Skip to content

Instantly share code, notes, and snippets.

@sussycatgirl
Last active September 18, 2024 18:26
Show Gist options
  • Save sussycatgirl/e491fe42f9f84439d2c681012ba3d4ea to your computer and use it in GitHub Desktop.
Save sussycatgirl/e491fe42f9f84439d2c681012ba3d4ea to your computer and use it in GitHub Desktop.
Authentik Forward Auth with Caddy
# Put this somewhere near the top of your Caddyfile (at the root, not in a site directive).
# Replace `http://127.0.0.1:9000` with your *internal* Authentik outpost's hostname and port
(authentik_forwardauth) {
reverse_proxy /outpost.goauthentik.io/* http://127.0.0.1:9000
forward_auth {args.0} http://127.0.0.1:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
# Then use it like this. There should be a Proxy Provider configured for example.org
example.org {
import authentik_forwardauth
respond * "If you see this you're authenticated!"
}
# Or use a matcher to only protect certain resources
example2.org {
import authentik_forwardauth /private*
respond /private* "the imposter when suspicious"
respond * "public thingy"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment