website/docs: remove duplicate proxy docs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:48:10 +02:00 · 2021-07-22 10:48:10 +02:00 · 285a9b8b1d
parent 66bfa6879d
commit 285a9b8b1d
7 changed files with 23 additions and 50 deletions
--- a/website/docs/outposts/ldap/ldap.md
+++ b/website/docs/outposts/ldap/ldap.md
@ -1,5 +1,5 @@
 ---
-title: LDAP Outpost
+title: LDAP Provider
 ---

 :::info
@ -55,7 +55,7 @@ The following fields are current set for groups:
  - "group"
  - "goauthentik.io/ldap/group"

-A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`.  
+A virtual group is also created for each user, they have the same fields as groups but have an additional objectClass: `goauthentik.io/ldap/virtual-group`.
 The virtual groups gidNumber is equal to the uidNumber of the user.

 **Additionally**, for both users and (non-virtual) groups, any attributes you set are also present as LDAP Attributes.
--- a/website/docs/providers/proxy.md
+++ b/website/docs/providers/proxy.md
@ -1,27 +0,0 @@
---
-title: Proxy Provider
---
-
-:::info
-This provider is to be used in conjunction with [Outposts](../outposts/outposts.md)
-:::
-
-This provider protects applications, which have no built-in support for OAuth2 or SAML. This is done by running a lightweight Reverse Proxy in front of the application, which authenticates the requests.
-
-authentik Proxy is based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), but has been integrated more tightly with authentik.
-
-The Proxy these extra headers to the application:
-
-| Header Name                    | Value                                               |
-| ------------------------------ | --------------------------------------------------- |
-| X-Forwarded-User               | The user's unique identifier (**not the username**) |
-| X-Forwarded-Email              | The user's email address                            |
-| X-Forwarded-Preferred-Username | The user's username                                 |
-| X-Auth-Username                | The user's username                                 |
-
-Additionally, you can add more custom headers using `additionalHeaders` in the User or Group Properties, for example
-
-```yaml
-additionalHeaders:
-    X-additional-header: bar
-```
--- a/website/docs/providers/proxy/forward_auth.mdx
+++ b/website/docs/providers/proxy/forward_auth.mdx
@ -117,7 +117,7 @@ metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://*external host that you configured in authentik*/akprox/auth?nginx
    nginx.ingress.kubernetes.io/auth-signin: https://*external host that you configured in authentik*/akprox/start?rd=$escaped_request_uri
-    nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
+    nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User,X-Auth-Groups
    nginx.ingress.kubernetes.io/auth-snippet: |
       proxy_set_header X-Forwarded-Host $http_host;
 ```
@ -145,6 +145,7 @@ http:
        authResponseHeaders:
          - Set-Cookie
          - X-Auth-Username
+          - X-Auth-Groups
          - X-Forwarded-Email
          - X-Forwarded-Preferred-Username
          - X-Forwarded-User
@ -211,7 +212,7 @@ services:
      traefik.http.routers.authentik.tls: true
      traefik.http.middlewares.authentik.forwardauth.address: http://authentik_proxy:4180/akprox/auth?traefik
      traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
-      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-Auth-Username,X-Auth-Groups,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-User
    restart: unless-stopped

  whoami:
@ -241,6 +242,7 @@ spec:
    authResponseHeaders:
      - Set-Cookie
      - X-Auth-Username
+      - X-Auth-Groups
      - X-Forwarded-Email
      - X-Forwarded-Preferred-Username
      - X-Forwarded-User
--- a/website/docs/providers/proxy/proxy.md
+++ b/website/docs/providers/proxy/proxy.md
@ -1,11 +1,12 @@
 ---
-title: Proxy Outpost
+title: Proxy provider
 ---

 The proxy outpost sets the following headers:

 ```
 X-Auth-Username: akadmin # The username of the currently logged in user
+X-Auth-Groups: foo|bar|baz # The groups the user is member of, separated by a pipe
 X-Forwarded-Email: root@localhost # The email address of the currently logged in user
 X-Forwarded-Preferred-Username: akadmin  # The username of the currently logged in user
 X-Forwarded-User: 900347b8a29876b45ca6f75722635ecfedf0e931c6022e3a29a8aa13fb5516fb # The hashed identifier of the currently logged in user.
--- a/website/docs/releases/v0.10.md
+++ b/website/docs/releases/v0.10.md
@ -13,7 +13,7 @@ This update brings a lot of big features, such as:

    Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new authentik Proxy integrates more tightly with authentik via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on authentik Keypairs, and more.

-    See [Proxy](../providers/proxy.md)
+    See [Proxy](../providers/proxy/proxy.md)

 - Outpost System

--- a/website/docs/releases/v2021.5.md
+++ b/website/docs/releases/v2021.5.md
@ -20,7 +20,7 @@ This feature is still in technical preview, so please report any Bugs you run in
 - Compatibility with forwardAuth/auth_request

    The authentik proxy is now compatible with forwardAuth (traefik) / auth_request (nginx). All that is required is the latest version of the outpost,
-    and the correct config from [here](../outposts/proxy/forward_auth.mdx).
+    and the correct config from [here](../providers/proxy/forward_auth.mdx).

 - Docker images for ARM

--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -23,7 +23,19 @@ module.exports = {
        {
            type: "category",
            label: "Providers",
-            items: ["providers/oauth2", "providers/saml", "providers/proxy"],
+            items: [
+                "providers/oauth2",
+                "providers/saml",
+                {
+                    type: "category",
+                    label: "Proxy",
+                    items: [
+                        "providers/proxy/proxy",
+                        "providers/proxy/forward_auth",
+                    ],
+                },
+                "providers/ldap",
+            ],
        },
        {
            type: "category",
@ -39,21 +51,6 @@ module.exports = {
                        "outposts/manual-deploy-kubernetes",
                    ],
                },
-                {
-                    type: "category",
-                    label: "Proxy",
-                    items: [
-                        "outposts/proxy/proxy",
-                        "outposts/proxy/forward_auth",
-                    ],
-                },
-                {
-                    type: "category",
-                    label: "LDAP",
-                    items: [
-                        "outposts/ldap/ldap",
-                    ],
-                },
            ],
        },
        {