@ moutoum,I failed again.I configured an outpost and put app in it.But when I visit app,firefox will show :
The page isn’t redirecting properly
An error occurred during a connection to app.mydomain.duckdns.org.
I have changed my configs for easy reading.
config-traefik.yml
Summary
http:
routers:
traefik:
entryPoints:
- web
rule: "Host(`traefik.mydomain.duckdns.org`)"
middlewares:
- https-redirectscheme
service: api@internal
traefik-secure:
entryPoints:
- websecure
rule: "Host(`traefik.mydomain.duckdns.org`)"
tls:
certResolver: production
domains:
- main: "mydomain.duckdns.org"
sans:
- "*.mydomain.duckdns.org"
service: api@internal
middlewares:
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
config-authentik.yml
Summary
http:
routers:
authentik:
entryPoints:
- web
rule: "Host(`authentik.mydomain.duckdns.org`)"
middlewares:
- https-redirectscheme
service: authentik
authentik-secure:
entryPoints:
- websecure
rule: "Host(`authentik.mydomain.duckdns.org`)"
#- authentik-auth
tls: {}
service: authentik
services:
authentik:
loadBalancer:
servers:
- url: "http://192.168.0.130:9080"
middlewares:
authentik-auth:
forwardAuth:
address: http://192.168.0.130:9080/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
config-app.yml
Summary
http:
routers:
app:
entryPoints:
- web
rule: "Host(`app.mydomain.duckdns.org`)"
middlewares:
- https-redirectscheme
service: app
app-secure:
entryPoints:
- websecure
rule: "Host(`app.mydomain.duckdns.org`)"
- authentik-auth
tls: {}
service: app
services:
app:
loadBalancer:
servers:
- url: "http://192.168.0.130:180"
Here are configs about authentik:
Summary
Provider:
type: Proxy (forward auth)
name: authentik
authentication URL: `https://authentik.mydomain.duckdns.org`
cookie domain: `mydomain.duckdns.org`
type: Proxy (proxy)
name: app
external host: `https://app.mydomain.duckdns.org`
internal: `http://192.168.0.130:180`
Application:
name: authentik
slug: authentik
provider: authentik
name: app
slug: app
provider: app
Outpost:
type: Proxy
application: authentik,app
configuration: `authentik_host: https://authentik.mydomain.duckdns.org`
I can visit https://authentik.mydomain.duckdns.org/outpost.goauthentik.io/callback and got redirected.But after remove # in config-authentik.yml,this will happen:
The page isn’t redirecting properly
An error occurred during a connection to authentik.mydomain.duckdns.org.
I can't visit https://app.mydomain.duckdns.org/outpost.goauthentik.io/callback with or without # .
Does it mean I need to add a new Host for authentik?Because when I visit app,the url will show this:
https://app.mydomain.duckdns.org/outpost.goauthentik.io/start?rd=https%3A%2F%2Fapp.mydomain.duckdns.org%2Foutpost.goauthentik.io%2Fauth%2Ftraefik
As far as I know,the path outpost.goauthentik.io belongs to authentik.
So this?
authentik-app:
entryPoints:
- websecure
rule: "Host(`app.mydomain.duckdns.org`) && PathPrefix(`/outpost.goauthentik.io`)"
tls: {}
service: authentik
But from my experience,there must be a middleware exist,but what type?RedirectRegex? StripPrefixRegex?