authentik/_caddy_standalone.md at c6235e0f1e34ae7110252d97a3ed46a55c12cba7

Files

Melvin Snijders 547c01f481 website/docs: update Caddy docs to include HTTPS proxying (#4316 )

Update Caddy documentation to include HTTPS proxying

Signed-off-by: Melvin Snijders <mail@melvinsnijders.nl>

2023-02-03 14:43:13 +01:00

1.1 KiB

Raw Blame History

Use the following configuration:

app.company {
    # always forward outpost path to actual outpost
    reverse_proxy /outpost.goauthentik.io/* http://outpost.company:9000

    # forward authentication to outpost
    forward_auth http://outpost.company:9000 {
        uri /outpost.goauthentik.io/auth/caddy

        # capitalization of the headers is important, otherwise they will be empty
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version

        # optional, in this config trust all private ranges, should probably be set to the outposts IP
        trusted_proxies private_ranges
    }

    # actual site configuration below, for example
    reverse_proxy localhost:1234
}

If you're trying to proxy to an upstream over HTTPS, you need to set the Host header to the value they expect for it to work correctly.

reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
	header_up Host {http.reverse_proxy.upstream.hostport}
}

1.1 KiB Raw Blame History

1.1 KiB

Raw Blame History