Open fabrepe opened 1 month ago
If it is fixed, would that eliminate the need for enabling and adding additional auth snippet in ingress-nginx
as mentioned in the docs?
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
Describe the bug Nginx Forward Auth provider (domain level) returned the following error :
Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
Steps to reproduce the behavior:
While connecting to an application, the application nginx reverse proxy returned an error 500. Authentik related logs show the error message
Outpost authentik Embedded Outpost (Provider Provider for XXX) failed to detect a forward URL from nginx
The application reverse proxy is configured as following (slightly modified copy from the authentik web ui):
Expected behavior No error
Solution
The proxy header configuration proposed by the ui is to set
X-Original-URL
to$scheme://$http_host$request_uri
. However, it seems that the authentik code is checkingX-Original-URI
(last character is I instead of L) cf. https://github.com/goauthentik/authentik/blob/0766a47b4f610c56680c7ae70104d36aaaffc4f7/internal/outpost/proxyv2/application/mode_common.go#L90In fact, setting the
X-Original-URI
to$scheme://$http_host$request_uri
instead ofX-Original-URL
solves the error.It seems that the header
X-Original-URL
is a standard. Maybe the code may be changed to lookup for it instead ?Thanks for your awesome application 👍