mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[DOCS] Improve documentation about the integration with proxies. (#669)
* [DOCS] Improve documentation about the integration with proxies. This improvement resolves #384. * Update index.md
This commit is contained in:
parent
898f2a807e
commit
b311bd5ead
|
@ -1,12 +1,48 @@
|
|||
---
|
||||
layout: default
|
||||
title: Supported Proxies
|
||||
title: Proxy Integration
|
||||
parent: Deployment
|
||||
nav_order: 4
|
||||
has_children: true
|
||||
---
|
||||
|
||||
# Supported Proxies
|
||||
# Integration with proxies
|
||||
|
||||
**Authelia** works in collaboration with reverse proxies. Here you can find
|
||||
the documentation of the configuration required for every supported proxies.
|
||||
**Authelia** works in collaboration with reverse proxies. In the sub-pages you
|
||||
can find the documentation of the configuration required for every supported
|
||||
proxy.
|
||||
|
||||
If you are not aware of the workflow of an authentication request, reading this
|
||||
[documentation](./home/architecture) first is highly recommended.
|
||||
|
||||
|
||||
## How Authelia integrates with proxies?
|
||||
|
||||
Authelia takes authentication requests coming from the proxy and targeting the
|
||||
`/api/verify` endpoint exposed by Authelia. Two pieces of information are required for
|
||||
Authelia to be able to authenticate the user request:
|
||||
|
||||
* The session cookie or a `Proxy-Authorization` header (see [single factor authentication](./features/single-factor)).
|
||||
* The target URL of the user request (used primarily for [access control](./features/access-control)).
|
||||
|
||||
The target URL can be provided using one of the following ways:
|
||||
|
||||
* With `X-Original-URL` header containing the complete URL of the initial request.
|
||||
* With a combination of `X-Forwarded-Proto`, `X-Forwarded-Host` and `X-Forwarded-URI` headers.
|
||||
|
||||
In the case of Traefik, those headers are automatically provided and therefore don't
|
||||
appear in the configuration examples.
|
||||
|
||||
## Redirection to the login portal
|
||||
|
||||
The endpoint `/api/verify` has different behaviors depending on whether
|
||||
the `rd` (for redirection) query parameter is provided.
|
||||
|
||||
If redirection parameter is provided and contains the URL to the login portal
|
||||
served by Authelia, the request will either generate a 200 response
|
||||
if the request is authenticated or perform a redirection (302 response) to the
|
||||
login portal if not authenticated yet.
|
||||
|
||||
If no redirection parameter is provided, the response code is either 200 or 401. The
|
||||
redirection must then be handled by the proxy when an error is detected
|
||||
(see [nginx](./deployment/supported-proxies/nginx) example).
|
||||
|
|
Loading…
Reference in New Issue
Block a user