website/docs: add notice to use in-cluster service for nginx forward auth

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-30 21:33:47 +02:00
parent 983882f5a0
commit f6042f29f6
2 changed files with 14 additions and 4 deletions

View file

@ -48,6 +48,16 @@ export function ModeToLabel(action?: ProxyMode): string {
}
}
export function isForward(mode: ProxyMode): boolean {
switch (mode) {
case ProxyMode.Proxy:
return false;
case ProxyMode.ForwardSingle:
case ProxyMode.ForwardDomain:
return true;
}
}
@customElement("ak-provider-proxy-view")
export class ProxyProviderViewPage extends LitElement {
@property()
@ -246,9 +256,7 @@ export class ProxyProviderViewPage extends LitElement {
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${t`Setup`}</div>
<div class="pf-c-card__body">
${[ProxyMode.ForwardSingle, ProxyMode.ForwardDomain].includes(
this.provider?.mode || ProxyMode.Proxy,
)
${isForward(this.provider?.mode || ProxyMode.Proxy)
? html`
<ak-tabs pageIdentifier="proxy-setup">
<section

View file

@ -25,8 +25,10 @@ Add these annotations to the ingress you want to protect
```yaml
metadata:
annotations:
# This should be the in-cluster DNS name for the authentik outpost service
# as when the external URL is specified here, nginx will overwrite some crucial headers
nginx.ingress.kubernetes.io/auth-url: |-
http://outpost.company:9000/outpost.goauthentik.io/auth/nginx
http://ak-outpost-example.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |-
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri