You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Instead of using the native password manager I was planning on using Authentik's logon for my homelab domain (Proxy Manager is Nginix). On Authentik am using the default outpost and forwarding the authorization to this application. And i didnt enable password authentication on changedetection either.
Custom configuration on Nginix:
Increase buffer size for large headers
This is needed only if you get 'upstream sent too big header while reading response
header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
# authentik-specific config
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
}
all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass https://authentik.x.space/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
Special location for when the /auth endpoint returns a 401,
Expected behavior
I thought i could use Authentik to log on then just land on the main page of changedetection but i was getting a 501 error. if i remove the custom settings on NPM then the error goes away and the page loads. Typically for other homelab applcations such as homepage it just displays the dashboard after logon to Authentik is successful.
Screenshots
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Describe the bug
Instead of using the native password manager I was planning on using Authentik's logon for my homelab domain (Proxy Manager is Nginix). On Authentik am using the default outpost and forwarding the authorization to this application. And i didnt enable password authentication on changedetection either.
Custom configuration on Nginix:
Increase buffer size for large headers
This is needed only if you get 'upstream sent too big header while reading response
header from upstream' error when trying to access an application protected by goauthentik
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location / {
# Put your proxy_pass to your application here
proxy_pass $forward_scheme://$server:$port;
}
all requests to /outpost.goauthentik.io must be accessible without authentication
location /outpost.goauthentik.io {
proxy_pass https://authentik.x.space/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
}
Special location for when the /auth endpoint returns a 401,
redirect to the /start URL which initiates SSO
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
Version
v0.45.24
Expected behavior
I thought i could use Authentik to log on then just land on the main page of changedetection but i was getting a 501 error. if i remove the custom settings on NPM then the error goes away and the page loads. Typically for other homelab applcations such as homepage it just displays the dashboard after logon to Authentik is successful.
Screenshots
![Screenshot 2024-06-30 at 3 17 56 PM](https://private-user-images.githubusercontent.com/31374940/344449577-fbeaa7d6-7a5d-4593-95ec-acfb56371b0f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk5ODY1MzQsIm5iZiI6MTcxOTk4NjIzNCwicGF0aCI6Ii8zMTM3NDk0MC8zNDQ0NDk1NzctZmJlYWE3ZDYtN2E1ZC00NTkzLTk1ZWMtYWNmYjU2MzcxYjBmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzAzVDA1NTcxNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWVkNWFlMjUzMGQxZGFkNTJhMzJiYmRjZDU1OThhYTk4YmU0ZjMwYjFjZGJiNTY4MjhiZWU5MzY4ZDc0MmM0ZGEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.iyeMeJpmqdDX2tH4VOFpF-x9fVnmDPWcp_dTzPfovfE)
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: