[DOCS] Improve documentation about the integration with proxies. (#669)

* [DOCS] Improve documentation about the integration with proxies.

This improvement resolves #384.

* Update index.md
This commit is contained in:
Clément Michaud 2020-03-01 02:11:16 +01:00 committed by GitHub
parent 898f2a807e
commit b311bd5ead
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,12 +1,48 @@
--- ---
layout: default layout: default
title: Supported Proxies title: Proxy Integration
parent: Deployment parent: Deployment
nav_order: 4 nav_order: 4
has_children: true has_children: true
--- ---
# Supported Proxies # Integration with proxies
**Authelia** works in collaboration with reverse proxies. Here you can find **Authelia** works in collaboration with reverse proxies. In the sub-pages you
the documentation of the configuration required for every supported proxies. can find the documentation of the configuration required for every supported
proxy.
If you are not aware of the workflow of an authentication request, reading this
[documentation](./home/architecture) first is highly recommended.
## How Authelia integrates with proxies?
Authelia takes authentication requests coming from the proxy and targeting the
`/api/verify` endpoint exposed by Authelia. Two pieces of information are required for
Authelia to be able to authenticate the user request:
* The session cookie or a `Proxy-Authorization` header (see [single factor authentication](./features/single-factor)).
* The target URL of the user request (used primarily for [access control](./features/access-control)).
The target URL can be provided using one of the following ways:
* With `X-Original-URL` header containing the complete URL of the initial request.
* With a combination of `X-Forwarded-Proto`, `X-Forwarded-Host` and `X-Forwarded-URI` headers.
In the case of Traefik, those headers are automatically provided and therefore don't
appear in the configuration examples.
## Redirection to the login portal
The endpoint `/api/verify` has different behaviors depending on whether
the `rd` (for redirection) query parameter is provided.
If redirection parameter is provided and contains the URL to the login portal
served by Authelia, the request will either generate a 200 response
if the request is authenticated or perform a redirection (302 response) to the
login portal if not authenticated yet.
If no redirection parameter is provided, the response code is either 200 or 401. The
redirection must then be handled by the proxy when an error is detected
(see [nginx](./deployment/supported-proxies/nginx) example).