Home Discord YouTube Disclaimer

Authentik Proxy Solution

If you have difficulties with Forward Auth and just want to get Authentik working for your apps while you trouble shoot other things this is a simple fix that works very solidly

After getting Authentik installed and set up in traefik or npm at a fqdn of https://auth.whatever.com (or whatever flavor you choose) you can follow these steps. These steps will be only for NPM as i have not used traefik but its a relatively simple set up which should be able to point folks in the right direction regarding traefik.

Step 1 assumption is that you have NPM set up and can happily reach authentik externally

Step 2 - in Authentik - Create your APP (in this example we're going to use PROWLARR at a domain of prowlarr.domain.com

In the create app entry - fill the fields out for your respective app - (in this case PROWLARR) - then click CREATE PROVIDER

In the Create provider screen - ensure that you choose PROXY - this is the major difference between the original video and this process. External host will obviously be prowlarr.domain.com and internal will be your local network IP. I generally choose implicit for the Auth Flow because there are less clicks.

Then hit FINISH

This will take you back to your new Application page - ensure that you choose the provider that you just created in the provider drop down.

Next you'll go to outposts

Choose the embedded outpost and then CTRL/CMD click you new app so that it is highlighted - if this is your first time setting up the outpost - then make sure that you update the authentik_host config to point to your auth.domain.com

now we are done in authentik - next steps are in NPM (traefik instructions possibly coming down the line)

In NPM create a new virtual host and fill it out thusly

Ensure you select HTTPS - point the IP at your authentik host - choose the port you set up when you installed authentik. cache and block common are optional but i believe websockets are required

Next click the SSL tab and 'do the needful'

and boom - provided you have set up your DNS - go to NPM - click you virt host (do it in a incognito window or log out of authentik first) and prowlarr.domain.com will redirect you to authentik which will force you to auth, and then direct you to prowlarr

PreviousExample NPM Advanced Config

Last updated