I try to use an application via proxy provider. This application won't let me set authentik in front of it. I can login via Authentik but then a blank page appears. No Errors found in any log.
Authentik is implemented in Traefik v3.
No Errors appear but there is a blank page after authentication.
2024-06-17T15:59:31+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 28f4731d318e9f38 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296
How can I set Authentik in front of my loginpage?
It should provide 2FA for a Schneider Electric APC UPS Network Management Card 2
I try to use an application via proxy provider. This application won't let me set authentik in front of it. I can login via Authentik but then a blank page appears. No Errors found in any log.
Authentik is implemented in Traefik v3.
No Errors appear but there is a blank page after authentication.
Here are my configs:
`services:
Traefik 3 - Reverse Proxy
traefik: container_name: traefik image: traefik:3.0 security_opt:
- --entrypoints.websecure.http3
- --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm
- --entrypoints.websecure.http.tls.domains[1].main=$DOMAINNAME_2 # Pulls main cert for second domain
- --entrypoints.websecure.http.tls.domains[1].sans=*.$DOMAINNAME_2 # Pulls wildcard cert for second domain
- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- target: 8080 # need to enable --api.insecure=true
published: 8085
protocol: tcp
mode: host
volumes:
HTTP Routers
traefik.$DOMAINNAME_1
)"Services - API
Middlewares
`http: middlewares: middlewares-authentik: forwardAuth: address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik" trustForwardHeader: true authResponseHeaders:
`services:
Authentik DB
authentik_db: container_name: authentik_db image: docker.io/library/postgres:15-alpine security_opt:
$APPDIR/authentik/postgres:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: $authentik_DB_PASS POSTGRES_USER: $authentik_DB_USER POSTGRES_DB: $authentik_DB_NAME healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s
Authentik redis
authentik_redis: container_name: authentik_redis image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning security_opt:
$APPDIR/authentik/redis:/data healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s
Authentik Server
authenik_server: container_name: authentik_server image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.2} command: server security_opt:
HTTP Routers
traefik.http.routers.authentik-rtr.entrypoints: websecure traefik.http.routers.authentik-rtr.rule: Host(
auth.$DOMAINNAME_1
) || HostRegexp({subdomain:[a-z0-9-]+}.$DOMAINNAME_1
) && PathRegexp(/outpost.goauthentik.io/
) traefik.http.routers.authentik-rtr.middlewares: chain-no-auth@file depends_on:authentik_redis
Authentik Worker
authentik_worker: container_name: authentik_worker image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.4.2} command: worker security_opt:
` trace | event=headers written to forward_auth headers={"Content-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0"],"Vary":["Accept-Encoding"],"X-Authentik-Email":["redacted"],"X-Authentik-Groups":["authentik Admins"],"X-Authentik-Jwt":["redacted"],"X-Authentik-Meta-App":["apc"],"X-Authentik-Meta-Jwks":["https://auth.redacted/application/o/apc/jwks/"],"X-Authentik-Meta-Outpost":["authentik Embedded Outpost"],"X-Authentik-Meta-Provider":["Provider for apc"],"X-Authentik-Meta-Version":["goauthentik.io/outpost/2024.4.2"],"X-Authentik-Name":["redacted"],"X-Authentik-Uid":["e4967ae56e58b71585dd0ce14b9c588e1186598f2a2f4b9234a05fc449d643c0"],"X-Authentik-Username":["redacted"]} logger=authentik.outpost.proxyv2.application name=Provider for apc timestamp=2024-06-17T13:53:47Z
INF | event=/outpost.goauthentik.io/auth/traefik host=redacted logger=authentik.outpost.proxyv2.application method=GET name=Provider for apc remote=redacted runtime=3.786 scheme=http size=0 status=0 timestamp=2024-06-17T13:53:47Z user=redacted user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 `
2024-06-17T15:59:31+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: 28f4731d318e9f38 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296 2024-06-17T15:59:45+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/loadbalancer/wrr/wrr.go:196 > Service selected by WRR: f58fab65b05e6296
How can I set Authentik in front of my loginpage?It should provide 2FA for a Schneider Electric APC UPS Network Management Card 2