Authentik Proxy Solution
If you have difficulties with Forward Auth and just want to get Authentik working for your apps while you trouble shoot other things this is a simple fix that works very solidly
After getting Authentik installed and set up in traefik or npm at a fqdn of https://auth.whatever.com (or whatever flavor you choose) you can follow these steps. These steps will be only for NPM as i have not used traefik but its a relatively simple set up which should be able to point folks in the right direction regarding traefik.
Step 1 assumption is that you have NPM set up and can happily reach authentik externally
Step 2 - in Authentik - Create your APP (in this example we're going to use PROWLARR at a domain of prowlarr.domain.com
In the create app entry - fill the fields out for your respective app - (in this case PROWLARR) - then click CREATE PROVIDER
In the Create provider screen - ensure that you choose PROXY - this is the major difference between the original video and this process. External host will obviously be prowlarr.domain.com and internal will be your local network IP. I generally choose implicit for the Auth Flow because there are less clicks.
Then hit FINISH
This will take you back to your new Application page - ensure that you choose the provider that you just created in the provider drop down.
Next you'll go to outposts
Choose the embedded outpost and then CTRL/CMD click you new app so that it is highlighted - if this is your first time setting up the outpost - then make sure that you update the authentik_host config to point to your auth.domain.com
now we are done in authentik - next steps are in NPM (traefik instructions possibly coming down the line)
In NPM create a new virtual host and fill it out thusly
Ensure you select HTTPS - point the IP at your authentik host - choose the port you set up when you installed authentik. cache and block common are optional but i believe websockets are required
Next click the SSL tab and 'do the needful'
and boom - provided you have set up your DNS - go to NPM - click you virt host (do it in a incognito window or log out of authentik first) and prowlarr.domain.com will redirect you to authentik which will force you to auth, and then direct you to prowlarr
Last updated