After "Add to Home Screen" on iPhone Safari, Authentik in forward auth failed with 404 not found. But before adding, the website could successfully auth.
To Reproduce
Open Safari and enter the website.
Jump to the authentication page successfully
But make this website "add to home screen", it only shows "404 not found".
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Describe the bug
After "Add to Home Screen" on iPhone Safari, Authentik in forward auth failed with 404 not found. But before adding, the website could successfully auth.
To Reproduce
Logs server-1 | {"event":"/outpost.goauthentik.io/auth/traefik","host":"xxx.mydomain.com","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Provider for qbittorrent (Proxy)","remote":"192.168.1.1","runtime":"1.219","scheme":"http","size":726,"status":302,"timestamp":"2024-08-10T11:51:43Z","user_agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1"} worker-1 | {"event": "TenantAwareScheduler: Sending due task clean_expired_models (authentik.core.tasks.clean_expired_models) to 1 tenants", "level": "info", "logger": "tenant_schemas_celery.scheduler", "timestamp": 1723290720.005522} worker-1 | {"domain_url": null, "event": "Task published", "level": "info", "logger": "authentik.root.celery", "pid": 53, "schema_name": "public", "task_id": "ea2c3b3db1204afe8c5d9d99ef564a84", "task_name": "authentik.core.tasks.clean_expired_models", "timestamp": "2024-08-10T11:52:00.008460"} worker-1 | {"domain_url": null, "event": "Task started", "level": "info", "logger": "authentik.root.celery", "pid": 7936, "schema_name": "public", "task_id": "ea2c3b3d-b120-4afe-8c5d-9d99ef564a84", "task_name": "clean_expired_models", "timestamp": "2024-08-10T11:52:00.013852"} worker-1 | {"domain_url": null, "event": "Task finished", "level": "info", "logger": "authentik.root.celery", "pid": 7936, "schema_name": "public", "state": "SUCCESS", "task_id": "ea2c3b3db1204afe8c5d9d99ef564a84", "task_name": "clean_expired_models", "timestamp": "2024-08-10T11:52:00.245295"} server-1 | {"auth_via": "unauthenticated", "domain_url": "0.0.0.0", "event": "/-/health/live/", "host": "0.0.0.0:9000", "level": "info", "logger": "authentik.asgi", "method": "HEAD", "pid": 4027, "remote": "127.0.0.1", "request_id": "08dc90433cab4d31a82ac5371aa57713", "runtime": 24, "schema_name": "public", "scheme": "http", "status": 204, "timestamp": "2024-08-10T11:52:04.963672", "user": "", "user_agent": "goauthentik.io/healthcheck"}
Version and Deployment (please complete the following information): 2024.6.3
services: postgresql: image: docker.io/library/postgres:16-alpine restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes:
auth.mydomain.com
)"auth.mydomain.com
) || HostRegexp({subdomain:[a-z0-9]+}.mydomain.com
) && PathPrefix(/outpost.goauthentik.io/
)" env_file:user: root
and the docker socket volume are optional.See more for the docker socket integration here:
https://goauthentik.io/docs/outposts/integrations/docker
Removing
user: root
also prevents the worker from fixing the permissionson the mounted folders, so when removing this make sure the folders have the correct UID/GID
(1000:1000 by default)
user: root volumes:
volumes: database: driver: local redis: driver: local
networks: traefik: external: true authentik: