search

nix-community / authentik-nix

Nix flake with package, NixOS module and basic VM test for authentik. Trying to provide an alternative deployment mode to the officially supported docker-compose approach. Not affiliated with or officially supported by the authentik project [maintainer=@willibutz]
MIT License
74 stars 15 forks source link

Unable to get Embedded Outpost working #22

Closed GGG-KILLER closed 6 months ago

GGG-KILLER commented 6 months ago

I've decided to open this here first because it might be the way we do things.

I've set up my authentik instance with the following configuration: https://github.com/GGG-KILLER/nixos-configs/blob/44250cae5dac622f8bc8490acdc05f45cd2e9405/hosts/shiro/containers/authentik.nix#L54-L70

And my nginx is using the following config: https://github.com/GGG-KILLER/nixos-configs/blob/44250cae5dac622f8bc8490acdc05f45cd2e9405/hosts/shiro/containers/authentik.nix#L72-L94

However, according to the docs, the embedded outpost should return a 204 when making a request to /outpost.goauthentik.io/ping, but in my case it's just resulting in a 404. And also when using the Forward Authentication method, it also returning a 400 response even though the application and providers have been correctly configured.

In the outpost's authentik_host I've tried all of the following:

Absolutely none of them seem to work.

GGG-KILLER commented 6 months ago

Ok, I finally figured out my issues:

  1. I wasn't setting the Host header correctly when calling the auth endpoint in nginx.
  2. Authentik-based auth is incompatible with services.nginx.recommendedProxySettings due to proxy_redirect off;, this totally breaks authentication and thus leads to every request to /outpost.goauthentik.io returning a 400.