web/admin: improve wording for froward_auth, don't show setup when using proxy mode

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-13 15:36:05 +01:00
parent 5f0f4284a2
commit caab396b56
5 changed files with 189 additions and 69 deletions

View file

@ -296,6 +296,10 @@ msgstr "Alternatively, if your current device has Duo installed, click on this l
msgid "Always require consent"
msgstr "Always require consent"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "An example setup can look like this:"
msgstr "An example setup can look like this:"
#: src/pages/stages/prompt/PromptForm.ts
msgid "Any HTML can be used."
msgstr "Any HTML can be used."
@ -445,6 +449,10 @@ msgstr "Authentication"
msgid "Authentication Type"
msgstr "Authentication Type"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Authentication URL"
msgstr "Authentication URL"
#: src/pages/sources/oauth/OAuthSourceForm.ts
#: src/pages/sources/plex/PlexSourceForm.ts
#: src/pages/sources/saml/SAMLSourceForm.ts
@ -1855,7 +1863,6 @@ msgstr "External Applications which use authentik as Identity-Provider, utilizin
msgid "External Host"
msgstr "External Host"
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "External host"
@ -2344,6 +2351,10 @@ msgstr "Import certificates of external providers or create certificates to sign
msgid "In case you can't access any other method."
msgstr "In case you can't access any other method."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com."
msgstr "In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com."
#: src/pages/users/UserListPage.ts
msgid "Inactive"
msgstr "Inactive"
@ -2996,6 +3007,10 @@ msgstr "No Stages bound"
msgid "No additional data available."
msgstr "No additional data available."
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "No additional setup is required."
msgstr "No additional setup is required."
#: src/elements/forms/ModalForm.ts
msgid "No form found"
msgstr "No form found"
@ -3210,8 +3225,8 @@ msgid "Optionally set the 'FriendlyName' value of the Assertion attribute."
msgstr "Optionally set the 'FriendlyName' value of the Assertion attribute."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#~ msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#~ msgstr "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#: src/pages/flows/BoundStagesList.ts
#: src/pages/flows/StageBindingForm.ts
@ -4109,6 +4124,10 @@ msgstr "Set a custom HTTP-Basic Authentication header based on values from authe
msgid "Set custom attributes using YAML or JSON."
msgstr "Set custom attributes using YAML or JSON."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr "Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "Setup"
msgstr "Setup"
@ -4845,8 +4864,12 @@ msgid "The external URL you'll access the application at. Include any non-standa
msgstr "The external URL you'll access the application at. Include any non-standard port."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
msgstr "The external URL you'll authenticate at. Can be the same domain as authentik."
#~ msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
#~ msgstr "The external URL you'll authenticate at. Can be the same domain as authentik."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
msgstr "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
#:
#~ msgid "The following objects use {0}:"
@ -5782,6 +5805,10 @@ msgstr "You're about to be redirect to the following URL."
msgid "You're currently impersonating {0}. Click to stop."
msgstr "You're currently impersonating {0}. Click to stop."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "app1 running on app1.example.com"
msgstr "app1 running on app1.example.com"
#:
#~ msgid "authentik Builtin Database"
#~ msgstr "authentik Builtin Database"
@ -5790,6 +5817,10 @@ msgstr "You're currently impersonating {0}. Click to stop."
#~ msgid "authentik LDAP Backend"
#~ msgstr "authentik LDAP Backend"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "authentik running on auth.example.com"
msgstr "authentik running on auth.example.com"
#: src/elements/forms/DeleteForm.ts
msgid "connecting object will be deleted"
msgstr "connecting object will be deleted"

View file

@ -300,6 +300,10 @@ msgstr "Sinon, si Duo est installé sur cet appareil, cliquez sur ce lien :"
msgid "Always require consent"
msgstr "Toujours exiger l'approbation"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "An example setup can look like this:"
msgstr ""
#: src/pages/stages/prompt/PromptForm.ts
msgid "Any HTML can be used."
msgstr ""
@ -449,6 +453,10 @@ msgstr "Authentification"
msgid "Authentication Type"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Authentication URL"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#: src/pages/sources/plex/PlexSourceForm.ts
#: src/pages/sources/saml/SAMLSourceForm.ts
@ -1841,7 +1849,6 @@ msgstr "Applications externes qui utilisent authentik comme fournisseur d'identi
msgid "External Host"
msgstr "Hôte externe"
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "External host"
@ -2327,6 +2334,10 @@ msgstr "Importer les certificats des fournisseurs externes ou créer des certifi
msgid "In case you can't access any other method."
msgstr "Au cas où aucune autre méthode ne soit disponible."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Inactive"
msgstr "Inactif"
@ -2974,6 +2985,10 @@ msgstr "Aucune étape liée"
msgid "No additional data available."
msgstr "Aucune donnée additionnelle disponible."
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "No additional setup is required."
msgstr ""
#: src/elements/forms/ModalForm.ts
msgid "No form found"
msgstr "Aucun formulaire trouvé"
@ -3185,8 +3200,8 @@ msgid "Optionally set the 'FriendlyName' value of the Assertion attribute."
msgstr "Indiquer la valeur \"FriendlyName\" de l'attribut d'assertion (optionnel)"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr "Indiquer votre domaine parent (optionnel), si vous souhaitez que l'authentification et l'autorisation soient réalisés au niveau du domaine. Si vous exécutez des applications sur app1.domain.tld, app2.domain.tld, indiquez ici \"domain.tld\"."
#~ msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#~ msgstr "Indiquer votre domaine parent (optionnel), si vous souhaitez que l'authentification et l'autorisation soient réalisés au niveau du domaine. Si vous exécutez des applications sur app1.domain.tld, app2.domain.tld, indiquez ici \"domain.tld\"."
#: src/pages/flows/BoundStagesList.ts
#: src/pages/flows/StageBindingForm.ts
@ -4072,6 +4087,10 @@ msgstr "Définir un en-tête d'authentification HTTP-Basic personnalisé basé s
msgid "Set custom attributes using YAML or JSON."
msgstr "Définissez des attributs personnalisés via YAML ou JSON."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "Setup"
msgstr ""
@ -4799,8 +4818,12 @@ msgid "The external URL you'll access the application at. Include any non-standa
msgstr "L'URL externe par laquelle vous accéderez à l'application. Incluez un port non-standard si besoin."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
msgstr "L'URL externe sur laquelle vous vous authentifierez. Cela peut être le même domaine qu'authentik."
#~ msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
#~ msgstr "L'URL externe sur laquelle vous vous authentifierez. Cela peut être le même domaine qu'authentik."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
msgstr ""
#~ msgid "The following objects use {0}:"
#~ msgstr "Les objets suivants utilisent {0} :"
@ -5718,12 +5741,20 @@ msgstr "Vous allez être redirigé vers l'URL suivante."
msgid "You're currently impersonating {0}. Click to stop."
msgstr "Vous êtes en train de vous faire passer pour {0}. Cliquez pour arrêter."
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "app1 running on app1.example.com"
msgstr ""
#~ msgid "authentik Builtin Database"
#~ msgstr "Base de données intégrée à authentik"
#~ msgid "authentik LDAP Backend"
#~ msgstr "Backend LDAP authentik"
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "authentik running on auth.example.com"
msgstr ""
#: src/elements/forms/DeleteForm.ts
msgid "connecting object will be deleted"
msgstr "L'objet connecté sera supprimé"

View file

@ -296,6 +296,10 @@ msgstr ""
msgid "Always require consent"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "An example setup can look like this:"
msgstr ""
#: src/pages/stages/prompt/PromptForm.ts
msgid "Any HTML can be used."
msgstr ""
@ -441,6 +445,10 @@ msgstr ""
msgid "Authentication Type"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Authentication URL"
msgstr ""
#: src/pages/sources/oauth/OAuthSourceForm.ts
#: src/pages/sources/plex/PlexSourceForm.ts
#: src/pages/sources/saml/SAMLSourceForm.ts
@ -1847,7 +1855,6 @@ msgstr ""
msgid "External Host"
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "External host"
@ -2336,6 +2343,10 @@ msgstr ""
msgid "In case you can't access any other method."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Inactive"
msgstr ""
@ -2986,6 +2997,10 @@ msgstr ""
msgid "No additional data available."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "No additional setup is required."
msgstr ""
#: src/elements/forms/ModalForm.ts
msgid "No form found"
msgstr ""
@ -3200,8 +3215,8 @@ msgid "Optionally set the 'FriendlyName' value of the Assertion attribute."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr ""
#~ msgid "Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
#~ msgstr ""
#: src/pages/flows/BoundStagesList.ts
#: src/pages/flows/StageBindingForm.ts
@ -4099,6 +4114,10 @@ msgstr ""
msgid "Set custom attributes using YAML or JSON."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderViewPage.ts
msgid "Setup"
msgstr ""
@ -4835,7 +4854,11 @@ msgid "The external URL you'll access the application at. Include any non-standa
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
#~ msgid "The external URL you'll authenticate at. Can be the same domain as authentik."
#~ msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "The external URL you'll authenticate at. The authentik core server should be reachable under this URL."
msgstr ""
#:
@ -5760,6 +5783,10 @@ msgstr ""
msgid "You're currently impersonating {0}. Click to stop."
msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "app1 running on app1.example.com"
msgstr ""
#:
#~ msgid "authentik Builtin Database"
#~ msgstr ""
@ -5768,6 +5795,10 @@ msgstr ""
#~ msgid "authentik LDAP Backend"
#~ msgstr ""
#: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "authentik running on auth.example.com"
msgstr ""
#: src/elements/forms/DeleteForm.ts
msgid "connecting object will be deleted"
msgstr ""

View file

@ -7,6 +7,7 @@ import { ifDefined } from "lit/directives/if-defined.js";
import { until } from "lit/directives/until.js";
import PFContent from "@patternfly/patternfly/components/Content/content.css";
import PFList from "@patternfly/patternfly/components/List/list.css";
import PFToggleGroup from "@patternfly/patternfly/components/ToggleGroup/toggle-group.css";
import PFSpacing from "@patternfly/patternfly/utilities/Spacing/spacing.css";
@ -32,6 +33,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
return super.styles.concat(
PFToggleGroup,
PFContent,
PFList,
PFSpacing,
css`
.pf-c-toggle-group {
@ -162,7 +164,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
renderSettings(): TemplateResult {
switch (this.mode) {
case ProxyMode.Proxy:
return html` <p class="pf-u-mb-xl">
return html`<p class="pf-u-mb-xl">
${t`This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well.`}
</p>
<ak-form-element-horizontal
@ -211,7 +213,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
</p>
</ak-form-element-horizontal>`;
case ProxyMode.ForwardSingle:
return html` <p class="pf-u-mb-xl">
return html`<p class="pf-u-mb-xl">
${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /akprox must be routed to the outpost (when using a manged outpost, this is done for you).`}
</p>
<ak-form-element-horizontal
@ -230,11 +232,19 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
</p>
</ak-form-element-horizontal>`;
case ProxyMode.ForwardDomain:
return html` <p class="pf-u-mb-xl">
return html`<p class="pf-u-mb-xl">
${t`Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.`}
</p>
<div class="pf-u-mb-xl">
${t`An example setup can look like this:`}
<ul class="pf-c-list">
<li>${t`authentik running on auth.example.com`}</li>
<li>${t`app1 running on app1.example.com`}</li>
</ul>
${t`In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com.`}
</div>
<ak-form-element-horizontal
label=${t`External host`}
label=${t`Authentication URL`}
?required=${true}
name="externalHost"
>
@ -245,10 +255,14 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
required
/>
<p class="pf-c-form__helper-text">
${t`The external URL you'll authenticate at. Can be the same domain as authentik.`}
${t`The external URL you'll authenticate at. The authentik core server should be reachable under this URL.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Cookie domain`} name="cookieDomain">
<ak-form-element-horizontal
label=${t`Cookie domain`}
name="cookieDomain"
?required=${true}
>
<input
type="text"
value="${ifDefined(this.instance?.cookieDomain)}"
@ -256,7 +270,7 @@ export class ProxyProviderFormPage extends ModelForm<ProxyProvider, number> {
required
/>
<p class="pf-c-form__helper-text">
${t`Optionally set this to your parent domain, if you want authentication and authorization to happen on a domain level. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.`}
${t`Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'.`}
</p>
</ak-form-element-horizontal>`;
}

View file

@ -92,10 +92,17 @@ export class ProxyProviderViewPage extends LitElement {
renderConfigTemplate(tmpl: string): TemplateResult {
// See website/docs/providers/proxy/forward_auth.mdx
const final = tmpl
.replaceAll("authentik.company", window.location.hostname)
.replaceAll("outpost.company", window.location.hostname)
.replaceAll("app.company", this.provider?.externalHost || "");
let final = "";
if (this.provider?.mode === ProxyMode.ForwardSingle) {
final = tmpl
.replaceAll("authentik.company", window.location.hostname)
.replaceAll("outpost.company", window.location.hostname)
.replaceAll("app.company", this.provider?.externalHost || "");
} else if (this.provider?.mode == ProxyMode.ForwardDomain) {
final = tmpl
.replaceAll("authentik.company", window.location.hostname)
.replaceAll("outpost.company", this.provider?.externalHost || "");
}
return html`${unsafeHTML(final)}`;
}
@ -233,50 +240,56 @@ export class ProxyProviderViewPage extends LitElement {
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${t`Setup`}</div>
<div class="pf-c-card__body">
<ak-tabs pageIdentifier="proxy-setup">
<section
slot="page-nginx-ingress"
data-tab-title="${t`Nginx (Ingress)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxIngress.html)}
</section>
<section
slot="page-nginx-proxy-manager"
data-tab-title="${t`Nginx (Proxy Manager)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxPM.html)}
</section>
<section
slot="page-nginx-standalone"
data-tab-title="${t`Nginx (standalone)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxStandalone.html)}
</section>
<section
slot="page-traefik-ingress"
data-tab-title="${t`Traefik (Ingress)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikIngres.html)}
</section>
<section
slot="page-traefik-compose"
data-tab-title="${t`Traefik (Compose)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikCompose.html)}
</section>
<section
slot="page-traefik-standalone"
data-tab-title="${t`Traefik (Standalone)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikStandalone.html)}
</section>
</ak-tabs>
${[ProxyMode.ForwardSingle, ProxyMode.ForwardDomain].includes(
this.provider?.mode || ProxyMode.Proxy,
)
? html`
<ak-tabs pageIdentifier="proxy-setup">
<section
slot="page-nginx-ingress"
data-tab-title="${t`Nginx (Ingress)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxIngress.html)}
</section>
<section
slot="page-nginx-proxy-manager"
data-tab-title="${t`Nginx (Proxy Manager)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxPM.html)}
</section>
<section
slot="page-nginx-standalone"
data-tab-title="${t`Nginx (standalone)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDNginxStandalone.html)}
</section>
<section
slot="page-traefik-ingress"
data-tab-title="${t`Traefik (Ingress)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikIngres.html)}
</section>
<section
slot="page-traefik-compose"
data-tab-title="${t`Traefik (Compose)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikCompose.html)}
</section>
<section
slot="page-traefik-standalone"
data-tab-title="${t`Traefik (Standalone)`}"
class="pf-c-page__main-section pf-m-light pf-m-no-padding-mobile"
>
${this.renderConfigTemplate(MDTraefikStandalone.html)}
</section>
</ak-tabs>
`
: html` <p>${t`No additional setup is required.`}</p> `}
</div>
</div>
</div>`;