Jens L
|
8447e9b9c2
|
providers/proxy: envoy v2 (#3029)
* add path prefix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use prefix correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* only set redirect if session doesn't have a redirect yet
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-03 10:32:52 +02:00 |
|
Jens L
|
f9a419107a
|
outposts/proxyv2: add basic envoy support (#3026)
* outposts/proxyv2: add basic envoy support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* don't crash when backend is not available
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add envoy tests and docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-06-03 00:06:09 +02:00 |
|
Jens L
|
3eb466ff4b
|
lifecycle: cleanup prometheus (#2972)
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-29 21:45:25 +02:00 |
|
Jens L
|
a286f999e2
|
api: migrate to openapi generator v6 (#2968)
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-26 15:15:30 +02:00 |
|
Jens Langhammer
|
646d174dd2
|
internal: revert cookie path on proxy causing redirect loops
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-21 16:26:12 +02:00 |
|
Jens Langhammer
|
ebb44c992b
|
Revert "internal: set SameSite for outpost"
This reverts commit 7e95c756b9 .
|
2022-05-21 14:08:40 +02:00 |
|
Jens Langhammer
|
7e95c756b9
|
internal: set SameSite for outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-21 13:21:45 +02:00 |
|
Jens Langhammer
|
be26b92927
|
internal: cleanup outpost logs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-21 13:18:06 +02:00 |
|
Jens Langhammer
|
a52638d898
|
internal: fix typo in session name constant
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-05-20 10:10:29 +02:00 |
|
Jens Langhammer
|
421b003218
|
internal: set path on cookie for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2305
|
2022-05-11 10:08:38 +02:00 |
|
Jens Langhammer
|
76660e4666
|
internal: add tests with querystring
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-07 22:03:36 +01:00 |
|
Jens Langhammer
|
62a939b91d
|
internal: bump api client to v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-03-03 10:40:07 +01:00 |
|
Jens Langhammer
|
6fdf3ad3e5
|
internal/outpost: improve logging and add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2393
|
2022-02-26 22:29:56 +01:00 |
|
Jens Langhammer
|
744f250d05
|
providers/proxy: always set rd param in addition to session to prevent wrong url in session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-18 10:32:22 +01:00 |
|
Jens Langhammer
|
19b1f3a8c1
|
internal/outpost: fix logic error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-17 20:50:47 +01:00 |
|
Jens Langhammer
|
45f2c5bae7
|
web/admin: fix invalid URLs in example proxy config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-15 23:24:27 +01:00 |
|
Jens Langhammer
|
5d8c1aa0b0
|
outposts/proxy: correctly check host in forward domain redirect
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
|
2022-02-15 14:58:19 +01:00 |
|
Jens Langhammer
|
0101368369
|
outposts/proxy: fix logic error in rd argument
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
|
2022-02-15 13:43:55 +01:00 |
|
Jens Langhammer
|
4854f81592
|
outposts/proxy: correctly handle ?rd= param
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1997
|
2022-02-15 11:05:03 +01:00 |
|
Jens Langhammer
|
908f123d0e
|
website/docs: update nginx config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-15 10:24:08 +01:00 |
|
Jens Langhammer
|
4915e980c5
|
providers/proxy: revert Host header behaviour
closes #2284
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-14 12:39:16 +01:00 |
|
Jens Langhammer
|
1f838bb2aa
|
outposts/proxy: add X-Forwarded-Host since Host now gets changed by the proxy
closes #2284
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-10 23:09:55 +01:00 |
|
Jens L
|
4343246a41
|
*: rename akprox to outpost.goauthentik.io (#2266)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-08 20:25:38 +01:00 |
|
Jens Langhammer
|
7088a6b0e6
|
providers/proxy: fix Host/:Authority not being modified
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-08 16:30:26 +01:00 |
|
Jens Langhammer
|
e758995458
|
providers/proxy: improve error handling for invalid backend_override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-07 19:59:06 +01:00 |
|
Jens Langhammer
|
654e0d6245
|
providers/proxy: fix nil error in claims
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-02-03 17:58:38 +01:00 |
|
Jens Langhammer
|
6021fc0f52
|
providers/proxy: fix backend override persisting for other users
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-30 22:29:34 +01:00 |
|
Jens Langhammer
|
7fd6be5abb
|
providers/proxy: add backend_override
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-30 21:35:08 +01:00 |
|
Jens Langhammer
|
67d550a80d
|
providers/proxy: don't include hostname and scheme in redirect when we only got a path and not a full URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:23:08 +01:00 |
|
Jens Langhammer
|
ebb5711c32
|
providers/proxy: add support for X-Original-URI in nginx, better handle missing headers and report errors to authentik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-27 18:14:02 +01:00 |
|
Jens Langhammer
|
63b3434b6f
|
website/docs: improve nginx examples
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-25 14:25:21 +01:00 |
|
Jens Langhammer
|
1c2b452406
|
outposts/proxy: fix potential empty redirect, add tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2141
|
2022-01-25 10:57:53 +01:00 |
|
Jens Langhammer
|
b32800ea71
|
outposts/proxy: trace full headers to debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 22:08:31 +01:00 |
|
Jens Langhammer
|
ef335ec083
|
outposts/proxy: add more test cases for domain-level auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 21:41:15 +01:00 |
|
Jens Langhammer
|
07b09df3fe
|
internal: add more outpost tests, add support for X-Original-URL
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 20:50:13 +01:00 |
|
Jens Langhammer
|
e70e031a1f
|
internal: start adding tests to outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 20:12:25 +01:00 |
|
Jens Langhammer
|
1dce408c72
|
internal/proxyv2: only allow access to /akprox in nginx mode when forward url could be extracted
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-24 09:30:33 +01:00 |
|
Jens Langhammer
|
af3fb5c2cd
|
internal: use math.MaxInt for compatibility
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1819
|
2022-01-21 23:11:17 +01:00 |
|
Jens Langhammer
|
3bfb8b2cb2
|
outposts/proxyv2: allow access to /akprox urls in forward auth mode to make routing in nginx/traefik easier
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-21 13:43:16 +01:00 |
|
Jens Langhammer
|
9fc5ff4b77
|
outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-21 13:29:51 +01:00 |
|
Jens Langhammer
|
41e7b9b73f
|
outposts/proxyv2: fix before-redirect url not being saved in proxy mode
closes #2109
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-19 19:16:30 +01:00 |
|
Jens Langhammer
|
7f47f93e4e
|
internal: cleanup log messages
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-19 19:01:24 +01:00 |
|
Jens Langhammer
|
14c7d8c4f4
|
internal: route traffic to proxy providers based on cookie domain when multiple domain-level providers exist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#2079
|
2022-01-18 23:19:43 +01:00 |
|
Jens Langhammer
|
c07b8d95d0
|
outposts/proxy: remove deprecated headers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-07 17:01:23 +01:00 |
|
Jens Langhammer
|
ececfc3a30
|
internal: fix comment formatting for TODOs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2022-01-07 09:51:41 +01:00 |
|
Jens Langhammer
|
f246da6b73
|
outposts/proxy: fix error checking for type assertion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-26 14:57:32 +01:00 |
|
Jens Langhammer
|
410d1b97cd
|
outposts/proxy: add support for multiple states, when multiple requests are redirect at once
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-26 14:16:02 +01:00 |
|
Jens Langhammer
|
ba55538a34
|
outposts/proxy: cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 19:16:06 +01:00 |
|
Jens Langhammer
|
f742c73e24
|
outposts/proxy: fix allowlist for forward_auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1970
|
2021-12-21 15:49:25 +01:00 |
|
Jens Langhammer
|
b932b6c963
|
website/docs: update log levels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-12-21 13:15:17 +01:00 |
|