Fix caddy forward_auth settings for authentik

The snippet will now set the correct Host for the next hop and keep the original site in the X-Forward-Auth-Host. The authentik caddy-site will then put the X-Forward-Auth-Host into the X-Forwarded-Host (which would normally be the authentik host/domain). Authentik is able to handle the X-Forwarded-Host header.
2025-05-30 15:15:34 +02:00 · 2025-05-30 15:15:34 +02:00 · 9af19f51fa
commit 9af19f51fa
parent 5d22308f0f
5 changed files with 16 additions and 10 deletions
--- a/playbooks/roles/caddy/templates/Caddyfile.j2
+++ b/playbooks/roles/caddy/templates/Caddyfile.j2
@ -1,7 +1,7 @@
 {
 	email {{ admin_email }}

-    metrics
+	metrics

 	servers {
 		strict_sni_host on
@ -11,9 +11,9 @@
 import /etc/caddy/snippets

 http://{{ host_vpn.domain }} {
-    import vpn_only
+	import vpn_only

-    metrics
+	metrics
 }

 *.serguzim.me {