Help with authentik

[chrispazz]

Hello, I deployed your great addition to pangolin.

However I can't have my existing Authentik working with Traefik.
I made all setup in authentik and with middleware-manager I personalised the middleware Authentik with my auth URL and added it to a specific resource.

However, trying to reach the URL resource, it seems to ignore authentik.

Do I have to configure something also in static or dynamic Traefik configuration files or using the middleware-manager is enough?

Thank you
C.

[hhftechnology]

Below will go on your Authentik Instance. to use Authentik for auth with traefik on separate hosts and using domain names, you'll need to configure Traefik's forwardAuth middleware and Authentik's application settings accordingly. this involves defining the Authentik host (including the protocol and port), specifying the application's URL, and configuring Traefik to trust the Forwarded header.

# traefik.yml
providers:
  file:
    filename: /etc/traefik/dynamic/config.yml

# ... other configurations ...

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
    http:
      redirections:
        entryPoint: websecure
        scheme: https

# ... other entryPoints configurations ...

# Middlewares for Forward Auth
middlewares:
  authentik-auth:
    forwardAuth:
      address: "https://authentik.example.com:9000/akprox/auth/traefik"  # Replace with your Authentik domain and path
      trustForwardHeader: true
      authResponseHeaders:
        - X-Authentik-Username
        - X-Authentik-Groups
        - X-Authentik-Email
        - X-Authentik-Name
        - X-Authentik-Uid
        - X-Authentik-Jwt
        - X-Authentik-Meta-Jwks
        - X-Authentik-Meta-Outpost
        - X-Authentik-Meta-Provider
        - X-Authentik-Meta-App
        - X-Authentik-Meta-Version

# Routers and Services (example)
http:
  routers:
    authentik-router:
      rule: "Host(`authentik.example.com`)"
      entryPoints:
        - websecure
      service: authentik-service
      middlewares:
        - authentik-auth
    protected-app-router:
      rule: "Host(`app.example.com`)"
      entryPoints:
        - websecure
      service: protected-app-service
      middlewares:
        - authentik-auth
  services:
    authentik-service:
      loadbalancer:
        server:
          port: 9000
    protected-app-service:
      loadbalancer:
        server:
          port: 8080  # Replace with your application's port 443 or which you have put as entrypoint 

[chrispazz]

Ok, I was missing a lot of modifications :)

Now it works but using in authentik Forward Auth at domain level, after authentication it always return to authentik dashboard instead of the single app....

[hhftechnology]

mine works swiftly with above code. i have different auths for different sites in pangolin. ping me on my cord https://discord.gg/HDCt9MjyMJ

[qwasy]

Can you share your code, or make some example files for other authenticators? Like in a git wiki here, or so.
I'm trying to use pangolin with middleware-manager and authelia, but everytime I add some configs, pangolin/traefik breaks...
But I'm no expert with traefik, so maybe I'm the problem :D

[hhftechnology]

once i get time will write a detailed wiki

[hhftechnology]

i will move this issue to discussion