website/docs: separate pages for each webserver (#4911)
* website/docs: separate pages for each webserver Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Apply suggestions from code review Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
This commit is contained in:
parent
f0d0abb66e
commit
bf7dc5df78
|
@ -0,0 +1,6 @@
|
||||||
|
:::info
|
||||||
|
_example-outpost_ is used as a placeholder for the outpost name.
|
||||||
|
_authentik.company_ is used as a placeholder for the authentik install.
|
||||||
|
_app.company_ is used as a placeholder for the external domain for the application.
|
||||||
|
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
|
||||||
|
:::
|
|
@ -25,6 +25,6 @@ If you're trying to proxy to an upstream over HTTPS, you need to set the `Host`
|
||||||
|
|
||||||
```
|
```
|
||||||
reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
|
reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
|
||||||
header_up Host {http.reverse_proxy.upstream.hostport}
|
header_up Host {http.reverse_proxy.upstream.hostport}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
|
@ -2,19 +2,14 @@
|
||||||
title: Forward auth
|
title: Forward auth
|
||||||
---
|
---
|
||||||
|
|
||||||
import Tabs from "@theme/Tabs";
|
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
|
||||||
import TabItem from "@theme/TabItem";
|
|
||||||
|
|
||||||
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the
|
|
||||||
authentik outpost to check authentication and authorization.
|
|
||||||
|
|
||||||
To use forward auth instead of proxying, you have to change a couple of settings.
|
To use forward auth instead of proxying, you have to change a couple of settings.
|
||||||
In the Proxy Provider, make sure to use one of the Forward auth modes.
|
In the Proxy Provider, make sure to use one of the Forward auth modes.
|
||||||
|
|
||||||
## Single application
|
## Single application
|
||||||
|
|
||||||
Single application mode works for a single application hosted on its dedicated subdomain. This
|
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
|
||||||
has the advantage that you can still do per-application access policies in authentik.
|
|
||||||
|
|
||||||
## Domain level
|
## Domain level
|
||||||
|
|
||||||
|
@ -26,131 +21,10 @@ This mode differs from the _Forward auth (single application)_ mode in the follo
|
||||||
- You don't have to configure an application in authentik for each domain
|
- You don't have to configure an application in authentik for each domain
|
||||||
- Users don't have to authorize multiple times
|
- Users don't have to authorize multiple times
|
||||||
|
|
||||||
There are however also some downsides, mainly the fact that you **can't** restrict individual
|
There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
|
||||||
applications to different users.
|
|
||||||
|
|
||||||
The only configuration difference between single application and domain level is the host you specify.
|
The only configuration difference between single application and domain level is the host you specify.
|
||||||
|
|
||||||
For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
|
For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
|
||||||
is redirected to the outpost.
|
|
||||||
|
|
||||||
For domain level, you'd use the same domain as authentik.
|
For domain level, you'd use the same domain as authentik.
|
||||||
|
|
||||||
:::info
|
|
||||||
_example-outpost_ is used as a placeholder for the outpost name.
|
|
||||||
_authentik.company_ is used as a placeholder for the authentik install.
|
|
||||||
_app.company_ is used as a placeholder for the external domain for the application.
|
|
||||||
_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_
|
|
||||||
:::
|
|
||||||
|
|
||||||
## Nginx
|
|
||||||
|
|
||||||
<Tabs
|
|
||||||
defaultValue="standalone-nginx"
|
|
||||||
values={[
|
|
||||||
{label: 'Standalone nginx', value: 'standalone-nginx'},
|
|
||||||
{label: 'Ingress', value: 'ingress'},
|
|
||||||
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
|
|
||||||
]}>
|
|
||||||
<TabItem value="standalone-nginx">
|
|
||||||
|
|
||||||
import NginxStandalone from "./_nginx_standalone.md";
|
|
||||||
|
|
||||||
<NginxStandalone />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
<TabItem value="ingress">
|
|
||||||
|
|
||||||
import NginxIngress from "./_nginx_ingress.md";
|
|
||||||
|
|
||||||
<NginxIngress />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
<TabItem value="proxy-manager">
|
|
||||||
|
|
||||||
import NginxProxyManager from "./_nginx_proxy_manager.md";
|
|
||||||
|
|
||||||
<NginxProxyManager />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
</Tabs>
|
|
||||||
|
|
||||||
## Traefik
|
|
||||||
|
|
||||||
<Tabs
|
|
||||||
defaultValue="standalone-traefik"
|
|
||||||
values={[
|
|
||||||
{label: 'Standalone traefik', value: 'standalone-traefik'},
|
|
||||||
{label: 'docker-compose', value: 'docker-compose'},
|
|
||||||
{label: 'Ingress', value: 'ingress'},
|
|
||||||
]}>
|
|
||||||
<TabItem value="standalone-traefik">
|
|
||||||
|
|
||||||
import TraefikStandalone from "./_traefik_standalone.md";
|
|
||||||
|
|
||||||
<TraefikStandalone />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
<TabItem value="docker-compose">
|
|
||||||
|
|
||||||
import TraefikCompose from "./_traefik_compose.md";
|
|
||||||
|
|
||||||
<TraefikCompose />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
<TabItem value="ingress">
|
|
||||||
|
|
||||||
import TraefikIngress from "./_traefik_ingress.md";
|
|
||||||
|
|
||||||
<TraefikIngress />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
</Tabs>
|
|
||||||
|
|
||||||
## Envoy (Istio)
|
|
||||||
|
|
||||||
:::info
|
|
||||||
Requires authentik 2022.6
|
|
||||||
:::
|
|
||||||
|
|
||||||
:::info
|
|
||||||
Support for this is still in preview, please report bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
|
|
||||||
:::
|
|
||||||
|
|
||||||
:::info
|
|
||||||
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
|
|
||||||
:::
|
|
||||||
|
|
||||||
<Tabs
|
|
||||||
defaultValue="envoy-istio"
|
|
||||||
values={[
|
|
||||||
{label: 'Envoy (Istio)', value: 'envoy-istio'},
|
|
||||||
]}>
|
|
||||||
<TabItem value="envoy-istio">
|
|
||||||
|
|
||||||
import EnvoyIstio from "./_envoy_istio.md";
|
|
||||||
|
|
||||||
<EnvoyIstio />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
</Tabs>
|
|
||||||
|
|
||||||
## Caddy
|
|
||||||
|
|
||||||
:::info
|
|
||||||
Requires authentik 2022.8
|
|
||||||
:::
|
|
||||||
|
|
||||||
<Tabs
|
|
||||||
defaultValue="caddy-standalone"
|
|
||||||
values={[
|
|
||||||
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
|
|
||||||
]}>
|
|
||||||
<TabItem value="caddy-standalone">
|
|
||||||
|
|
||||||
import CaddyStandalone from "./_caddy_standalone.md";
|
|
||||||
|
|
||||||
<CaddyStandalone />
|
|
||||||
|
|
||||||
</TabItem>
|
|
||||||
</Tabs>
|
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
import Tabs from "@theme/Tabs";
|
||||||
|
import TabItem from "@theme/TabItem";
|
||||||
|
|
||||||
|
# Caddy
|
||||||
|
|
||||||
|
The configuration template shown below apply to both single-application and domain-level forward auth.
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2022.8
|
||||||
|
:::
|
||||||
|
|
||||||
|
import Placeholders from "./__placeholders.md";
|
||||||
|
|
||||||
|
<Placeholders />
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="caddy-standalone"
|
||||||
|
values={[
|
||||||
|
{label: 'Caddy (standalone)', value: 'caddy-standalone'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="caddy-standalone">
|
||||||
|
|
||||||
|
import CaddyStandalone from "./_caddy_standalone.md";
|
||||||
|
|
||||||
|
<CaddyStandalone />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
</Tabs>
|
|
@ -0,0 +1,32 @@
|
||||||
|
import Tabs from "@theme/Tabs";
|
||||||
|
import TabItem from "@theme/TabItem";
|
||||||
|
|
||||||
|
# Envoy
|
||||||
|
|
||||||
|
The configuration template shown below apply to both single-application and domain-level forward auth.
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2022.6
|
||||||
|
:::
|
||||||
|
|
||||||
|
:::info
|
||||||
|
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
|
||||||
|
:::
|
||||||
|
|
||||||
|
import Placeholders from "./__placeholders.md";
|
||||||
|
|
||||||
|
<Placeholders />
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="envoy-istio"
|
||||||
|
values={[
|
||||||
|
{label: 'Envoy (Istio)', value: 'envoy-istio'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="envoy-istio">
|
||||||
|
|
||||||
|
import EnvoyIstio from "./_envoy_istio.md";
|
||||||
|
|
||||||
|
<EnvoyIstio />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
</Tabs>
|
|
@ -0,0 +1,40 @@
|
||||||
|
import Tabs from "@theme/Tabs";
|
||||||
|
import TabItem from "@theme/TabItem";
|
||||||
|
|
||||||
|
# nginx
|
||||||
|
|
||||||
|
The configuration templates shown below apply to both single-application and domain-level forward auth.
|
||||||
|
|
||||||
|
import Placeholders from "./__placeholders.md";
|
||||||
|
|
||||||
|
<Placeholders />
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="standalone-nginx"
|
||||||
|
values={[
|
||||||
|
{label: 'Standalone nginx', value: 'standalone-nginx'},
|
||||||
|
{label: 'Ingress', value: 'ingress'},
|
||||||
|
{label: 'Nginx Proxy Manager', value: 'proxy-manager'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="standalone-nginx">
|
||||||
|
|
||||||
|
import NginxStandalone from "./_nginx_standalone.md";
|
||||||
|
|
||||||
|
<NginxStandalone />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
<TabItem value="ingress">
|
||||||
|
|
||||||
|
import NginxIngress from "./_nginx_ingress.md";
|
||||||
|
|
||||||
|
<NginxIngress />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
<TabItem value="proxy-manager">
|
||||||
|
|
||||||
|
import NginxProxyManager from "./_nginx_proxy_manager.md";
|
||||||
|
|
||||||
|
<NginxProxyManager />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
</Tabs>
|
|
@ -0,0 +1,40 @@
|
||||||
|
import Tabs from "@theme/Tabs";
|
||||||
|
import TabItem from "@theme/TabItem";
|
||||||
|
|
||||||
|
# Traefik
|
||||||
|
|
||||||
|
The configuration templates shown below apply to both single-application and domain-level forward auth.
|
||||||
|
|
||||||
|
import Placeholders from "./__placeholders.md";
|
||||||
|
|
||||||
|
<Placeholders />
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="standalone-traefik"
|
||||||
|
values={[
|
||||||
|
{label: 'Standalone traefik', value: 'standalone-traefik'},
|
||||||
|
{label: 'docker-compose', value: 'docker-compose'},
|
||||||
|
{label: 'Ingress', value: 'ingress'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="standalone-traefik">
|
||||||
|
|
||||||
|
import TraefikStandalone from "./_traefik_standalone.md";
|
||||||
|
|
||||||
|
<TraefikStandalone />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
<TabItem value="docker-compose">
|
||||||
|
|
||||||
|
import TraefikCompose from "./_traefik_compose.md";
|
||||||
|
|
||||||
|
<TraefikCompose />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
<TabItem value="ingress">
|
||||||
|
|
||||||
|
import TraefikIngress from "./_traefik_ingress.md";
|
||||||
|
|
||||||
|
<TraefikIngress />
|
||||||
|
|
||||||
|
</TabItem>
|
||||||
|
</Tabs>
|
|
@ -65,7 +65,20 @@ module.exports = {
|
||||||
items: [
|
items: [
|
||||||
"providers/proxy/custom_headers",
|
"providers/proxy/custom_headers",
|
||||||
"providers/proxy/header_authentication",
|
"providers/proxy/header_authentication",
|
||||||
"providers/proxy/forward_auth",
|
{
|
||||||
|
type: "category",
|
||||||
|
label: "Forward authentication",
|
||||||
|
link: {
|
||||||
|
type: "doc",
|
||||||
|
id: "providers/proxy/forward_auth",
|
||||||
|
},
|
||||||
|
items: [
|
||||||
|
"providers/proxy/server_nginx",
|
||||||
|
"providers/proxy/server_traefik",
|
||||||
|
"providers/proxy/server_envoy",
|
||||||
|
"providers/proxy/server_caddy",
|
||||||
|
],
|
||||||
|
},
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Reference in New Issue