3996bdac33
* website: Bump prettier from 3.3.3 to 3.4.1 in /website Bumps [prettier](https://github.com/prettier/prettier) from 3.3.3 to 3.4.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * update formatting Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh Signed-off-by: Jens Langhammer <jens@goauthentik.io> * disable flaky test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
41 lines
1.5 KiB
Plaintext
41 lines
1.5 KiB
Plaintext
---
|
|
title: Forward auth
|
|
---
|
|
|
|
Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization.
|
|
|
|
To use forward auth instead of proxying, you have to change a couple of settings.
|
|
In the Proxy Provider, make sure to use one of the Forward auth modes.
|
|
|
|
## Forward auth modes
|
|
|
|
The only configuration difference between single application mode and domain level mode is the host that you specify.
|
|
|
|
For single application, you'd use the domain that the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost.
|
|
|
|
For domain level, you'd use the same domain as authentik.
|
|
|
|
### Single application
|
|
|
|
Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik.
|
|
|
|
### Domain level
|
|
|
|
To use forward auth instead of proxying, you have to change a couple of settings.
|
|
In the Proxy Provider, make sure to use the _Forward auth (domain level)_ mode.
|
|
|
|
This mode differs from the _Forward auth (single application)_ mode in the following points:
|
|
|
|
- You don't have to configure an application in authentik for each domain
|
|
- Users don't have to authorize multiple times
|
|
|
|
There are, however, also some downsides, mainly the fact that you **can't** restrict individual applications to different users.
|
|
|
|
## Configuration templates
|
|
|
|
For configuration templates for each web server, refer to the following:
|
|
|
|
import DocCardList from "@theme/DocCardList";
|
|
|
|
<DocCardList />
|