website/docs: revert traefik to not use header regex

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-22 15:30:01 +01:00 · 2021-12-22 15:30:01 +01:00 · 15803dc67d
parent ff37e064c9
commit 15803dc67d
3 changed files with 25 additions and 3 deletions
--- a/website/docs/providers/proxy/_traefik_compose.md
+++ b/website/docs/providers/proxy/_traefik_compose.md
@ -34,7 +34,7 @@ services:
      # `authentik-proxy` refers to the service name in the compose file.
      traefik.http.middlewares.authentik.forwardauth.address: http://authentik-proxy:9000/akprox/auth/traefik
      traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
-      traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^(Auth|Remote|X).*$$
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version
    restart: unless-stopped

  whoami:
--- a/website/docs/providers/proxy/_traefik_ingress.md
+++ b/website/docs/providers/proxy/_traefik_ingress.md
@ -9,7 +9,18 @@ spec:
  forwardAuth:
    address: http://outpost.company:9000/akprox/auth/traefik
    trustForwardHeader: true
-    authResponseHeadersRegex: ^(Auth|Remote|X).*$
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
 ```

 Add the following settings to your IngressRoute
--- a/website/docs/providers/proxy/_traefik_standalone.md
+++ b/website/docs/providers/proxy/_traefik_standalone.md
@ -5,7 +5,18 @@ http:
      forwardAuth:
        address: http://outpost.company:9000/akprox/auth/traefik
        trustForwardHeader: true
-        authResponseHeadersRegex: ^(Auth|Remote|X).*$
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
  routers:
    default-router:
      rule: "Host(`app.company`)"