Fix Authentik headers for proxied services

chkpwd / iac

https://blog.chkpwd.com

MIT License

59 stars 5 forks source link

Fix Authentik headers for proxied services #637

Closed chkpwd closed 7 months ago

chkpwd commented 9 months ago

https://goauthentik.io/docs/providers/proxy/header_authentication#receiving-authentication

Reading through this.

chkpwd commented 9 months ago

Seems I can fix this using an App Password. LunaSea is happy using HTTP Basic Auth.

The DevOpSarr terraform provider for Sonarr and Radarr do not support Basic Auth.

chkpwd commented 9 months ago

Created an App Password in Authentik:

resource "authentik_token" "media" {
  identifier = "media"
  description = "Token for media access"

  user = authentik_user.main.id
  intent = "app_password"
  expiring = false
}

This should allow access to sonarr, radarr, etc through k8s_gateway in LunaSea.

chkpwd commented 9 months ago

Things missing:

[x] Create an app password in authentik using IaC
[x] Figure out how to predefine a token
[x] Pass basic auth headers to servarr terraform providers

chkpwd commented 8 months ago

Submitted a PR here

chkpwd commented 7 months ago

PR approved.