website/docs: separate pages for each webserver (#4911)

* website/docs: separate pages for each webserver

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
Jens L 2023-03-13 17:29:51 +01:00 committed by GitHub
parent f0d0abb66e
commit bf7dc5df78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 165 additions and 132 deletions

View file

@ -0,0 +1,6 @@
:::info
_example-outpost_ is used as a placeholder for the outpost name.
_authentik.company_ is used as a placeholder for the authentik install.
_app.company_ is used as a placeholder for the external domain for the application.
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
:::

View file

@ -25,6 +25,6 @@ If you're trying to proxy to an upstream over HTTPS, you need to set the `Host`
```
reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up Host {http.reverse_proxy.upstream.hostport}
}
```

View file

@ -2,19 +2,14 @@
title: Forward auth
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the
authentik outpost to check authentication and authorization.
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
To use forward auth instead of proxying, you have to change a couple of settings.
In the Proxy Provider, make sure to use one of the Forward auth modes.
## Single application
Single application mode works for a single application hosted on its dedicated subdomain. This
has the advantage that you can still do per-application access policies in authentik.
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
## Domain level
@ -26,131 +21,10 @@ This mode differs from the _Forward auth (single application)_ mode in the follo
- You don't have to configure an application in authentik for each domain
- Users don't have to authorize multiple times
There are however also some downsides, mainly the fact that you **can't** restrict individual
applications to different users.
There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
The only configuration difference between single application and domain level is the host you specify.
For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
is redirected to the outpost.
For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
For domain level, you'd use the same domain as authentik.
:::info
_example-outpost_ is used as a placeholder for the outpost name.
_authentik.company_ is used as a placeholder for the authentik install.
_app.company_ is used as a placeholder for the external domain for the application.
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
:::
## Nginx
<Tabs
defaultValue="standalone-nginx"
values={[
{label: 'Standalone nginx', value: 'standalone-nginx'},
{label: 'Ingress', value: 'ingress'},
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
]}>
<TabItem value="standalone-nginx">
import NginxStandalone from "./_nginx_standalone.md";
<NginxStandalone />
</TabItem>
<TabItem value="ingress">
import NginxIngress from "./_nginx_ingress.md";
<NginxIngress />
</TabItem>
<TabItem value="proxy-manager">
import NginxProxyManager from "./_nginx_proxy_manager.md";
<NginxProxyManager />
</TabItem>
</Tabs>
## Traefik
<Tabs
defaultValue="standalone-traefik"
values={[
{label: 'Standalone traefik', value: 'standalone-traefik'},
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Ingress', value: 'ingress'},
]}>
<TabItem value="standalone-traefik">
import TraefikStandalone from "./_traefik_standalone.md";
<TraefikStandalone />
</TabItem>
<TabItem value="docker-compose">
import TraefikCompose from "./_traefik_compose.md";
<TraefikCompose />
</TabItem>
<TabItem value="ingress">
import TraefikIngress from "./_traefik_ingress.md";
<TraefikIngress />
</TabItem>
</Tabs>
## Envoy (Istio)
:::info
Requires authentik 2022.6
:::
:::info
Support for this is still in preview, please report bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
:::info
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
:::
<Tabs
defaultValue="envoy-istio"
values={[
{label: 'Envoy (Istio)', value: 'envoy-istio'},
]}>
<TabItem value="envoy-istio">
import EnvoyIstio from "./_envoy_istio.md";
<EnvoyIstio />
</TabItem>
</Tabs>
## Caddy
:::info
Requires authentik 2022.8
:::
<Tabs
defaultValue="caddy-standalone"
values={[
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
]}>
<TabItem value="caddy-standalone">
import CaddyStandalone from "./_caddy_standalone.md";
<CaddyStandalone />
</TabItem>
</Tabs>

View file

@ -0,0 +1,28 @@
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# Caddy
The configuration template shown below apply to both single-application and domain-level forward auth.
:::info
Requires authentik 2022.8
:::
import Placeholders from "./__placeholders.md";
<Placeholders />
<Tabs
defaultValue="caddy-standalone"
values={[
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
]}>
<TabItem value="caddy-standalone">
import CaddyStandalone from "./_caddy_standalone.md";
<CaddyStandalone />
</TabItem>
</Tabs>

View file

@ -0,0 +1,32 @@
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# Envoy
The configuration template shown below apply to both single-application and domain-level forward auth.
:::info
Requires authentik 2022.6
:::
:::info
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
:::
import Placeholders from "./__placeholders.md";
<Placeholders />
<Tabs
defaultValue="envoy-istio"
values={[
{label: 'Envoy (Istio)', value: 'envoy-istio'},
]}>
<TabItem value="envoy-istio">
import EnvoyIstio from "./_envoy_istio.md";
<EnvoyIstio />
</TabItem>
</Tabs>

View file

@ -0,0 +1,40 @@
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# nginx
The configuration templates shown below apply to both single-application and domain-level forward auth.
import Placeholders from "./__placeholders.md";
<Placeholders />
<Tabs
defaultValue="standalone-nginx"
values={[
{label: 'Standalone nginx', value: 'standalone-nginx'},
{label: 'Ingress', value: 'ingress'},
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
]}>
<TabItem value="standalone-nginx">
import NginxStandalone from "./_nginx_standalone.md";
<NginxStandalone />
</TabItem>
<TabItem value="ingress">
import NginxIngress from "./_nginx_ingress.md";
<NginxIngress />
</TabItem>
<TabItem value="proxy-manager">
import NginxProxyManager from "./_nginx_proxy_manager.md";
<NginxProxyManager />
</TabItem>
</Tabs>

View file

@ -0,0 +1,40 @@
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# Traefik
The configuration templates shown below apply to both single-application and domain-level forward auth.
import Placeholders from "./__placeholders.md";
<Placeholders />
<Tabs
defaultValue="standalone-traefik"
values={[
{label: 'Standalone traefik', value: 'standalone-traefik'},
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Ingress', value: 'ingress'},
]}>
<TabItem value="standalone-traefik">
import TraefikStandalone from "./_traefik_standalone.md";
<TraefikStandalone />
</TabItem>
<TabItem value="docker-compose">
import TraefikCompose from "./_traefik_compose.md";
<TraefikCompose />
</TabItem>
<TabItem value="ingress">
import TraefikIngress from "./_traefik_ingress.md";
<TraefikIngress />
</TabItem>
</Tabs>

View file

@ -65,7 +65,20 @@ module.exports = {
items: [
"providers/proxy/custom_headers",
"providers/proxy/header_authentication",
"providers/proxy/forward_auth",
{
type: "category",
label: "Forward authentication",
link: {
type: "doc",
id: "providers/proxy/forward_auth",
},
items: [
"providers/proxy/server_nginx",
"providers/proxy/server_traefik",
"providers/proxy/server_envoy",
"providers/proxy/server_caddy",
],
},
],
},
{