trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/proxy: connect ingress to https instead of http 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#882
This commit is contained in:
Jens Langhammer 2021-05-14 11:42:03 +02:00
parent 965db6eaf5
commit 8d7bb7da17
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
authentik/providers/proxy/controllers/k8s/ingress.py
View File

@ -84,6 +84,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
"traefik.ingress.kubernetes.io/affinity": "true", "traefik.ingress.kubernetes.io/affinity": "true",
"nginx.ingress.kubernetes.io/proxy-buffers-number": "4", "nginx.ingress.kubernetes.io/proxy-buffers-number": "4",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "16k", "nginx.ingress.kubernetes.io/proxy-buffer-size": "16k",
"nginx.ingress.kubernetes.io/backend-protocol": "HTTPS"
} }
annotations.update( annotations.update(
self.controller.outpost.config.kubernetes_ingress_annotations self.controller.outpost.config.kubernetes_ingress_annotations
@ -113,7 +114,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
NetworkingV1beta1HTTPIngressPath( NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend( backend=NetworkingV1beta1IngressBackend(
service_name=self.name, service_name=self.name,
service_port="http", service_port="https",
), ),
path="/akprox", path="/akprox",
) )

8
website/docs/outposts/proxy.mdx
View File

@ -15,6 +15,14 @@ Additionally, you can set `additionalHeaders` on groups or users to set addition
If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set. If you enable *Set HTTP-Basic Authentication* option, the HTTP Authorization header is being set.
# HTTPS
The outpost listens on both 4180 for HTTP and 4443 for HTTPS.
:::warning
If your upstream host is HTTPS, and you're not using forward auth, you need to access the outpost over HTTPS too.
:::
# Forward auth # Forward auth
To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to enable `Enable forward-auth mode` on the provider. To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to enable `Enable forward-auth mode` on the provider.