website/docs: start troubleshooting page for forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
29b0eae43f
commit
6a4efaecb0
62
website/docs/troubleshooting/forward_auth/general.mdx
Normal file
62
website/docs/troubleshooting/forward_auth/general.mdx
Normal file
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
title: General troubleshooting steps
|
||||
---
|
||||
|
||||
import Tabs from "@theme/Tabs";
|
||||
import TabItem from "@theme/TabItem";
|
||||
|
||||
## Set the log level to TRACE
|
||||
|
||||
Setting the log level to trace configures the outpost to trace-log all the headers given in forward auth requests.
|
||||
|
||||
This is helpful to confirm that certain required Headers are correctly forwarded from the reverse proxy.
|
||||
|
||||
### When using the embedded Outpost
|
||||
|
||||
Set the authentik log level to `TRACE`:
|
||||
|
||||
<Tabs
|
||||
groupId="platform"
|
||||
defaultValue="docker-compose"
|
||||
values={[
|
||||
{label: 'docker-compose', value: 'docker-compose'},
|
||||
{label: 'Kubernetes', value: 'kubernetes'},
|
||||
]}>
|
||||
<TabItem value="docker-compose">
|
||||
Add the following block to your `.env` file:
|
||||
|
||||
```shell
|
||||
AUTHENTIK_LOG_LEVEL=trace
|
||||
```
|
||||
|
||||
Afterwards, run `docker-compose up -d`.
|
||||
|
||||
</TabItem>
|
||||
<TabItem value="kubernetes">
|
||||
Add the following block to your `values.yml` file:
|
||||
|
||||
```yaml
|
||||
authentik:
|
||||
log_level: trace
|
||||
```
|
||||
|
||||
Afterwards, upgrade helm release.
|
||||
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
### When using a standard outpost
|
||||
|
||||
Edit the outpost settings and set `log_level: trace`. This setting should propagate to the outpost instances within a couple seconds.
|
||||
|
||||
## Ensure `/outpost.goauthentik.io` is accessible
|
||||
|
||||
Everything under `/outpost.goauthentik.io` should be publicly accessible, as URLs under this path are used for authentication.
|
||||
|
||||
To check this, run `curl -v https://app.company/outpost.goauthentik.io/ping`. A correct setup should contain output looking like this:
|
||||
|
||||
```
|
||||
[...]
|
||||
< HTTP/2 204
|
||||
[...]
|
||||
```
|
|
@ -48,14 +48,16 @@ module.exports = {
|
|||
},
|
||||
{
|
||||
type: "dropdown",
|
||||
label: `Version ${latestVersion}`,
|
||||
label: `Version: latest`,
|
||||
position: "right",
|
||||
items: releases.map((release) => {
|
||||
const subdomain = release
|
||||
.replace("releases/v", "")
|
||||
.replace(".", "-");
|
||||
const label =
|
||||
"Version: " + release.replace("releases/", "");
|
||||
return {
|
||||
label: release.replace("releases/", ""),
|
||||
label: label,
|
||||
href: `https://version-${subdomain}.goauthentik.io`,
|
||||
};
|
||||
}),
|
||||
|
|
|
@ -241,6 +241,18 @@ module.exports = {
|
|||
description: "Troubleshooting various issues",
|
||||
},
|
||||
items: [
|
||||
{
|
||||
type: "category",
|
||||
label: "Forward auth",
|
||||
items: ["troubleshooting/forward_auth/general"],
|
||||
link: {
|
||||
type: "generated-index",
|
||||
title: "Forward auth troubleshooting",
|
||||
slug: "troubleshooting/forward_auth",
|
||||
description:
|
||||
"Steps to help debug forward auth setups with various reverse proxies.",
|
||||
},
|
||||
},
|
||||
"troubleshooting/access",
|
||||
"troubleshooting/emails",
|
||||
"troubleshooting/login",
|
||||
|
|
Reference in a new issue