docs: update integration docs (#4986)
parent
e07cfe128e
commit
fca8e2130a
|
@ -383,7 +383,7 @@ proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
set $upstream_authelia http://authelia:9091/api/authz/auth-request;
|
set $upstream_authelia http://authelia:9091/api/authz/auth-request;
|
||||||
|
|
||||||
## Virtual endpoint created by nginx to forward auth requests.
|
## Virtual endpoint created by nginx to forward auth requests.
|
||||||
location /authelia {
|
location /internal/authelia/authz {
|
||||||
## Essential Proxy Configuration
|
## Essential Proxy Configuration
|
||||||
internal;
|
internal;
|
||||||
proxy_pass $upstream_authelia;
|
proxy_pass $upstream_authelia;
|
||||||
|
@ -423,7 +423,7 @@ and is paired with [authelia-location.conf](#authelia-locationconf).*
|
||||||
{{< details "/config/nginx/snippets/authelia-authrequest.conf" >}}
|
{{< details "/config/nginx/snippets/authelia-authrequest.conf" >}}
|
||||||
```nginx
|
```nginx
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia;
|
auth_request /internal/authelia/authz;
|
||||||
|
|
||||||
## Set the $target_url variable based on the original request.
|
## Set the $target_url variable based on the original request.
|
||||||
|
|
||||||
|
@ -478,7 +478,7 @@ implementation `AuthRequest` which contains the `HeaderAuthorization` and `Heade
|
||||||
set $upstream_authelia http://authelia:9091/api/authz/auth-request/basic;
|
set $upstream_authelia http://authelia:9091/api/authz/auth-request/basic;
|
||||||
|
|
||||||
# Virtual endpoint created by nginx to forward auth requests.
|
# Virtual endpoint created by nginx to forward auth requests.
|
||||||
location /authelia-basic {
|
location /internal/authelia/authz/basic {
|
||||||
## Essential Proxy Configuration
|
## Essential Proxy Configuration
|
||||||
internal;
|
internal;
|
||||||
proxy_pass $upstream_authelia;
|
proxy_pass $upstream_authelia;
|
||||||
|
@ -526,7 +526,7 @@ endpoint. It's recommended to use [authelia-authrequest.conf](#authelia-authrequ
|
||||||
{{< details "/config/nginx/snippets/authelia-authrequest-basic.conf" >}}
|
{{< details "/config/nginx/snippets/authelia-authrequest-basic.conf" >}}
|
||||||
```nginx
|
```nginx
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia-basic;
|
auth_request /internal/authelia/authz/basic;
|
||||||
|
|
||||||
## Comment this line if you're using nginx without the http_set_misc module.
|
## Comment this line if you're using nginx without the http_set_misc module.
|
||||||
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
||||||
|
@ -570,7 +570,7 @@ if ($request_uri = "/force-basic") {
|
||||||
}
|
}
|
||||||
|
|
||||||
## A new virtual endpoint to used if the auth_request failed
|
## A new virtual endpoint to used if the auth_request failed
|
||||||
location /authelia-detect {
|
location /internal/authelia/authz/detect {
|
||||||
internal;
|
internal;
|
||||||
|
|
||||||
if ($is_basic_auth) {
|
if ($is_basic_auth) {
|
||||||
|
@ -598,7 +598,7 @@ endpoint. It's recommended to use [authelia-authrequest.conf](#authelia-authrequ
|
||||||
{{< details "/config/nginx/snippets/authelia-authrequest-detect.conf" >}}
|
{{< details "/config/nginx/snippets/authelia-authrequest-detect.conf" >}}
|
||||||
```nginx
|
```nginx
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia;
|
auth_request /internal/authelia/authz;
|
||||||
|
|
||||||
## Comment this line if you're using nginx without the http_set_misc module.
|
## Comment this line if you're using nginx without the http_set_misc module.
|
||||||
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
set_escape_uri $target_url $scheme://$http_host$request_uri;
|
||||||
|
@ -619,7 +619,7 @@ proxy_set_header Remote-Name $name;
|
||||||
proxy_set_header Remote-Email $email;
|
proxy_set_header Remote-Email $email;
|
||||||
|
|
||||||
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
|
## If the subreqest returns 200 pass to the backend, if the subrequest returns 401 redirect to the portal.
|
||||||
error_page 401 =302 /authelia-detect?rd=$target_url;
|
error_page 401 =302 /internal/authelia/authz/detect?rd=$target_url;
|
||||||
```
|
```
|
||||||
{{< /details >}}
|
{{< /details >}}
|
||||||
|
|
||||||
|
|
|
@ -16,16 +16,16 @@ aliases:
|
||||||
---
|
---
|
||||||
|
|
||||||
| Proxy | [Implementation] | [Standard](#standard) | [Kubernetes](#kubernetes) | [XHR Redirect](#xhr-redirect) | [Request Method](#request-method) |
|
| Proxy | [Implementation] | [Standard](#standard) | [Kubernetes](#kubernetes) | [XHR Redirect](#xhr-redirect) | [Request Method](#request-method) |
|
||||||
|:---------------------:|:----------------:|:------------------------------------------------------------------:|:-------------------------------------------------------------------------------------:|:---------------------------------:|:---------------------------------:|
|
|:---------------------------------------:|:----------------:|:---------------------------------------------------:|:-------------------------------------------------------------------------------------:|:---------------------------------:|:---------------------------------:|
|
||||||
| [Traefik] | [ForwardAuth] | {{% support support="full" link="traefik.md" %}} | {{% support support="full" link="../../integration/kubernetes/traefik-ingress.md" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Traefik] ([guide](/i/traefik)) | [ForwardAuth] | {{% support support="full" link="/i/traefik" %}} | {{% support support="full" link="../../integration/kubernetes/traefik-ingress.md" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Caddy] | [ForwardAuth] | {{% support support="full" link="caddy.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Caddy] ([guide](/i/caddy)) | [ForwardAuth] | {{% support support="full" link="/i/caddy" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Envoy] | [ExtAuthz] | {{% support support="full" link="envoy.md" %}} | {{% support support="full" link="../../integration/kubernetes/istio.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
| [Envoy] ([guide](/i/envoy)) | [ExtAuthz] | {{% support support="full" link="/i/envoy" %}} | {{% support support="full" link="../../integration/kubernetes/istio.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
||||||
| [NGINX] | [AuthRequest] | {{% support support="full" link="nginx.md" %}} | {{% support support="full" link="../../integration/kubernetes/nginx-ingress.md" %}} | {{% support %}} | {{% support support="full" %}} |
|
| [NGINX] ([guide](/i/nginx)) | [AuthRequest] | {{% support support="full" link="/i/nginx" %}} | {{% support support="full" link="../../integration/kubernetes/nginx-ingress.md" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [NGINX Proxy Manager] | [AuthRequest] | {{% support support="full" link="nginx-proxy-manager/index.md" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
| [NGINX Proxy Manager] ([guide](/i/npm)) | [AuthRequest] | {{% support support="full" link="/i/npm" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [SWAG] | [AuthRequest] | {{% support support="full" link="swag.md" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
| [SWAG] ([guide](/i/swag)) | [AuthRequest] | {{% support support="full" link="/i/swag" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [HAProxy] | [AuthRequest] | {{% support support="full" link="haproxy.md" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
| [HAProxy] ([guide](/i/haproxy)) | [AuthRequest] | {{% support support="full" link="/i/haproxy" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
||||||
| [Skipper] | [ForwardAuth] | {{% support support="full" link="skipper.md" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} |
|
| [Skipper] ([guide](/i/skipper)) | [ForwardAuth] | {{% support support="full" link="/i/skipper" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} |
|
||||||
| [Traefik] 1.x | [ForwardAuth] | {{% support support="full" link="traefikv1.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Traefik] 1.x ([guide](/i/traefik/v1)) | [ForwardAuth] | {{% support support="full" link="/i/traefik/v1" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Apache] | N/A | {{% support link="#apache" %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
| [Apache] | N/A | {{% support link="#apache" %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
||||||
| [IIS] | N/A | {{% support link="#iis" %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
| [IIS] | N/A | {{% support link="#iis" %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ In addition this represents a bad user experience in some instances such as:
|
||||||
|
|
||||||
- Users sometimes visit the `https://app.example.com/authelia` URL which doesn't automatically redirect the user to
|
- Users sometimes visit the `https://app.example.com/authelia` URL which doesn't automatically redirect the user to
|
||||||
`https://app.example.com` (if they visit `https://app.example.com` then they'll be redirected to authenticate then
|
`https://app.example.com` (if they visit `https://app.example.com` then they'll be redirected to authenticate then
|
||||||
redirected back to their original URL).
|
redirected back to their original URL)
|
||||||
- Administrators may wish to setup [OpenID Connect 1.0](../../configuration/identity-providers/open-id-connect.md) in
|
- Administrators may wish to setup [OpenID Connect 1.0](../../configuration/identity-providers/open-id-connect.md) in
|
||||||
which case it also doesn't represent a good user experience as the `issuer` will be
|
which case it also doesn't represent a good user experience as the `issuer` will be
|
||||||
`https://app.example.com/authelia` for example
|
`https://app.example.com/authelia` for example
|
||||||
|
@ -147,8 +147,8 @@ services:
|
||||||
- '443:443'
|
- '443:443'
|
||||||
volumes:
|
volumes:
|
||||||
- ${PWD}/data/swag:/config
|
- ${PWD}/data/swag:/config
|
||||||
|
## Uncomment the line below if you want to use the Authelia configuration snippets.
|
||||||
#- ${PWD}/data/nginx/snippets:/snippets:ro
|
#- ${PWD}/data/nginx/snippets:/snippets:ro
|
||||||
## Uncomment the above line if you want to use the Authelia configuration snippets.
|
|
||||||
environment:
|
environment:
|
||||||
PUID: '1000'
|
PUID: '1000'
|
||||||
PGID: '1000'
|
PGID: '1000'
|
||||||
|
|
|
@ -11,6 +11,7 @@ menu:
|
||||||
weight: 371
|
weight: 371
|
||||||
toc: true
|
toc: true
|
||||||
aliases:
|
aliases:
|
||||||
|
- /i/traefik/v1
|
||||||
- /docs/deployment/supported-proxies/traefik1.x.html
|
- /docs/deployment/supported-proxies/traefik1.x.html
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -15,16 +15,16 @@ toc: false
|
||||||
The following table is a support matrix for Authelia features and specific reverse proxies.
|
The following table is a support matrix for Authelia features and specific reverse proxies.
|
||||||
|
|
||||||
| Proxy | Standard | Kubernetes | XHR Redirect | Request Method |
|
| Proxy | Standard | Kubernetes | XHR Redirect | Request Method |
|
||||||
|:---------------------:|:--------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------:|:---------------------------------:|:---------------------------------:|
|
|:---------------------------------------:|:-------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------:|:---------------------------------:|:---------------------------------:|
|
||||||
| [Traefik] | {{% support support="full" link="../../integration/proxies/traefik.md" %}} | {{% support support="full" link="../../integration/kubernetes/traefik-ingress.md" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Traefik] ([guide](/i/traefik)) | {{% support support="full" link="/i/traefik" %}} | {{% support support="full" link="../../integration/kubernetes/traefik-ingress.md" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Caddy] | {{% support support="full" link="../../integration/proxies/caddy.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Caddy] ([guide](/i/caddy)) | {{% support support="full" link="/i/caddy" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Envoy] | {{% support support="full" link="../../integration/proxies/envoy.md" %}} | {{% support support="full" link="../../integration/kubernetes/istio.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
| [Envoy] ([guide](/i/envoy)) | {{% support support="full" link="/i/envoy" %}} | {{% support support="full" link="../../integration/kubernetes/istio.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
||||||
| [NGINX] | {{% support support="full" link="../../integration/proxies/nginx.md" %}} | {{% support support="full" link="../../integration/kubernetes/nginx-ingress.md" %}} | {{% support %}} | {{% support support="full" %}} |
|
| [NGINX] ([guide](/i/nginx)) | {{% support support="full" link="/i/nginx" %}} | {{% support support="full" link="../../integration/kubernetes/nginx-ingress.md" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [NGINX Proxy Manager] | {{% support support="full" link="../../integration/proxies/nginx-proxy-manager/index.md" %}} | {{% support %}} | {{% support %}} | {{% support support="full" %}} |
|
| [NGINX Proxy Manager] ([guide](/i/npm)) | {{% support support="full" link="/i/npm" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [SWAG] | {{% support support="full" link="../../integration/proxies/swag.md" %}} | {{% support %}} | {{% support %}} | {{% support support="full" %}} |
|
| [SWAG] ([guide](/i/swag)) | {{% support support="full" link="/i/swag" %}} | {{% support support="unknown" %}} | {{% support %}} | {{% support support="full" %}} |
|
||||||
| [HAProxy] | {{% support support="full" link="../../integration/proxies/haproxy.md" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
| [HAProxy] ([guide](/i/haproxy)) | {{% support support="full" link="/i/haproxy" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} |
|
||||||
| [Traefik] 1.x | {{% support support="full" link="../../integration/proxies/traefikv1.md" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
| [Skipper] ([guide](/i/skipper)) | {{% support support="full" link="/i/skipper" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} |
|
||||||
| [Skipper] | {{% support support="full" link="../../integration/proxies/skipper.md" %}} | {{% support %}} | {{% support support="unknown" %}} | {{% support support="unknown" %}} |
|
| [Traefik] 1.x ([guide](/i/traefik/v1)) | {{% support support="full" link="/i/traefik/v1" %}} | {{% support support="unknown" %}} | {{% support support="full" %}} | {{% support support="full" %}} |
|
||||||
| [Apache] | {{% support %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
| [Apache] | {{% support %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
||||||
| [IIS] | {{% support %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
| [IIS] | {{% support %}} | {{% support %}} | {{% support %}} | {{% support %}} |
|
||||||
|
|
||||||
|
|
|
@ -164,7 +164,7 @@ http {
|
||||||
# to the virtual endpoint introduced by nginx and declared in the next block.
|
# to the virtual endpoint introduced by nginx and declared in the next block.
|
||||||
location / {
|
location / {
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia;
|
auth_request /internal/authelia/authz;
|
||||||
|
|
||||||
## Set the $target_url variable based on the original request.
|
## Set the $target_url variable based on the original request.
|
||||||
set $target_url $scheme://$http_host$request_uri;
|
set $target_url $scheme://$http_host$request_uri;
|
||||||
|
@ -209,7 +209,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Virtual endpoint forwarding requests to Authelia server.
|
# Virtual endpoint forwarding requests to Authelia server.
|
||||||
location /authelia {
|
location /internal/authelia/authz {
|
||||||
## Essential Proxy Configuration
|
## Essential Proxy Configuration
|
||||||
internal;
|
internal;
|
||||||
proxy_pass $upstream_authelia;
|
proxy_pass $upstream_authelia;
|
||||||
|
@ -250,7 +250,7 @@ http {
|
||||||
# Used by suites to test the forwarded users and groups headers produced by Authelia.
|
# Used by suites to test the forwarded users and groups headers produced by Authelia.
|
||||||
location /headers {
|
location /headers {
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia;
|
auth_request /internal/authelia/authz;
|
||||||
|
|
||||||
## Set the $target_url variable based on the original request.
|
## Set the $target_url variable based on the original request.
|
||||||
set $target_url $scheme://$http_host$request_uri;
|
set $target_url $scheme://$http_host$request_uri;
|
||||||
|
@ -307,7 +307,7 @@ http {
|
||||||
# to the virtual endpoint introduced by nginx and declared in the next block.
|
# to the virtual endpoint introduced by nginx and declared in the next block.
|
||||||
location / {
|
location / {
|
||||||
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
|
||||||
auth_request /authelia;
|
auth_request /internal/authelia/authz;
|
||||||
|
|
||||||
## Set the $target_url variable based on the original request.
|
## Set the $target_url variable based on the original request.
|
||||||
set $target_url $scheme://$http_host$request_uri;
|
set $target_url $scheme://$http_host$request_uri;
|
||||||
|
@ -346,7 +346,7 @@ http {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Virtual endpoint forwarding requests to Authelia server.
|
# Virtual endpoint forwarding requests to Authelia server.
|
||||||
location /authelia {
|
location /internal/authelia/authz {
|
||||||
## Essential Proxy Configuration
|
## Essential Proxy Configuration
|
||||||
internal;
|
internal;
|
||||||
proxy_pass $upstream_authelia;
|
proxy_pass $upstream_authelia;
|
||||||
|
@ -356,7 +356,6 @@ http {
|
||||||
# Those headers will be used by Authelia to deduce the target url of the user.
|
# Those headers will be used by Authelia to deduce the target url of the user.
|
||||||
#
|
#
|
||||||
# X-Forwarded-Proto is mandatory since Authelia uses the "trust proxy" option.
|
# X-Forwarded-Proto is mandatory since Authelia uses the "trust proxy" option.
|
||||||
# See https://expressjs.com/en/guide/behind-proxies.html
|
|
||||||
proxy_set_header X-Original-Method $request_method;
|
proxy_set_header X-Original-Method $request_method;
|
||||||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
Loading…
Reference in New Issue