2.3 KiB
title | description | lead | date | draft | images | menu | weight | toc | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
NGINX Ingress | A guide to integrating Authelia with the NGINX Kubernetes Ingress. | A guide to integrating Authelia with the NGINX Kubernetes Ingress. | 2022-06-15T17:51:47+10:00 | false |
|
551 | true |
There are two nginx ingress controllers for Kubernetes. The Kubernetes official one ingress-nginx, and the F5 nginx official one nginx-ingress-controller. We only have integration documentation for ingress-nginx and there are no plans to support the F5 nginx-ingress-controller.
The nginx documentation may also be useful for crafting advanced snippets to use with annotations even though it's not specific to Kubernetes.
Get Started
It's strongly recommended that users setting up Authelia for the first time take a look at our Get Started guide. This takes you through various steps which are essential to bootstrapping Authelia.
NGINX Ingress Controller (ingress-nginx)
If you use NGINX Ingress Controller (ingress-nginx) you can protect an ingress with the following annotations. The
example assumes that the public domain Authelia is served on is https://auth.example.com
and there is a
Kubernetes service with the name authelia
in the default
namespace with TCP port 80
configured to route to the
Authelia HTTP port and that your cluster is configured with the default
DNS domain name of cluster.local
.
Important Note: The following annotations should be applied to an Ingress you wish to protect. They SHOULD NOT be applied to the Authelia Ingress itself.
Ingress Annotations
annotations:
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.example.com?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Method $request_method;