Cut Doris over to Authentik ingress
This commit is contained in:
@@ -15,10 +15,12 @@ Design choices:
|
||||
- no ACME on PD
|
||||
- no Docker provider / no docker.sock mount
|
||||
- Pangolin resources should target `traefik:80` on site 4 when an app is cut over to this layer
|
||||
- Authelia remains the identity decision point for `auth.paccoco.com` while migrated apps can use either Traefik forward-auth or app-native OIDC depending on the service.
|
||||
- Authentik is the public identity front door; `auth.paccoco.com` is now a compatibility redirect to `authentik.paccoco.com`.
|
||||
- Authelia remains available internally on PD as a legacy component during migration work, but it is no longer the intended public login endpoint.
|
||||
|
||||
Current routed hostnames in dynamic config:
|
||||
- `auth.paccoco.com` -> Authelia
|
||||
- `auth.paccoco.com` -> redirect to `https://authentik.paccoco.com/`
|
||||
- `doris.paccoco.com` -> Doris Dashboard behind Authentik forward-auth
|
||||
- `gitea.paccoco.com` -> Gitea
|
||||
- `grafana.paccoco.com` -> Grafana
|
||||
- `dns.paccoco.com` -> Technitium (native OIDC inside the app)
|
||||
|
||||
@@ -3,9 +3,26 @@ http:
|
||||
auth:
|
||||
rule: Host(`auth.paccoco.com`)
|
||||
entryPoints: [web]
|
||||
service: authelia
|
||||
service: authentik-outpost
|
||||
middlewares:
|
||||
- security-headers
|
||||
- auth-host-redirect
|
||||
|
||||
doris-authentik-outpost:
|
||||
rule: Host(`doris.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||
priority: 15
|
||||
entryPoints: [web]
|
||||
service: authentik-outpost
|
||||
middlewares:
|
||||
- security-headers
|
||||
|
||||
doris:
|
||||
rule: Host(`doris.paccoco.com`)
|
||||
entryPoints: [web]
|
||||
service: doris-dashboard
|
||||
middlewares:
|
||||
- security-headers
|
||||
- authentik-forwardauth
|
||||
|
||||
gitea-authentik-outpost:
|
||||
rule: Host(`gitea.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||
@@ -90,6 +107,12 @@ http:
|
||||
servers:
|
||||
- url: https://technitium-dns-pilot:443
|
||||
|
||||
doris-dashboard:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: http://10.5.30.7:8787
|
||||
|
||||
middlewares:
|
||||
authelia-forwardauth:
|
||||
forwardAuth:
|
||||
@@ -124,6 +147,12 @@ http:
|
||||
replacement: https://${1}/dashboard/
|
||||
permanent: false
|
||||
|
||||
auth-host-redirect:
|
||||
redirectRegex:
|
||||
regex: ^https?://auth\.paccoco\.com(?:/(.*))?$
|
||||
replacement: https://authentik.paccoco.com/${1}
|
||||
permanent: true
|
||||
|
||||
security-headers:
|
||||
headers:
|
||||
frameDeny: true
|
||||
|
||||
Reference in New Issue
Block a user