Authentik: How to Install with Docker and Why You Should


Recommended Posts

  • 1 month later...

I've got Authentik set up and accessible through my domain. I'm currently using linuxserver's Swag Docker with Vouch and Keycloak for authentication/authorization. I'm not seeing any guides on how to integrate Authentik with Swag. It appears as if Authentik should replace both Vouch and Keycloak so I'm trying to figure out how to implement it through Swag. Maybe I need to read the docs. I set up a proxy provider and an application and outpost. I took the nginx standalone code and put the "/" location code into a file to include in the application's location and put the other server block code into a separate file to include outside the app's location blocks. When I browse to my application I just get a 500 error. Any ideas?

Link to comment
  • 1 month later...

I think Hibracorp wanted to break things down into stages.

 

This is the install only which includes Postgres/Redis/Authentik.

It's already a good thing and it takes place without complications.

I think the next step will be on a concrete use case with an application for example not secure ?

 

In this regard, if someone can answer this question : with Authelia we have strong Authentication.

But once the authentication passed, we have the Login / Password authentication of the app.

 

How to remove the authentication of an application so as not to duplicate ?

 

Thanks

Edited by Casadream_1
  • Upvote 1
Link to comment
  • 2 months later...

Great video but cant get the authentik-worker to connect to postgres. Followed the guide exactly. Gets this error in worker log:

 

{"event": "PostgreSQL connection successful", "level": "info", "logger": "__main__", "timestamp": 1663354077.5986426}
{"event": "PostgreSQL connection failed, retrying... (connection to server at \"postgres\" (172.18.0.12), port 5432 failed: FATAL:  password authentication failed for user \"postgres\"\n)", "level": "info", "logger": "__main__", "timestamp": 1663354078.6033316}

 

Anyone got an idea? Removed every special character everywhere.

 

Thanks!

Link to comment
  • 4 weeks later...
On 6/2/2022 at 2:59 PM, Taddeusz said:

I've got Authentik set up and accessible through my domain. I'm currently using linuxserver's Swag Docker with Vouch and Keycloak for authentication/authorization. I'm not seeing any guides on how to integrate Authentik with Swag. It appears as if Authentik should replace both Vouch and Keycloak so I'm trying to figure out how to implement it through Swag. Maybe I need to read the docs. I set up a proxy provider and an application and outpost. I took the nginx standalone code and put the "/" location code into a file to include in the application's location and put the other server block code into a separate file to include outside the app's location blocks. When I browse to my application I just get a 500 error. Any ideas?

 

Same problem here.  Switched to nginx proxy manager and still get the 500 error.  followed all online sources troubleshooting, error remains.

Link to comment
  • 1 month later...

I succefully installed Authentik thanks to this video, but after that there's a steep learning curve about terminology and concepts.

To be honest I'm strill trying to figure out what is an outpost, and should I care about it.

 

Here's a link I followed to mimic what Authelia does for a simple SSO with NPM : https://geekscircuit.com/set-up-authentik-sso-with-nginx-proxy-manager/

 

I also had a 500 error fixed by adjusting the proxy_pass in NPM configuration, as explained in the link :

 

Quote

Make sure you have changed the authentik proxy pass config. either you can use internal IP address with port number or public address

proxy_pass         https://auth.example.com/outpost.goauthentik.io;

proxy_pass          http://10.10.20.25:9090/outpost.goauthentik.io;

 

I will definitely continue to dig on how use this tool as the possibilities are larger comparing to Authelia.

  • Thanks 1
Link to comment
  • 4 months later...

Has anyone gotten this to work properly? I got the redirect working, but it automatically denies me access and doesn't go to the login screen. Even going directly to authentic produces the same problem until I turn off the workflows within authentic or remove the configs from the targeted app.

 

The only way I really got it to work briefly is when all the apps are in the same proxy network, but that isn't really feasible as some apps need to be on it's own IP

Link to comment
  • 4 months later...
  • 4 months later...

I followed IBRACORP tutorial and had authentik + postgres installed in unraid. I use SWAG + Cloudflare as well as reverse proxy and have the annoying "500 Internal Server Error" when I connect to one of my subdomains (which is a VM service exposed to port 80). The service works fine when I use the actual LAN IP.

 

In Authentik log I have this error log (I x'd and y'd the IPs and the domain). Any idea?

 

Outpost authentik Embedded Outpost (Provider NGINX) failed to detect a forward URL from nginx

{
    "url": "https:///outpost.goauthentik.io/auth/nginx",
    "headers": {
        "Accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
        "Cf-Ray": "838cea73496dc339-EWR",
        "Referer": "https://my.domain.com/",
        "Cdn-Loop": "cloudflare",
        "Priority": "u=1, i",
        "Sec-Ch-Ua": "\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\"",
        "X-Real-Ip": "xxx.xxx.xxx.xxx",
        "Cf-Visitor": "{\"scheme\":\"https\"}",
        "Connection": "close",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
        "Cf-Ipcountry": "US",
        "Sec-Fetch-Dest": "image",
        "Sec-Fetch-Mode": "no-cors",
        "Sec-Fetch-Site": "same-origin",
        "Accept-Language": "en-US,en;q=0.9,es-AR;q=0.8,es;q=0.7",
        "X-Forwarded-For": "xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy",
        "X-Forwarded-Ssl": "on",
        "Cf-Connecting-Ip": "xxx.xxx.xxx.xxx",
        "Sec-Ch-Ua-Mobile": "?0",
        "X-Forwarded-Host": "my.domain.com",
        "X-Forwarded-Proto": "https",
        "Sec-Ch-Ua-Platform": "\"Windows\""
    },
    "message": "Outpost authentik Embedded Outpost (Provider NGINX) failed to detect a forward URL from nginx",
    "outpost": "authentik Embedded Outpost",
    "provider": "NGINX"
}
User
{}

 

Edited by chenci
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.