website/docs: separate pages for each webserver (#4911)
* website/docs: separate pages for each webserver Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
f0d0abb66e
commit
bf7dc5df78
6
website/docs/providers/proxy/__placeholders.md
Normal file
6
website/docs/providers/proxy/__placeholders.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
:::info
|
||||
_example-outpost_ is used as a placeholder for the outpost name.
|
||||
_authentik.company_ is used as a placeholder for the authentik install.
|
||||
_app.company_ is used as a placeholder for the external domain for the application.
|
||||
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
|
||||
:::
|
|
@ -25,6 +25,6 @@ If you're trying to proxy to an upstream over HTTPS, you need to set the `Host`
|
|||
|
||||
```
|
||||
reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
|
||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||
}
|
||||
```
|
||||
|
|
|
@ -2,19 +2,14 @@
|
|||
title: Forward auth
|
||||
---
|
||||
|
||||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the
|
||||
authentik outpost to check authentication and authorization.
|
||||
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
|
||||
|
||||
To use forward auth instead of proxying, you have to change a couple of settings.
|
||||
In the Proxy Provider, make sure to use one of the Forward auth modes.
|
||||
|
||||
## Single application
|
||||
|
||||
Single application mode works for a single application hosted on its dedicated subdomain. This
|
||||
has the advantage that you can still do per-application access policies in authentik.
|
||||
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
|
||||
|
||||
## Domain level
|
||||
|
||||
|
@ -26,131 +21,10 @@ This mode differs from the _Forward auth (single application)_ mode in the follo
|
|||
- You don't have to configure an application in authentik for each domain
|
||||
- Users don't have to authorize multiple times
|
||||
|
||||
There are however also some downsides, mainly the fact that you **can't** restrict individual
|
||||
applications to different users.
|
||||
There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
|
||||
|
||||
The only configuration difference between single application and domain level is the host you specify.
|
||||
|
||||
For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
|
||||
is redirected to the outpost.
|
||||
For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
|
||||
|
||||
For domain level, you'd use the same domain as authentik.
|
||||
|
||||
:::info
|
||||
_example-outpost_ is used as a placeholder for the outpost name.
|
||||
_authentik.company_ is used as a placeholder for the authentik install.
|
||||
_app.company_ is used as a placeholder for the external domain for the application.
|
||||
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
|
||||
:::
|
||||
|
||||
## Nginx
|
||||
|
||||
<Tabs
|
||||
defaultValue="standalone-nginx"
|
||||
values={[
|
||||
{label: 'Standalone nginx', value: 'standalone-nginx'},
|
||||
{label: 'Ingress', value: 'ingress'},
|
||||
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
|
||||
]}>
|
||||
<TabItem value="standalone-nginx">
|
||||
|
||||
import NginxStandalone from "./_nginx_standalone.md";
|
||||
|
||||
<NginxStandalone />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="ingress">
|
||||
|
||||
import NginxIngress from "./_nginx_ingress.md";
|
||||
|
||||
<NginxIngress />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="proxy-manager">
|
||||
|
||||
import NginxProxyManager from "./_nginx_proxy_manager.md";
|
||||
|
||||
<NginxProxyManager />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## Traefik
|
||||
|
||||
<Tabs
|
||||
defaultValue="standalone-traefik"
|
||||
values={[
|
||||
{label: 'Standalone traefik', value: 'standalone-traefik'},
|
||||
{label: 'docker-compose', value: 'docker-compose'},
|
||||
{label: 'Ingress', value: 'ingress'},
|
||||
]}>
|
||||
<TabItem value="standalone-traefik">
|
||||
|
||||
import TraefikStandalone from "./_traefik_standalone.md";
|
||||
|
||||
<TraefikStandalone />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="docker-compose">
|
||||
|
||||
import TraefikCompose from "./_traefik_compose.md";
|
||||
|
||||
<TraefikCompose />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="ingress">
|
||||
|
||||
import TraefikIngress from "./_traefik_ingress.md";
|
||||
|
||||
<TraefikIngress />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## Envoy (Istio)
|
||||
|
||||
:::info
|
||||
Requires authentik 2022.6
|
||||
:::
|
||||
|
||||
:::info
|
||||
Support for this is still in preview, please report bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
|
||||
:::
|
||||
|
||||
:::info
|
||||
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
|
||||
:::
|
||||
|
||||
<Tabs
|
||||
defaultValue="envoy-istio"
|
||||
values={[
|
||||
{label: 'Envoy (Istio)', value: 'envoy-istio'},
|
||||
]}>
|
||||
<TabItem value="envoy-istio">
|
||||
|
||||
import EnvoyIstio from "./_envoy_istio.md";
|
||||
|
||||
<EnvoyIstio />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## Caddy
|
||||
|
||||
:::info
|
||||
Requires authentik 2022.8
|
||||
:::
|
||||
|
||||
<Tabs
|
||||
defaultValue="caddy-standalone"
|
||||
values={[
|
||||
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
|
||||
]}>
|
||||
<TabItem value="caddy-standalone">
|
||||
|
||||
import CaddyStandalone from "./_caddy_standalone.md";
|
||||
|
||||
<CaddyStandalone />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
|
28
website/docs/providers/proxy/server_caddy.mdx
Normal file
28
website/docs/providers/proxy/server_caddy.mdx
Normal file
|
@ -0,0 +1,28 @@
|
|||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
# Caddy
|
||||
|
||||
The configuration template shown below apply to both single-application and domain-level forward auth.
|
||||
|
||||
:::info
|
||||
Requires authentik 2022.8
|
||||
:::
|
||||
|
||||
import Placeholders from "./__placeholders.md";
|
||||
|
||||
<Placeholders />
|
||||
|
||||
<Tabs
|
||||
defaultValue="caddy-standalone"
|
||||
values={[
|
||||
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
|
||||
]}>
|
||||
<TabItem value="caddy-standalone">
|
||||
|
||||
import CaddyStandalone from "./_caddy_standalone.md";
|
||||
|
||||
<CaddyStandalone />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
32
website/docs/providers/proxy/server_envoy.mdx
Normal file
32
website/docs/providers/proxy/server_envoy.mdx
Normal file
|
@ -0,0 +1,32 @@
|
|||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
# Envoy
|
||||
|
||||
The configuration template shown below apply to both single-application and domain-level forward auth.
|
||||
|
||||
:::info
|
||||
Requires authentik 2022.6
|
||||
:::
|
||||
|
||||
:::info
|
||||
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
|
||||
:::
|
||||
|
||||
import Placeholders from "./__placeholders.md";
|
||||
|
||||
<Placeholders />
|
||||
|
||||
<Tabs
|
||||
defaultValue="envoy-istio"
|
||||
values={[
|
||||
{label: 'Envoy (Istio)', value: 'envoy-istio'},
|
||||
]}>
|
||||
<TabItem value="envoy-istio">
|
||||
|
||||
import EnvoyIstio from "./_envoy_istio.md";
|
||||
|
||||
<EnvoyIstio />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
40
website/docs/providers/proxy/server_nginx.mdx
Normal file
40
website/docs/providers/proxy/server_nginx.mdx
Normal file
|
@ -0,0 +1,40 @@
|
|||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
# nginx
|
||||
|
||||
The configuration templates shown below apply to both single-application and domain-level forward auth.
|
||||
|
||||
import Placeholders from "./__placeholders.md";
|
||||
|
||||
<Placeholders />
|
||||
|
||||
<Tabs
|
||||
defaultValue="standalone-nginx"
|
||||
values={[
|
||||
{label: 'Standalone nginx', value: 'standalone-nginx'},
|
||||
{label: 'Ingress', value: 'ingress'},
|
||||
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
|
||||
]}>
|
||||
<TabItem value="standalone-nginx">
|
||||
|
||||
import NginxStandalone from "./_nginx_standalone.md";
|
||||
|
||||
<NginxStandalone />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="ingress">
|
||||
|
||||
import NginxIngress from "./_nginx_ingress.md";
|
||||
|
||||
<NginxIngress />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="proxy-manager">
|
||||
|
||||
import NginxProxyManager from "./_nginx_proxy_manager.md";
|
||||
|
||||
<NginxProxyManager />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
40
website/docs/providers/proxy/server_traefik.mdx
Normal file
40
website/docs/providers/proxy/server_traefik.mdx
Normal file
|
@ -0,0 +1,40 @@
|
|||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
# Traefik
|
||||
|
||||
The configuration templates shown below apply to both single-application and domain-level forward auth.
|
||||
|
||||
import Placeholders from "./__placeholders.md";
|
||||
|
||||
<Placeholders />
|
||||
|
||||
<Tabs
|
||||
defaultValue="standalone-traefik"
|
||||
values={[
|
||||
{label: 'Standalone traefik', value: 'standalone-traefik'},
|
||||
{label: 'docker-compose', value: 'docker-compose'},
|
||||
{label: 'Ingress', value: 'ingress'},
|
||||
]}>
|
||||
<TabItem value="standalone-traefik">
|
||||
|
||||
import TraefikStandalone from "./_traefik_standalone.md";
|
||||
|
||||
<TraefikStandalone />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="docker-compose">
|
||||
|
||||
import TraefikCompose from "./_traefik_compose.md";
|
||||
|
||||
<TraefikCompose />
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="ingress">
|
||||
|
||||
import TraefikIngress from "./_traefik_ingress.md";
|
||||
|
||||
<TraefikIngress />
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
|
@ -65,7 +65,20 @@ module.exports = {
|
|||
items: [
|
||||
"providers/proxy/custom_headers",
|
||||
"providers/proxy/header_authentication",
|
||||
"providers/proxy/forward_auth",
|
||||
{
|
||||
type: "category",
|
||||
label: "Forward authentication",
|
||||
link: {
|
||||
type: "doc",
|
||||
id: "providers/proxy/forward_auth",
|
||||
},
|
||||
items: [
|
||||
"providers/proxy/server_nginx",
|
||||
"providers/proxy/server_traefik",
|
||||
"providers/proxy/server_envoy",
|
||||
"providers/proxy/server_caddy",
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
|
|
Reference in a new issue