Redirect URL issue with Authentik

[EHRETic]

Hi there,

I've an issue by trying to setup WUD to work with Authentik. Despite what I think is a correct configuration according to the documentation, I have an error because it doesn't seems to generate the redirect URL properly.

In the redirection URL, it use my container's internal IP (I use only MACVLAN containers) instead of using the external URL (in red):

This is the Authentik Provider config (seems correct to me):

And this is Docker compose file:

`version: '3'

services: whatsupdocker: image: fmartinou/whats-up-docker container_name: whatsupdocker-test

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - config:/store

networks:
  default:
    ipv4_address: 192.168.X.X

environment:
  WUD_AUTH_OIDC_AUTHENTIC_CLIENTID: '${WUD_AUTH_OIDC_AUTHENTIK_CLIENTID}'
  WUD_AUTH_OIDC_AUTHENTIC_CLIENTSECRET: '${WUD_AUTH_OIDC_AUTHENTIK_CLIENTSECRET}'
  WUD_AUTH_OIDC_AUTHENTIC_DISCOVERY: '${WUD_AUTH_OIDC_AUTHENTIK_DISCOVERY}'
  #WUD_AUTH_OIDC_AUTHENTIC_REDIRECT: '${WUD_AUTH_OIDC_AUTHENTIK_REDIRECT}'

volumes: config:

networks: default: external: true name: docker_test`

WUD_AUTH_OIDC_AUTHENTIC_DISCOVERY=https://auth-test.myexternal.domain/application/o/whatsupdocker-test/.well-known/openid-configuration

Both instances are behind an NGINX reverse proxy with Let's Encrypt certificates.

Here is the WUD server config:

` server {

Include HTTPS server standards

    include /etc/nginx/conf.d/server_security.conf;

    # Add HSTS header (not available on local server)
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;

    server_name whatsup-test.myexternal.domain;

    location  / {
            proxy_pass http://192.168.X.X:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $proxy_host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
    }

ssl_certificate /etc/letsencrypt/live/whatsup-test.myexternal.domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/whatsup-test.myexternal.domain/privkey.pem; # managed by Certbot

}`

Is there somewhere a variable in code that would still use the originating IP? Anyway, I need some help to figure that out because several applications already use this Authentik instance without any issue.

PS: if I uncomment the environnement variable WUD_AUTH_OIDC_AUTHENTIK_REDIRECT, the login button doesn't seems to work at all and I get no redirection to Authentik. Other info, I always retry in an incognito browser tab.

Thanks in advance for your help 😉

[EHRETic]

Weird thing because I just found out the WUD_PUBLIC_URL environnement variable, it doesn't seems to make any difference on the result if I use it:

[EHRETic]

Well, sorry for the noise but if the experience can serve to other people, I had 3 consecutive issues:

• the first was the URL itself taking the local IP address, this was solved with WUD_PUBLIC_URL variable to external domain
• the second was my bad, all my variables were setup with a typo, I wrote AUTHENTIC instead of AUTHENTIK... this is usually not a problem with most apps because they doesn't use env variables dynamically (and will fail by pointing you the problem) 😊
• the third was that I set up WUD_PUBLIC_URL with a slash at the end... also bad!

Great app! 👌