website/docs: add embedded outpost docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
08e8cf850a
commit
e872371970
43
website/docs/outposts/embedded/embedded.md
Normal file
43
website/docs/outposts/embedded/embedded.md
Normal file
|
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
title: Embedded Outpost
|
||||||
|
---
|
||||||
|
|
||||||
|
Starting with 2021.8.1, authentik comes with an embedded outpost. This has been added to simplify deployment for users using the Proxy provider.
|
||||||
|
|
||||||
|
The embedded outpost is ran in the main `server` container, and is managed by authentik itself. The embedded outpost authenticates itself via the secret key.
|
||||||
|
|
||||||
|
You can access the embedded outpost on the same ports as authentik itself, 9000 and 9443.
|
||||||
|
|
||||||
|
The embedded outpost cannot be disabled, if it doesn't make sense to use in your deployment you can simply ignore it.
|
||||||
|
|
||||||
|
### Configuration
|
||||||
|
|
||||||
|
Since the outpost uses OAuth2, there is some configuration required.
|
||||||
|
|
||||||
|
On a fresh authentik install, your Outpost list will look like this:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Click the edit button on the right of the colum, and set the value of `authentik_host` to the URL you want to login with.
|
||||||
|
Make sure to set it to full URL, only configuring a hostname or FQDN will not work.
|
||||||
|
|
||||||
|
### Routing
|
||||||
|
|
||||||
|
Routing is handled like this:
|
||||||
|
|
||||||
|
1. Paths starting with `/static`, `/media` and `/help` return packaged CSS/JS files, and user-uploaded media files.
|
||||||
|
2. Paths starting with `/akprox` are sent to the embedded outpost.
|
||||||
|
3. Any hosts configured in the providers assigned to the embedded outpost are sent to the outpost.
|
||||||
|
4. Everything remaining is sent to the authentik backend server.
|
||||||
|
|
||||||
|
### Differences
|
||||||
|
|
||||||
|
There are a few more differences between managed outposts and the embedded outpost, mainly due to the fact that authentik can't fully manage the containers.
|
||||||
|
|
||||||
|
1. (Docker-only) No automatic traefik labels are added to the server container.
|
||||||
|
|
||||||
|
When you deploy a managed outpost on docker, the container has several labels to automatically configure traefik. This is not done for the embedded outpost.
|
||||||
|
|
||||||
|
2. (Kubernetes-only) An additional service is created.
|
||||||
|
|
||||||
|
Since authentik does not know what the normal authentik Service is called, another one is created with a common set of labels that is always set.
|
||||||
BIN
website/docs/outposts/embedded/stock.png
Normal file
BIN
website/docs/outposts/embedded/stock.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
|
|
@ -43,13 +43,14 @@ module.exports = {
|
||||||
label: "Outposts",
|
label: "Outposts",
|
||||||
items: [
|
items: [
|
||||||
"outposts/outposts",
|
"outposts/outposts",
|
||||||
|
"outposts/embedded/embedded",
|
||||||
{
|
{
|
||||||
type: "category",
|
type: "category",
|
||||||
label: "Running and upgrading",
|
label: "Running and upgrading",
|
||||||
items: [
|
items: [
|
||||||
"outposts/upgrading",
|
|
||||||
"outposts/manual-deploy-docker-compose",
|
"outposts/manual-deploy-docker-compose",
|
||||||
"outposts/manual-deploy-kubernetes",
|
"outposts/manual-deploy-kubernetes",
|
||||||
|
"outposts/upgrading",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
|
|
||||||
Reference in a new issue