website/docs: update nginx config

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

internal/outpost/proxyv2/application/oauth.go

@@ -62,8 +62,8 @@ func (a *Application) handleCallback(rw http.ResponseWriter, r *http.Request) {
 	redirect := a.proxyConfig.ExternalHost
 	redirectR, ok := s.Values[constants.SessionRedirect]
 	if ok {
-		a.log.WithField("redirect", redirectR).Trace("got final redirect from session")
 		redirect = redirectR.(string)
 	}
+	a.log.WithField("redirect", redirect).Trace("final redirect")
 	http.Redirect(rw, r, redirect, http.StatusFound)
 }

web/src/locales/en.po

@@ -956,8 +956,12 @@ msgid "Configuration flow"
 msgstr "Configuration flow"
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Configuration stage"
+#~ msgid "Configuration stage"
-msgstr "Configuration stage"
+#~ msgstr "Configuration stage"
+
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Configuration stages"
+msgstr "Configuration stages"
 
 #: 
 #~ msgid "Configure WebAuthn"
@@ -4495,8 +4499,8 @@ msgid "Stage type"
 msgstr "Stage type"
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+#~ msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
-msgstr "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+#~ msgstr "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
 
 #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 msgid "Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator)."
@@ -4555,6 +4559,10 @@ msgstr "Stages"
 msgid "Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow."
 msgstr "Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow."
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+msgstr "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+
 #: src/pages/outposts/ServiceConnectionListPage.ts
 msgid "State"
 msgstr "State"
@@ -6052,6 +6060,10 @@ msgstr "When enabled, the invitation will be deleted after usage."
 msgid "When enabled, user fields are matched regardless of their casing."
 msgstr "When enabled, user fields are matched regardless of their casing."
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "When multiple stages are selected, the user can choose which one they want to enroll."
+msgstr "When multiple stages are selected, the user can choose which one they want to enroll."
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks."
 msgstr "When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks."

web/src/locales/fr_FR.po

@@ -958,8 +958,12 @@ msgid "Configuration flow"
 msgstr "Flux de configuration"
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Configuration stage"
+#~ msgid "Configuration stage"
-msgstr "Étape de configuration"
+#~ msgstr "Étape de configuration"
+
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Configuration stages"
+msgstr ""
 
 #: 
 #~ msgid "Configure WebAuthn"
@@ -4456,8 +4460,8 @@ msgid "Stage type"
 msgstr "Type d'étape"
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+#~ msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
-msgstr "Étape utilisée pour configurer l'Authenticator lorsqu'un utilisateur n'a pas d'appareil compatible. Une fois cette étape franchie, l'utilisateur ne sera plus sollicité."
+#~ msgstr "Étape utilisée pour configurer l'Authenticator lorsqu'un utilisateur n'a pas d'appareil compatible. Une fois cette étape franchie, l'utilisateur ne sera plus sollicité."
 
 #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 msgid "Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator)."
@@ -4516,6 +4520,10 @@ msgstr "Étapes"
 msgid "Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow."
 msgstr "Les étapes sont des étapes simples d'un flux au travers duquel un utilisateur est guidé. Une étape peut être uniquement exécutée à l'intérieur d'un flux."
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionListPage.ts
 msgid "State"
 msgstr "État"
@@ -5991,6 +5999,10 @@ msgstr "Si activée, l'invitation sera supprimée après utilisation."
 msgid "When enabled, user fields are matched regardless of their casing."
 msgstr "Si activé, les champs de l'utilisateur sont mis en correspondance en ignorant leur casse."
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "When multiple stages are selected, the user can choose which one they want to enroll."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks."
 msgstr "Si activée, un champ de mot de passe est affiché sur la même page au lieu d'une page séparée. Cela permet d'éviter les attaques par énumération de noms d'utilisateur."

web/src/locales/pseudo-LOCALE.po

@@ -950,7 +950,11 @@ msgid "Configuration flow"
 msgstr ""
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Configuration stage"
+#~ msgid "Configuration stage"
+#~ msgstr ""
+
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Configuration stages"
 msgstr ""
 
 #: 
@@ -4485,8 +4489,8 @@ msgid "Stage type"
 msgstr ""
 
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
-msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+#~ msgid "Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
-msgstr ""
+#~ msgstr ""
 
 #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
 msgid "Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator)."
@@ -4545,6 +4549,10 @@ msgstr ""
 msgid "Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow."
 msgstr ""
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
+msgstr ""
+
 #: src/pages/outposts/ServiceConnectionListPage.ts
 msgid "State"
 msgstr ""
@@ -6032,6 +6040,10 @@ msgstr ""
 msgid "When enabled, user fields are matched regardless of their casing."
 msgstr ""
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "When multiple stages are selected, the user can choose which one they want to enroll."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks."
 msgstr ""

website/docs/providers/proxy/_nginx_proxy_manager.md

@@ -48,5 +48,7 @@ location @goauthentik_proxy_signin {
     internal;
     add_header Set-Cookie $auth_cookie;
     return 302 /akprox/start?rd=$request_uri;
+    # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
+    # return 302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
 }
 ```

website/docs/providers/proxy/_nginx_standalone.md

@@ -21,8 +21,6 @@ server {
         # authentik-specific config
         auth_request        /akprox/auth/nginx;
         error_page          401 = @goauthentik_proxy_signin;
-        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
-        # error_page          401 =302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
         auth_request_set $auth_cookie $upstream_http_set_cookie;
         add_header Set-Cookie $auth_cookie;
 
@@ -57,6 +55,8 @@ server {
         internal;
         add_header Set-Cookie $auth_cookie;
         return 302 /akprox/start?rd=$request_uri;
+        # For domain level, use the below error_page to redirect to your authentik server with the full redirect path
+        # return 302 https://authentik.company/akprox/start?rd=$scheme://$http_host$request_uri;
     }
 }
 ```