serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix caddy forward_auth settings for authentik

Browse source 
The snippet will now set the correct Host for the next hop and keep the
original site in the X-Forward-Auth-Host. The authentik caddy-site will
then put the X-Forward-Auth-Host into the X-Forwarded-Host (which would
normally be the authentik host/domain). Authentik is able to handle the
X-Forwarded-Host header.
This commit is contained in:
Tobias Reisinger 2025-05-30 15:15:34 +02:00
parent 5d22308f0f
commit 9af19f51fa
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
5 changed files with 16 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbooks/roles/authentik/vars/main.yml
View file

@ -2,6 +2,7 @@
authentik_svc:
domain: "{{ all_services | service_get_domain(role_name) }}"
port: 9000
caddy_proxy_extra: "header_up X-Forwarded-Host {http.request.header.X-Forward-Auth-Host}"
image_tag: 2025.2
db:
host: "{{ postgres.host }}"