website: Flesh out docs split.
website: Copy files during build. website: Allow for mixed env builds. website: Reduce build size. website: Expose build. website: Add build memory debugging. WIP: Disable broken links check to compare memory usage. website: Update deps. website: Clean up API paths. website: Flesh out 3.8 fixes. Format. website: Update ignore paths. Website: Clean up integrations build. website: Fix paths. website: Optimize remark. website: Update deps. website: Format. website: Remove linking. website: Fix paths. wip: Attempt API only build. Prep. Migrate render to runtime. Tidy sidebar. Clean up templates. docs: Move directory. WIP docs: Flesh out split. website: Fix issue where routes have collisions.
This commit is contained in:
Teffen Ellis
40
docs/topics/add-secure-apps/providers/proxy/forward_auth.mdx
Normal file
40
docs/topics/add-secure-apps/providers/proxy/forward_auth.mdx
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
title: Forward auth
|
||||
---
|
||||
|
||||
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
|
||||
|
||||
To use forward auth instead of proxying, you have to change a couple of settings.
|
||||
In the Proxy Provider, make sure to use one of the Forward auth modes.
|
||||
|
||||
## Forward auth modes
|
||||
|
||||
The only configuration difference between single application mode and domain level mode is the host that you specify.
|
||||
|
||||
For single application, you'd use the domain that the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
|
||||
|
||||
For domain level, you'd use the same domain as authentik.
|
||||
|
||||
### Single application
|
||||
|
||||
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
|
||||
|
||||
### Domain level
|
||||
|
||||
To use forward auth instead of proxying, you have to change a couple of settings.
|
||||
In the Proxy Provider, make sure to use the _Forward auth (domain level)_ mode.
|
||||
|
||||
This mode differs from the _Forward auth (single application)_ mode in the following points:
|
||||
|
||||
- You don't have to configure an application in authentik for each domain
|
||||
- Users don't have to authorize multiple times
|
||||
|
||||
There are, however, also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
|
||||
|
||||
## Configuration templates
|
||||
|
||||
For configuration templates for each web server, refer to the following:
|
||||
|
||||
import DocCardList from "@theme/DocCardList";
|
||||
|
||||
<DocCardList />
|
||||
Reference in New Issue
Block a user