From bf7dc5df789be1451eb8a4af92d95b54ca65d73d Mon Sep 17 00:00:00 2001 From: Jens L Date: Mon, 13 Mar 2023 17:29:51 +0100 Subject: [PATCH] website/docs: separate pages for each webserver (#4911) * website/docs: separate pages for each webserver Signed-off-by: Jens Langhammer * Apply suggestions from code review Co-authored-by: Tana M Berry Signed-off-by: Jens L. --------- Signed-off-by: Jens Langhammer Signed-off-by: Jens L. Co-authored-by: Tana M Berry --- .../docs/providers/proxy/__placeholders.md | 6 + .../docs/providers/proxy/_caddy_standalone.md | 2 +- website/docs/providers/proxy/forward_auth.mdx | 134 +----------------- website/docs/providers/proxy/server_caddy.mdx | 28 ++++ website/docs/providers/proxy/server_envoy.mdx | 32 +++++ website/docs/providers/proxy/server_nginx.mdx | 40 ++++++ .../docs/providers/proxy/server_traefik.mdx | 40 ++++++ website/sidebars.js | 15 +- 8 files changed, 165 insertions(+), 132 deletions(-) create mode 100644 website/docs/providers/proxy/__placeholders.md create mode 100644 website/docs/providers/proxy/server_caddy.mdx create mode 100644 website/docs/providers/proxy/server_envoy.mdx create mode 100644 website/docs/providers/proxy/server_nginx.mdx create mode 100644 website/docs/providers/proxy/server_traefik.mdx diff --git a/website/docs/providers/proxy/__placeholders.md b/website/docs/providers/proxy/__placeholders.md new file mode 100644 index 000000000..8c5e20717 --- /dev/null +++ b/website/docs/providers/proxy/__placeholders.md @@ -0,0 +1,6 @@ +:::info +_example-outpost_ is used as a placeholder for the outpost name. +_authentik.company_ is used as a placeholder for the authentik install. +_app.company_ is used as a placeholder for the external domain for the application. +_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_ +::: diff --git a/website/docs/providers/proxy/_caddy_standalone.md b/website/docs/providers/proxy/_caddy_standalone.md index 4676fa656..09e857a6c 100644 --- a/website/docs/providers/proxy/_caddy_standalone.md +++ b/website/docs/providers/proxy/_caddy_standalone.md @@ -25,6 +25,6 @@ If you're trying to proxy to an upstream over HTTPS, you need to set the `Host` ``` reverse_proxy /outpost.goauthentik.io/* https://outpost.company { - header_up Host {http.reverse_proxy.upstream.hostport} + header_up Host {http.reverse_proxy.upstream.hostport} } ``` diff --git a/website/docs/providers/proxy/forward_auth.mdx b/website/docs/providers/proxy/forward_auth.mdx index 44b02b182..3794db5dc 100644 --- a/website/docs/providers/proxy/forward_auth.mdx +++ b/website/docs/providers/proxy/forward_auth.mdx @@ -2,19 +2,14 @@ title: Forward auth --- -import Tabs from "@theme/Tabs"; -import TabItem from "@theme/TabItem"; - -Using forward auth uses your existing reverse proxy to do the proxying, and only uses the -authentik outpost to check authentication and authorization. +Using forward auth uses your existing reverse proxy to do the proxying, and only uses the authentik outpost to check authentication and authorization. To use forward auth instead of proxying, you have to change a couple of settings. In the Proxy Provider, make sure to use one of the Forward auth modes. ## Single application -Single application mode works for a single application hosted on its dedicated subdomain. This -has the advantage that you can still do per-application access policies in authentik. +Single application mode works for a single application hosted on its dedicated subdomain. This has the advantage that you can still do per-application access policies in authentik. ## Domain level @@ -26,131 +21,10 @@ This mode differs from the _Forward auth (single application)_ mode in the follo - You don't have to configure an application in authentik for each domain - Users don't have to authorize multiple times -There are however also some downsides, mainly the fact that you **can't** restrict individual -applications to different users. +There are however also some downsides, mainly the fact that you **can't** restrict individual applications to different users. The only configuration difference between single application and domain level is the host you specify. -For single application, you'd use the domain which the application is running on, and only /outpost.goauthentik.io -is redirected to the outpost. +For single application, you'd use the domain which the application is running on, and only `/outpost.goauthentik.io` is redirected to the outpost. For domain level, you'd use the same domain as authentik. - -:::info -_example-outpost_ is used as a placeholder for the outpost name. -_authentik.company_ is used as a placeholder for the authentik install. -_app.company_ is used as a placeholder for the external domain for the application. -_outpost.company_ is used as a placeholder for the outpost. When using the embedded outpost, this can be the same as _authentik.company_ -::: - -## Nginx - - - - -import NginxStandalone from "./_nginx_standalone.md"; - - - - - - -import NginxIngress from "./_nginx_ingress.md"; - - - - - - -import NginxProxyManager from "./_nginx_proxy_manager.md"; - - - - - - -## Traefik - - - - -import TraefikStandalone from "./_traefik_standalone.md"; - - - - - - -import TraefikCompose from "./_traefik_compose.md"; - - - - - - -import TraefikIngress from "./_traefik_ingress.md"; - - - - - - -## Envoy (Istio) - -:::info -Requires authentik 2022.6 -::: - -:::info -Support for this is still in preview, please report bugs on [GitHub](https://github.com/goauthentik/authentik/issues). -::: - -:::info -If you are using Istio and Kubernetes, use the port number that is exposed for your cluster. -::: - - - - -import EnvoyIstio from "./_envoy_istio.md"; - - - - - - -## Caddy - -:::info -Requires authentik 2022.8 -::: - - - - -import CaddyStandalone from "./_caddy_standalone.md"; - - - - - diff --git a/website/docs/providers/proxy/server_caddy.mdx b/website/docs/providers/proxy/server_caddy.mdx new file mode 100644 index 000000000..fc91561a8 --- /dev/null +++ b/website/docs/providers/proxy/server_caddy.mdx @@ -0,0 +1,28 @@ +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; + +# Caddy + +The configuration template shown below apply to both single-application and domain-level forward auth. + +:::info +Requires authentik 2022.8 +::: + +import Placeholders from "./__placeholders.md"; + + + + + + +import CaddyStandalone from "./_caddy_standalone.md"; + + + + + diff --git a/website/docs/providers/proxy/server_envoy.mdx b/website/docs/providers/proxy/server_envoy.mdx new file mode 100644 index 000000000..fd99dd7b3 --- /dev/null +++ b/website/docs/providers/proxy/server_envoy.mdx @@ -0,0 +1,32 @@ +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; + +# Envoy + +The configuration template shown below apply to both single-application and domain-level forward auth. + +:::info +Requires authentik 2022.6 +::: + +:::info +If you are using Istio and Kubernetes, use the port number that is exposed for your cluster. +::: + +import Placeholders from "./__placeholders.md"; + + + + + + +import EnvoyIstio from "./_envoy_istio.md"; + + + + + diff --git a/website/docs/providers/proxy/server_nginx.mdx b/website/docs/providers/proxy/server_nginx.mdx new file mode 100644 index 000000000..bebd80276 --- /dev/null +++ b/website/docs/providers/proxy/server_nginx.mdx @@ -0,0 +1,40 @@ +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; + +# nginx + +The configuration templates shown below apply to both single-application and domain-level forward auth. + +import Placeholders from "./__placeholders.md"; + + + + + + +import NginxStandalone from "./_nginx_standalone.md"; + + + + + + +import NginxIngress from "./_nginx_ingress.md"; + + + + + + +import NginxProxyManager from "./_nginx_proxy_manager.md"; + + + + + diff --git a/website/docs/providers/proxy/server_traefik.mdx b/website/docs/providers/proxy/server_traefik.mdx new file mode 100644 index 000000000..e11f3dca1 --- /dev/null +++ b/website/docs/providers/proxy/server_traefik.mdx @@ -0,0 +1,40 @@ +import Tabs from "@theme/Tabs"; +import TabItem from "@theme/TabItem"; + +# Traefik + +The configuration templates shown below apply to both single-application and domain-level forward auth. + +import Placeholders from "./__placeholders.md"; + + + + + + +import TraefikStandalone from "./_traefik_standalone.md"; + + + + + + +import TraefikCompose from "./_traefik_compose.md"; + + + + + + +import TraefikIngress from "./_traefik_ingress.md"; + + + + + diff --git a/website/sidebars.js b/website/sidebars.js index 2b48cb0e1..0fd0d1c39 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -65,7 +65,20 @@ module.exports = { items: [ "providers/proxy/custom_headers", "providers/proxy/header_authentication", - "providers/proxy/forward_auth", + { + type: "category", + label: "Forward authentication", + link: { + type: "doc", + id: "providers/proxy/forward_auth", + }, + items: [ + "providers/proxy/server_nginx", + "providers/proxy/server_traefik", + "providers/proxy/server_envoy", + "providers/proxy/server_caddy", + ], + }, ], }, {