- You are using forward authentication behind a reverse proxy
- The internal host for Unraid does not use HTTPS
- The only user allowed for the Unraid web GUI is
root
- The password for Unraid is stored as a user attribute
- The attribute can come from a group to which the user belongs
- In Authentik create a new Scope Mapping
- The Name can be whatever you would like
- The Scope name MUST be
ak_proxy
- Copy the contents of
unraid_scope_mapping.py
into the Expression field
- Update the "Important Variables" section of the Expression field
- Set
internal_host
to the domain or IP address of your Unraid instance- If the Unraid web GUI isn't using the default HTTP port, make sure you specify it
- Set
external_host
to your Unraid domain name
- Set
- Create a new Provider of type Proxy Provider named "Unraid"
- Set it to "Forward auth (single application)"
- Fill in the External host field to match the external host specified above
- Under Advanced protocol settings > Additional scopes make sure that you select the scope that you created in the first step
- Create a new Application and attach the Provider to the Application
- Attach the new Application to the Outpost of your choice
- Follow the Authentik instructions for setting up your reverse proxy using forward authentication