habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

*: rename akprox to outpost.goauthentik.io (#2266)

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-02-08 20:25:38 +01:00
committed by GitHub
parent 3f6f83b4b6
commit 4343246a41
45 changed files with 355 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
website/docs/providers/proxy/_nginx_ingress.md
View File

@ -15,7 +15,7 @@ spec:
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
serviceName: ak-outpost-example-outpost
servicePort: 9000
path: /akprox
path: /outpost.goauthentik.io
```
This ingress handles authentication requests, and the sign-in flow.
@ -26,9 +26,9 @@ Add these annotations to the ingress you want to protect
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: |
https://outpost.company/akprox/auth/nginx
https://outpost.company/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |
https://outpost.company/akprox/start?rd=$escaped_request_uri
https://outpost.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |

14
website/docs/providers/proxy/_nginx_proxy_manager.md
View File

@ -12,8 +12,8 @@ location / {
proxy_pass $forward_scheme://$server:$port;
# authentik-specific config
auth_request /akprox/auth/nginx;
error_page 401 = @akprox_signin;
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
@ -31,9 +31,9 @@ location / {
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /akprox must be accessible without authentication
location /akprox {
proxy_pass http://outpost.company:9000/akprox;
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass http://outpost.company:9000/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
@ -44,9 +44,9 @@ location /akprox {
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @akprox_signin {
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /akprox/start?rd=$request_uri;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
}
```

16
website/docs/providers/proxy/_nginx_standalone.md
View File

@ -19,10 +19,10 @@ server {
# proxy_pass http://localhost:5000;
# authentik-specific config
auth_request /akprox/auth/nginx;
error_page 401 = @akprox_signin;
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# error_page 401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
# error_page 401 =302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
@ -40,9 +40,9 @@ server {
proxy_set_header X-authentik-uid $authentik_uid;
}
# all requests to /akprox must be accessible without authentication
location /akprox {
proxy_pass http://outpost.company:9000/akprox;
# all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass http://outpost.company:9000/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
@ -53,10 +53,10 @@ server {
# Special location for when the /auth endpoint returns a 401,
# redirect to the /start URL which initiates SSO
location @akprox_signin {
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /akprox/start?rd=$request_uri;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
}
}
```

4
website/docs/providers/proxy/_traefik_compose.md
View File

@ -30,9 +30,9 @@ services:
labels:
traefik.enable: true
traefik.port: 9000
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/akprox/`)
traefik.http.routers.authentik.rule: Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)
# `authentik-proxy` refers to the service name in the compose file.
traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/akprox/auth/traefik
traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/outpost.goauthentik.io/auth/traefik
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
restart: unless-stopped

4
website/docs/providers/proxy/_traefik_ingress.md
View File

@ -7,7 +7,7 @@ metadata:
name: authentik
spec:
forwardAuth:
address: http://outpost.company:9000/akprox/auth/traefik
address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
@ -41,7 +41,7 @@ spec:
services: # Unchanged
# This part is only required for single-app setups
- kind: Rule
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
services:
- kind: Service

6
website/docs/providers/proxy/_traefik_standalone.md
View File

@ -3,7 +3,7 @@ http:
middlewares:
authentik:
forwardAuth:
address: http://outpost.company:9000/akprox/auth/traefik
address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
@ -25,7 +25,7 @@ http:
priority: 10
services: # Unchanged
default-router-auth:
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
services: http://outpost.company:9000/akprox
services: http://outpost.company:9000/outpost.goauthentik.io
```

2
website/docs/providers/proxy/forward_auth.mdx
View File

@ -27,7 +27,7 @@ applications to different users.
The only configuration difference between single application and domain level is the host you specify.
For single application, you'd use the domain which the application is running on, and only /akprox
For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io
is redirected to the outpost.
For domain level, you'd use the same domain as authentik.

6
website/docs/providers/proxy/proxy.md
View File

@ -58,11 +58,11 @@ If your upstream host is HTTPS, and you're not using forward auth, you need to a
Login is done automatically when you visit the domain without a valid cookie.
When using single-application mode, navigate to `app.domain.tld/akprox/sign_out`.
When using single-application mode, navigate to `app.domain.tld/outpost.goauthentik.io/sign_out`.
When using domain-level mode, navigate to `auth.domain.tld/akprox/sign_out`, where auth.domain.tld is the external host configured for the provider.
When using domain-level mode, navigate to `auth.domain.tld/outpost.goauthentik.io/sign_out`, where auth.domain.tld is the external host configured for the provider.
To log out, navigate to `/akprox/sign_out`.
To log out, navigate to `/outpost.goauthentik.io/sign_out`.
## Allowing unauthenticated requests