Fix Authentik headers for proxied services

chkpwd / iac

https://blog.chkpwd.com

MIT License

62 stars 5 forks source link

Fix Authentik headers for proxied services #637

Closed chkpwd closed 9 months ago

chkpwd commented 10 months ago

https://goauthentik.io/docs/providers/proxy/header_authentication#receiving-authentication

Reading through this.

chkpwd commented 10 months ago

Seems I can fix this using an App Password. LunaSea is happy using HTTP Basic Auth.

The DevOpSarr terraform provider for Sonarr and Radarr do not support Basic Auth.

chkpwd commented 10 months ago

Created an App Password in Authentik:

resource "authentik_token" "media" {
  identifier = "media"
  description = "Token for media access"

  user = authentik_user.main.id
  intent = "app_password"
  expiring = false
}

This should allow access to sonarr, radarr, etc through k8s_gateway in LunaSea.

chkpwd commented 10 months ago

Things missing:

[x] Create an app password in authentik using IaC
[x] Figure out how to predefine a token
[x] Pass basic auth headers to servarr terraform providers

chkpwd commented 10 months ago

Submitted a PR here

chkpwd commented 9 months ago

PR approved.