Closed GGG-KILLER closed 6 months ago
Ok, I finally figured out my issues:
Host
header correctly when calling the auth endpoint in nginx.services.nginx.recommendedProxySettings
due to proxy_redirect off;
, this totally breaks authentication and thus leads to every request to /outpost.goauthentik.io
returning a 400.
I've decided to open this here first because it might be the way we do things.
I've set up my authentik instance with the following configuration: https://github.com/GGG-KILLER/nixos-configs/blob/44250cae5dac622f8bc8490acdc05f45cd2e9405/hosts/shiro/containers/authentik.nix#L54-L70
And my nginx is using the following config: https://github.com/GGG-KILLER/nixos-configs/blob/44250cae5dac622f8bc8490acdc05f45cd2e9405/hosts/shiro/containers/authentik.nix#L72-L94
However, according to the docs, the embedded outpost should return a 204 when making a request to
/outpost.goauthentik.io/ping
, but in my case it's just resulting in a 404. And also when using the Forward Authentication method, it also returning a 400 response even though the application and providers have been correctly configured.In the outpost's
authentik_host
I've tried all of the following:http://localhost:8000
http://localhost:9000
https://localhost:9443
http://sso.shiro.lan:9000
https://sso.shiro.lan:9443
http://sso.shiro.lan
https://sso.shiro.lan
Absolutely none of them seem to work.