website/docs: add notice to use in-cluster service for nginx forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
983882f5a0
commit
f6042f29f6
|
@ -48,6 +48,16 @@ export function ModeToLabel(action?: ProxyMode): string {
|
|||
}
|
||||
}
|
||||
|
||||
export function isForward(mode: ProxyMode): boolean {
|
||||
switch (mode) {
|
||||
case ProxyMode.Proxy:
|
||||
return false;
|
||||
case ProxyMode.ForwardSingle:
|
||||
case ProxyMode.ForwardDomain:
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@customElement("ak-provider-proxy-view")
|
||||
export class ProxyProviderViewPage extends LitElement {
|
||||
@property()
|
||||
|
@ -246,9 +256,7 @@ export class ProxyProviderViewPage extends LitElement {
|
|||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${t`Setup`}</div>
|
||||
<div class="pf-c-card__body">
|
||||
${[ProxyMode.ForwardSingle, ProxyMode.ForwardDomain].includes(
|
||||
this.provider?.mode || ProxyMode.Proxy,
|
||||
)
|
||||
${isForward(this.provider?.mode || ProxyMode.Proxy)
|
||||
? html`
|
||||
<ak-tabs pageIdentifier="proxy-setup">
|
||||
<section
|
||||
|
|
|
@ -25,8 +25,10 @@ Add these annotations to the ingress you want to protect
|
|||
```yaml
|
||||
metadata:
|
||||
annotations:
|
||||
# This should be the in-cluster DNS name for the authentik outpost service
|
||||
# as when the external URL is specified here, nginx will overwrite some crucial headers
|
||||
nginx.ingress.kubernetes.io/auth-url: |-
|
||||
http://outpost.company:9000/outpost.goauthentik.io/auth/nginx
|
||||
http://ak-outpost-example.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
|
||||
# If you're using domain-level auth, use the authentication URL instead of the application URL
|
||||
nginx.ingress.kubernetes.io/auth-signin: |-
|
||||
https://app.company/outpost.goauthentik.io/start?rd=$escaped_request_uri
|
||||
|
|
Reference in a new issue