Skip to content

Instantly share code, notes, and snippets.

@sussycatgirl
Last active May 4, 2023 08:33
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Authentik Forward Auth with Caddy
# Put this somewhere near the top of your Caddyfile (at the root, not in a site directive).
# Replace `http://127.0.0.1:9000` with your *internal* Authentik outpost's hostname and port
(authentik_forwardauth) {
reverse_proxy /outpost.goauthentik.io/* http://127.0.0.1:9000
forward_auth {args.0} http://127.0.0.1:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
# Then use it like this. There should be a Proxy Provider configured for example.org
example.org {
import authentik_forwardauth
respond * "If you see this you're authenticated!"
}
# Or use a matcher to only protect certain resources
example2.org {
import authentik_forwardauth /private*
respond /private* "the imposter when suspicious"
respond * "public thingy"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment