Authentik Proxy Solution
If you have difficulties with Forward Auth and just want to get Authentik working for your apps while you trouble shoot other things this is a simple fix that works very solidly
Last updated
Was this helpful?
If you have difficulties with Forward Auth and just want to get Authentik working for your apps while you trouble shoot other things this is a simple fix that works very solidly
Last updated
Was this helpful?
After getting Authentik installed and set up in traefik or npm at a fqdn of https://auth.whatever.com (or whatever flavor you choose) you can follow these steps. These steps will be only for NPM as i have not used traefik but its a relatively simple set up which should be able to point folks in the right direction regarding traefik.
Step 1 assumption is that you have NPM set up and can happily reach authentik externally
Step 2 - in Authentik - Create your APP (in this example we're going to use PROWLARR at a domain of prowlarr.domain.com
In the create app entry - fill the fields out for your respective app - (in this case PROWLARR) - then click CREATE PROVIDER
In the Create provider screen - ensure that you choose PROXY - this is the major difference between the original video and this process. External host will obviously be prowlarr.domain.com and internal will be your local network IP. I generally choose implicit for the Auth Flow because there are less clicks.
Then hit FINISH
This will take you back to your new Application page - ensure that you choose the provider that you just created in the provider drop down.
Next you'll go to outposts
Choose the embedded outpost and then CTRL/CMD click you new app so that it is highlighted - if this is your first time setting up the outpost - then make sure that you update the authentik_host config to point to your auth.domain.com
now we are done in authentik - next steps are in NPM (traefik instructions possibly coming down the line)
In NPM create a new virtual host and fill it out thusly
Ensure you select HTTPS - point the IP at your authentik host - choose the port you set up when you installed authentik. cache and block common are optional but i believe websockets are required
Next click the SSL tab and 'do the needful'
and boom - provided you have set up your DNS - go to NPM - click you virt host (do it in a incognito window or log out of authentik first) and prowlarr.domain.com will redirect you to authentik which will force you to auth, and then direct you to prowlarr
