Cut Doris over to Authentik ingress
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-24 18:59:36 +00:00
parent ffc1280f7c
commit 2057c8aaa5
4 changed files with 44 additions and 10 deletions

View File

@@ -15,10 +15,12 @@ Design choices:
- no ACME on PD
- no Docker provider / no docker.sock mount
- Pangolin resources should target `traefik:80` on site 4 when an app is cut over to this layer
- Authelia remains the identity decision point for `auth.paccoco.com` while migrated apps can use either Traefik forward-auth or app-native OIDC depending on the service.
- Authentik is the public identity front door; `auth.paccoco.com` is now a compatibility redirect to `authentik.paccoco.com`.
- Authelia remains available internally on PD as a legacy component during migration work, but it is no longer the intended public login endpoint.
Current routed hostnames in dynamic config:
- `auth.paccoco.com` -> Authelia
- `auth.paccoco.com` -> redirect to `https://authentik.paccoco.com/`
- `doris.paccoco.com` -> Doris Dashboard behind Authentik forward-auth
- `gitea.paccoco.com` -> Gitea
- `grafana.paccoco.com` -> Grafana
- `dns.paccoco.com` -> Technitium (native OIDC inside the app)