trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/docs: add notice to use in-cluster service for nginx forward auth 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-30 21:33:47 +02:00
parent 983882f5a0
commit f6042f29f6
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/src/pages/providers/proxy/ProxyProviderViewPage.ts
View File

@ -48,6 +48,16 @@ export function ModeToLabel(action?: ProxyMode): string {
} }
} }
export function isForward(mode: ProxyMode): boolean {
switch (mode) {
case ProxyMode.Proxy:
return false;
case ProxyMode.ForwardSingle:
case ProxyMode.ForwardDomain:
return true;
}
}
@customElement("ak-provider-proxy-view") @customElement("ak-provider-proxy-view")
export class ProxyProviderViewPage extends LitElement { export class ProxyProviderViewPage extends LitElement {
@property() @property()
@ -246,9 +256,7 @@ export class ProxyProviderViewPage extends LitElement {
<div class="pf-c-card pf-l-grid__item pf-m-12-col"> <div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${t`Setup`}</div> <div class="pf-c-card__title">${t`Setup`}</div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
${[ProxyMode.ForwardSingle, ProxyMode.ForwardDomain].includes( ${isForward(this.provider?.mode || ProxyMode.Proxy)
this.provider?.mode || ProxyMode.Proxy,
)
? html` ? html`
<ak-tabs pageIdentifier="proxy-setup"> <ak-tabs pageIdentifier="proxy-setup">
<section <section

4
website/docs/providers/proxy/_nginx_ingress.md
View File

@ -25,8 +25,10 @@ Add these annotations to the ingress you want to protect
```yaml ```yaml
metadata: metadata:
annotations: annotations:
# This should be the in-cluster DNS name for the authentik outpost service
# as when the external URL is specified here, nginx will overwrite some crucial headers
nginx.ingress.kubernetes.io/auth-url: |- nginx.ingress.kubernetes.io/auth-url: |-
http://outpost.company:9000/outpost.goauthentik.io/auth/nginx http://ak-outpost-example.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL # If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |- nginx.ingress.kubernetes.io/auth-signin: |-
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri