-
-
Notifications
You must be signed in to change notification settings - Fork 855
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
providers/proxy: no exposed urls #3151
Conversation
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Codecov Report
@@ Coverage Diff @@
## main #3151 +/- ##
===========================================
- Coverage 92.03% 52.40% -39.63%
===========================================
Files 466 466
Lines 21170 21212 +42
===========================================
- Hits 19482 11114 -8368
- Misses 1688 10098 +8410
Continue to review full report at Codecov.
|
711608b
to
d6b70f1
Compare
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
3c66f80
to
3a888d5
Compare
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
3a888d5
to
376b597
Compare
This PR greatly simplifies the Forward auth setup for traefik and envoy. It'll remove the requirement
/outpost.goauthentik.io
to be openly accessible, which makes setup easier and decreases attack surface.For traefik/envoy it'll work like:
X-authentik-auth-callback
query parameter setSadly, nginx still doesn't support getting a 302 from an auth subrequest without writing the 302 redirect in the nginx config, so nginx will require
/outpost.goauthentik.io/start
to be publicly accessible (which is still a bit better)Since this only lowers the requirements it shouldn't be a breaking change, but needs more testing with traefik and nginx