trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: use common placeholders for forward_auth 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-26 13:29:38 +01:00
parent 80364b04a9
commit bc6afdf94f
7 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
website/docs/providers/proxy/_nginx_ingress.md
View File

@ -7,7 +7,7 @@ metadata:
name: authentik-outpost
spec:
rules:
- host: *external host that you configured in authentik*
- host: app.company
http:
paths:
- backend:
@ -23,9 +23,12 @@ Add these annotations to the ingress you want to protect
```yaml
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx
nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-url: |
https://outpost.company/akprox/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |
https://outpost.company/akprox/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
```

2
website/docs/providers/proxy/_nginx_proxy_manager.md
View File

@ -32,7 +32,7 @@ location / {
# all requests to /akprox must be accessible without authentication
location /akprox {
proxy_pass http://*ip or hostname of the authentik OUTPOST*:9000/akprox;
proxy_pass http://outpost.company:9000/akprox;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;

2
website/docs/providers/proxy/_nginx_standalone.md
View File

@ -41,7 +41,7 @@ server {
# all requests to /akprox must be accessible without authentication
location /akprox {
proxy_pass http://*ip or hostname of the authentik OUTPOST*:9000/akprox;
proxy_pass http://outpost.company:9000/akprox;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;

6
website/docs/providers/proxy/_traefik_compose.md
View File

@ -45,10 +45,10 @@ services:
labels:
traefik.enable: true
traefik.port: 9000
traefik.http.routers.authentik.rule: Host(`*external host that you configured in authentik*`) && PathPrefix(`/akprox/`)
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/akprox/`)
traefik.http.routers.authentik.entrypoints: https
traefik.http.routers.authentik.tls: true
traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:9000/akprox/auth/traefik
traefik.http.middlewares.authentik.forwardauth.address: http://app.company:9000/akprox/auth/traefik
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
restart: unless-stopped
@ -57,7 +57,7 @@ services:
image: containous/whoami
labels:
traefik.enable: true
traefik.http.routers.whoami.rule: Host(`*external host that you configured in authentik*`)
traefik.http.routers.whoami.rule: Host(`app.company`)
traefik.http.routers.whoami.entrypoints: https
traefik.http.routers.whoami.tls: true
traefik.http.routers.whoami.middlewares: authentik@docker

6
website/docs/providers/proxy/_traefik_ingress.md
View File

@ -7,7 +7,7 @@ metadata:
name: authentik
spec:
forwardAuth:
address: http://authentik-outpost-example-outpost:9000/akprox/auth/traefik
address: http://outpost.company:9000/akprox/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- Set-Cookie
@ -30,7 +30,7 @@ See [here](https://doc.traefik.io/traefik/v2.4/providers/kubernetes-crd/#allowcr
spec:
routes:
- kind: Rule
match: "Host(`*external host that you configured in authentik*`)"
match: "Host(`app.company`)"
middlewares:
- name: authentik
namespace: authentik
@ -38,7 +38,7 @@ spec:
services: # Unchanged
# This part is only required for single-app setups
- kind: Rule
match: "Host(`*external host that you configured in authentik*`) && PathPrefix(`/akprox/`)"
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
priority: 15
services:
- kind: Service

8
website/docs/providers/proxy/_traefik_standalone.md
View File

@ -3,7 +3,7 @@ http:
middlewares:
authentik:
forwardAuth:
address: http://authentik-outpost-example-outpost:9000/akprox/auth/traefik
address: http://outpost.company:9000/akprox/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- Set-Cookie
@ -14,13 +14,13 @@ http:
- X-authentik-uid
routers:
default-router:
rule: "Host(`*external host that you configured in authentik*`)"
rule: "Host(`app.company`)"
middlewares:
- name: authentik
priority: 10
services: # Unchanged
default-router-auth
match: "Host(`*external host that you configured in authentik*`) && PathPrefix(`/akprox/`)"
default-router-auth:
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
priority: 15
services: http://*ip of your outpost*:9000/akprox
```

2
website/docs/providers/proxy/forward_auth.mdx
View File

@ -35,6 +35,8 @@ For domain level, you'd use the same domain as authentik.
:::info
*example-outpost* is used as a placeholder for the outpost name.
*authentik.company* is used as a placeholder for the authentik install.
*app.company* is used as a placeholder for the external domain for the application.
*outpost.company* is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as *authentik.company*
:::
## Nginx