website/docs: update nginx docs for embedded outposts (goauthentik#10422

) * Update nginx docs for embedded outposts. * Update _nginx_proxy_manager.md Signed-off-by: Mike Fotinakis <[email protected]> --------- Signed-off-by: Mike Fotinakis <[email protected]>
yonasBSD · Jul 30, 2024 · 3824815 · 3824815
1 parent bce8485
commit 3824815
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/website/docs/providers/proxy/_nginx_proxy_manager.md b/website/docs/providers/proxy/_nginx_proxy_manager.md
@@ -48,10 +48,14 @@ location / {
 
 # all requests to /outpost.goauthentik.io must be accessible without authentication
 location /outpost.goauthentik.io {
-    proxy_pass              http://outpost.company:9000;
-    # ensure the host of this vserver matches your external URL you've configured
-    # in authentik
+    # When using the embedded outpost, use:
+    proxy_pass              http://authentik.company:9000/outpost.goauthentik.io;
+    # For manual outpost deployments:
+    # proxy_pass              http://outpost.company:9000;
+
+    # Note: ensure the Host header matches your external authentik URL:
     proxy_set_header        Host $host;
+
     proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
     add_header              Set-Cookie $auth_cookie;
     auth_request_set        $auth_cookie $upstream_http_set_cookie;

diff --git a/website/docs/providers/proxy/_nginx_standalone.md b/website/docs/providers/proxy/_nginx_standalone.md
@@ -52,10 +52,14 @@ server {
 
     # all requests to /outpost.goauthentik.io must be accessible without authentication
     location /outpost.goauthentik.io {
-        proxy_pass              http://outpost.company:9000;
-        # ensure the host of this vserver matches your external URL you've configured
-        # in authentik
+        # When using the embedded outpost, use:
+        proxy_pass              http://authentik.company:9000/outpost.goauthentik.io;
+        # For manual outpost deployments:
+        # proxy_pass              http://outpost.company:9000;
+
+        # Note: ensure the Host header matches your external authentik URL:
         proxy_set_header        Host $host;
+
         proxy_set_header        X-Original-URL $scheme://$http_host$request_uri;
         add_header              Set-Cookie $auth_cookie;
         auth_request_set        $auth_cookie $upstream_http_set_cookie;