website/docs: add notice to use in-cluster service for nginx forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
983882f5a0
commit
f6042f29f6
|
@ -48,6 +48,16 @@ export function ModeToLabel(action?: ProxyMode): string {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export function isForward(mode: ProxyMode): boolean {
|
||||||
|
switch (mode) {
|
||||||
|
case ProxyMode.Proxy:
|
||||||
|
return false;
|
||||||
|
case ProxyMode.ForwardSingle:
|
||||||
|
case ProxyMode.ForwardDomain:
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@customElement("ak-provider-proxy-view")
|
@customElement("ak-provider-proxy-view")
|
||||||
export class ProxyProviderViewPage extends LitElement {
|
export class ProxyProviderViewPage extends LitElement {
|
||||||
@property()
|
@property()
|
||||||
|
@ -246,9 +256,7 @@ export class ProxyProviderViewPage extends LitElement {
|
||||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||||
<div class="pf-c-card__title">${t`Setup`}</div>
|
<div class="pf-c-card__title">${t`Setup`}</div>
|
||||||
<div class="pf-c-card__body">
|
<div class="pf-c-card__body">
|
||||||
${[ProxyMode.ForwardSingle, ProxyMode.ForwardDomain].includes(
|
${isForward(this.provider?.mode || ProxyMode.Proxy)
|
||||||
this.provider?.mode || ProxyMode.Proxy,
|
|
||||||
)
|
|
||||||
? html`
|
? html`
|
||||||
<ak-tabs pageIdentifier="proxy-setup">
|
<ak-tabs pageIdentifier="proxy-setup">
|
||||||
<section
|
<section
|
||||||
|
|
|
@ -25,8 +25,10 @@ Add these annotations to the ingress you want to protect
|
||||||
```yaml
|
```yaml
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
|
# This should be the in-cluster DNS name for the authentik outpost service
|
||||||
|
# as when the external URL is specified here, nginx will overwrite some crucial headers
|
||||||
nginx.ingress.kubernetes.io/auth-url: |-
|
nginx.ingress.kubernetes.io/auth-url: |-
|
||||||
http://outpost.company:9000/outpost.goauthentik.io/auth/nginx
|
http://ak-outpost-example.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
|
||||||
# If you're using domain-level auth, use the authentication URL instead of the application URL
|
# If you're using domain-level auth, use the authentication URL instead of the application URL
|
||||||
nginx.ingress.kubernetes.io/auth-signin: |-
|
nginx.ingress.kubernetes.io/auth-signin: |-
|
||||||
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
|
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
|
||||||
|
|
Reference in a new issue