Skip to content

Instantly share code, notes, and snippets.

Last active May 4, 2023 08:33
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Authentik Forward Auth with Caddy
# Put this somewhere near the top of your Caddyfile (at the root, not in a site directive).
# Replace `` with your *internal* Authentik outpost's hostname and port
(authentik_forwardauth) {
reverse_proxy /*
forward_auth {args.0} {
uri /
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
# Then use it like this. There should be a Proxy Provider configured for {
import authentik_forwardauth
respond * "If you see this you're authenticated!"
# Or use a matcher to only protect certain resources {
import authentik_forwardauth /private*
respond /private* "the imposter when suspicious"
respond * "public thingy"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment