From 3824815d505e89ef0f8fe7615370bba15997fb58 Mon Sep 17 00:00:00 2001
From: Mike Fotinakis <mike@ethosai.com>
Date: Tue, 30 Jul 2024 10:24:39 -0400
Subject: [PATCH] website/docs: update nginx docs for embedded outposts
 (#10422)

* Update nginx docs for embedded outposts.

* Update _nginx_proxy_manager.md

Signed-off-by: Mike Fotinakis <mike@fotinakis.com>

---------

Signed-off-by: Mike Fotinakis <mike@fotinakis.com>
---
 website/docs/providers/proxy/_nginx_proxy_manager.md | 10 +++++++---
 website/docs/providers/proxy/_nginx_standalone.md    | 10 +++++++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/website/docs/providers/proxy/_nginx_proxy_manager.md b/website/docs/providers/proxy/_nginx_proxy_manager.md
index 376cb90373..a4f689ab1d 100644
--- a/website/docs/providers/proxy/_nginx_proxy_manager.md
+++ b/website/docs/providers/proxy/_nginx_proxy_manager.md
@@ -48,10 +48,14 @@ location / {
 
 # all requests to /outpost.goauthentik.io must be accessible without authentication
 location /outpost.goauthentik.io {
-    proxy_pass              http://outpost.company:9000;
-    # ensure the host of this vserver matches your external URL you've configured
-    # in authentik
+    # When using the embedded outpost, use:
+    proxy_pass              http://authentik.company:9000/outpost.goauthentik.io;
+    # For manual outpost deployments:
+    # proxy_pass              http://outpost.company:9000;
+
+    # Note: ensure the Host header matches your external authentik URL:
     proxy_set_header        Host $host;
+
     proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
     add_header              Set-Cookie $auth_cookie;
     auth_request_set        $auth_cookie $upstream_http_set_cookie;
diff --git a/website/docs/providers/proxy/_nginx_standalone.md b/website/docs/providers/proxy/_nginx_standalone.md
index ec3c017483..338a84b8ff 100644
--- a/website/docs/providers/proxy/_nginx_standalone.md
+++ b/website/docs/providers/proxy/_nginx_standalone.md
@@ -52,10 +52,14 @@ server {
 
     # all requests to /outpost.goauthentik.io must be accessible without authentication
     location /outpost.goauthentik.io {
-        proxy_pass              http://outpost.company:9000;
-        # ensure the host of this vserver matches your external URL you've configured
-        # in authentik
+        # When using the embedded outpost, use:
+        proxy_pass              http://authentik.company:9000/outpost.goauthentik.io;
+        # For manual outpost deployments:
+        # proxy_pass              http://outpost.company:9000;
+
+        # Note: ensure the Host header matches your external authentik URL:
         proxy_set_header        Host $host;
+
         proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
         add_header              Set-Cookie $auth_cookie;
         auth_request_set        $auth_cookie $upstream_http_set_cookie;