Authentik as Reverse-Proxy
Using Authentik not only as your Identity Provider but also as your simple reverse-proxy
Authentik can be used as your simple reverse proxy when you don't need powerful tools like NPM or Traefik, or if you have to get your apps running quickly.
Prerequisites
Add DNS record for the FQDN yourapp.domain.com to your server public IP address.
Configure a new App in Authentik
Go to the menu "Applications > Applications" and "Create"
Choose a name (and a group which is optional) and click on "Create Provider"
Now configure the new provider with these settings :
Select Proxy Provider as your provider type
Choose the authorization flow you want,
implicit = You just have to log in once and then automatic redirection until token expiration.
explicit = You have to approve redirection each time you navigate to the app.
Select Proxy (Forward auth is restricted when you have another reverse-proxy)
External host : FQDN of your app
Internal host : LAN access to your app
If you're using Docker networking, you can don't open any ports, and instead make sure you app and the container authentik-server are in the same docker network, (more information on the page Docker compose Installation) then the intenal host would be
http(s)://<containername>:port
If your app needs unauthenticated paths (exemple: bitwarden extension is not compatible with authentik auth), you can put a regular expression in this case in "Advanced Protocol Settings"
If you want to completely disable auth for your app regardless of the URL path, the regular expression is "
^.*".
Now go to the menu " Applications > Outposts " and click the Edit icon button on the right of the authentik Embedded Outpost
Select you new app on the list (using CTRL/CMD select multiple apps)
In the configuration section, if it's not already the case, replace the value in "authentik_host" by your domain auth.domain.com
You now have access to your app at the URL https://myapp.domain.com !
Last updated