habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/docs: Correct the forward authentication configuration template for Caddy (#11012)

Browse Source 
Correct the forward authentication configuration template for Caddy

The directives were not executed in the given order, but instead, using the implicit sequence defined in https://caddyserver.com/docs/caddyfile/directives#directive-order. Surrounding the directives with route {} fixes this.

Signed-off-by: Andreas <43118918+eulores@users.noreply.github.com>
This commit is contained in:
Andreas
2024-08-21 21:19:34 +02:00
committed by GitHub
parent e0b199f2fe
commit 351a83a400
1 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
website/docs/providers/proxy/_caddy_standalone.md
View File

@ -2,22 +2,25 @@ Use the following configuration:
```
app.company {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000
# directive execution order is only as stated if enclosed with route.
route {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000
# forward authentication to outpost
forward_auth http://outpost.company:9000 {
uri /outpost.goauthentik.io/auth/caddy
# forward authentication to outpost
forward_auth http://outpost.company:9000 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
# actual site configuration below, for example
reverse_proxy localhost:1234
}
# actual site configuration below, for example
reverse_proxy localhost:1234
}
```