Fix caddy forward_auth settings for authentik

The snippet will now set the correct Host for the next hop and keep the
original site in the X-Forward-Auth-Host. The authentik caddy-site will
then put the X-Forward-Auth-Host into the X-Forwarded-Host (which would
normally be the authentik host/domain). Authentik is able to handle the
X-Forwarded-Host header.

playbooks/roles/caddy/files/snippets

@@ -1,16 +1,19 @@
 (auth_serguzim_me) {
     # always forward outpost path to actual outpost
-    reverse_proxy /outpost.goauthentik.io/* authentik:9000
+    reverse_proxy /outpost.goauthentik.io/* https://auth.serguzim.me {
+				header_up Host {http.reverse_proxy.upstream.hostport}
+				header_up X-Forward-Auth-Host {http.request.host}
+		}
 
     # forward authentication to outpost
-    forward_auth authentik:9000 {
+    forward_auth https://auth.serguzim.me {
         uri /outpost.goauthentik.io/auth/caddy
 
+				header_up Host {http.reverse_proxy.upstream.hostport}
+				header_up X-Forward-Auth-Host {http.request.host}
+
         # capitalization of the headers is important, otherwise they will be empty
         copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
-
-        # optional, in this config trust all private ranges, should probably be set to the outposts IP
-        trusted_proxies private_ranges
     }
 }