
},
|
||||
{
|
||||
type: "category",
|
||||
label: "LDAP",
|
||||
items: [
|
||||
"outposts/ldap/ldap",
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
|
|
Reference in a new issue