Open gibrich opened 1 year ago
This is interesting...I'm also trying to get UptimeKuma behind Authentik (using Nginx Proxy Manager [NPM] as well) and just came to Github to see if any others had filed issues for the same thing...
In my case however, as soon as I add the advanced config to my proxy host in NPM, I instantly get a 500 internal server error for UptimeKuma. I've isolated it to the auth_request /outpost.goauthentik.io/auth/nginx;
line in my config, which points to the location /outpost.goauthentik.io {}
stanza, however I noticed that @gibrich does not have this same line in their config, so it appears I may have more digging to do. I would note that my config is identical to the one posted above, and the only way I can
I should note that in no case can I get it working, LAN or otherwise, and I am also not using CF tunnels, so the setup is slightly different. I just have a "normal" setup, in the sense of domain.com ---> CNAME to home router WAN IP --> forward 80/443 to --> NPM ---> downstream proxied servers.
FWIW, I have found instructions to not use the FQDN in the proxy_pass URL in setting up hosts to forward to Authentik, but this may be because I'm hosting everything at home, so it has to try to resolve the FQDN which points to the same machine it's resolving from, resulting in a loop. I am running 20+ microservices, (almost) all secured by Authentik with zero issues, so it appears Kuma is the only one causing any issues in "playing nice" with Authentik
In any case, I'm +1'ing this issue as I'm essentially facing the same issue and would love to see a resolution.
This is interesting...I'm also trying to get UptimeKuma behind Authentik (using Nginx Proxy Manager [NPM] as well) and just came to Github to see if any others had filed issues for the same thing...
In my case however, as soon as I add the advanced config to my proxy host in NPM, I instantly get a 500 internal server error for UptimeKuma. I've isolated it to the
auth_request /outpost.goauthentik.io/auth/nginx;
line in my config, which points to thelocation /outpost.goauthentik.io {}
stanza, however I noticed that @gibrich does not have this same line in their config, so it appears I may have more digging to do. I would note that my config is identical to the one posted above, and the only way I canI should note that in no case can I get it working, LAN or otherwise, and I am also not using CF tunnels, so the setup is slightly different. I just have a "normal" setup, in the sense of domain.com ---> CNAME to home router WAN IP --> forward 80/443 to --> NPM ---> downstream proxied servers.
FWIW, I have found instructions to not use the FQDN in the proxy_pass URL in setting up hosts to forward to Authentik, but this may be because I'm hosting everything at home, so it has to try to resolve the FQDN which points to the same machine it's resolving from, resulting in a loop. I am running 20+ microservices, (almost) all secured by Authentik with zero issues, so it appears Kuma is the only one causing any issues in "playing nice" with Authentik
In any case, I'm +1'ing this issue as I'm essentially facing the same issue and would love to see a resolution.
Yeah sorry, probably not the same issue here. Did you solve yours? I have still no clue why it doesnt work for me. Tried now with Sonarr too, and same problem.
I'm getting the same issue as well. Tried it with a couple of programs and still no go! I'm using the Geeks Circuit guide as well.
I'm tempted to use the old version of Authentik and NPM from when that article was written, to help determine if it's a bug.
I used an old version 2022.7.3 and it works. Not sure if it's bug in the creation of new applications or just the new build in general.
Also experiencing this issue 😢
I just updated to 2023.2.1 and it's working now :)
I just updated to 2023.2.1 and it's working now :)
Man you just made my day haha I've been terrified to start the troubleshooting XD
@gibrich is this still an issue?
For some of us it is. I'm stuck getting http error 400. If I'm signed out and go to a subdomain, it'll redirect me to sign in with authentik. As soon as I sign in, it goes back to the subdomain with a 400 error and the url
https://traefik.domain.com/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=ecde95392d5d1419ac943e03b4e4c3b8&state=xR_v8AhcJ84yL6eA_sfKT0e5CBe5n3Wduq6rcDL2bAU
I'm running latest Authentik and Uptimekuma on Unraid, using Cloudflare Tunnels (zero trust), and no issues going to authentik or uptimekuma separately with Nginx Reverse Proxy (NPM). So now I'm trying reverse proxy to Uptimekuma with Authentik in front. I've followed this documentation + and added/changed some parameters for me to get it working:
https://geekscircuit.com/set-up-authentik-sso-with-nginx-proxy-manager/
It works perfectly when redirecting locally, but not when changing the host config (authentik_host under outpost) from local (http://192.168.1.124:9000) to http://auth.MYDOMAIN.net. After login via Authentik (using admin account) I get redirect to a HTTP ERROR 400-page. And this is the the URL:
https://uptimekuma.MYDOMAIN.net/outpost.goauthentik.io/callback?X-authentik-auth-callback=true&code=3de215940d144d46845a5d0df4ef2b47&state=WRAkjxlTr1VUh9HNjBjicWAX6UfGbu0qZScqNpwpCqc
On iphone (safari) I get this:
If using my local adress under authentik_host, it goes directly to uptimekuma after auth login. Though that's on my LAN.
This is my NPM setting for auth.MYDOMAIN.net
NPM setting for Uptimekuma:
Uptimekuma Custom Nginx Configuration:
Let me know if you need any more info. Thanks!