Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Authentik: How to Install with Docker and Why You Should

Featured Replies

  • 1 month later...

I've got Authentik set up and accessible through my domain. I'm currently using linuxserver's Swag Docker with Vouch and Keycloak for authentication/authorization. I'm not seeing any guides on how to integrate Authentik with Swag. It appears as if Authentik should replace both Vouch and Keycloak so I'm trying to figure out how to implement it through Swag. Maybe I need to read the docs. I set up a proxy provider and an application and outpost. I took the nginx standalone code and put the "/" location code into a file to include in the application's location and put the other server block code into a separate file to include outside the app's location blocks. When I browse to my application I just get a 500 error. Any ideas?

  • 1 month later...

I think Hibracorp wanted to break things down into stages.

 

This is the install only which includes Postgres/Redis/Authentik.

It's already a good thing and it takes place without complications.

I think the next step will be on a concrete use case with an application for example not secure ?

 

In this regard, if someone can answer this question : with Authelia we have strong Authentication.

But once the authentication passed, we have the Login / Password authentication of the app.

 

How to remove the authentication of an application so as not to duplicate ?

 

Thanks

Edited by Casadream_1

  • 2 months later...

Great video but cant get the authentik-worker to connect to postgres. Followed the guide exactly. Gets this error in worker log:

 

{"event": "PostgreSQL connection successful", "level": "info", "logger": "__main__", "timestamp": 1663354077.5986426}
{"event": "PostgreSQL connection failed, retrying... (connection to server at \"postgres\" (172.18.0.12), port 5432 failed: FATAL:  password authentication failed for user \"postgres\"\n)", "level": "info", "logger": "__main__", "timestamp": 1663354078.6033316}

 

Anyone got an idea? Removed every special character everywhere.

 

Thanks!

  • 4 weeks later...
On 6/2/2022 at 2:59 PM, Taddeusz said:

I've got Authentik set up and accessible through my domain. I'm currently using linuxserver's Swag Docker with Vouch and Keycloak for authentication/authorization. I'm not seeing any guides on how to integrate Authentik with Swag. It appears as if Authentik should replace both Vouch and Keycloak so I'm trying to figure out how to implement it through Swag. Maybe I need to read the docs. I set up a proxy provider and an application and outpost. I took the nginx standalone code and put the "/" location code into a file to include in the application's location and put the other server block code into a separate file to include outside the app's location blocks. When I browse to my application I just get a 500 error. Any ideas?

 

Same problem here.  Switched to nginx proxy manager and still get the 500 error.  followed all online sources troubleshooting, error remains.

  • 1 month later...

I succefully installed Authentik thanks to this video, but after that there's a steep learning curve about terminology and concepts.

To be honest I'm strill trying to figure out what is an outpost, and should I care about it.

 

Here's a link I followed to mimic what Authelia does for a simple SSO with NPM : https://geekscircuit.com/set-up-authentik-sso-with-nginx-proxy-manager/

 

I also had a 500 error fixed by adjusting the proxy_pass in NPM configuration, as explained in the link :

 

Quote

Make sure you have changed the authentik proxy pass config. either you can use internal IP address with port number or public address

proxy_pass         https://auth.example.com/outpost.goauthentik.io;

proxy_pass          http://10.10.20.25:9090/outpost.goauthentik.io;

 

I will definitely continue to dig on how use this tool as the possibilities are larger comparing to Authelia.

  • 4 months later...

Has anyone gotten this to work properly? I got the redirect working, but it automatically denies me access and doesn't go to the login screen. Even going directly to authentic produces the same problem until I turn off the workflows within authentic or remove the configs from the targeted app.

 

The only way I really got it to work briefly is when all the apps are in the same proxy network, but that isn't really feasible as some apps need to be on it's own IP

  • 4 months later...
  • 4 months later...

I followed IBRACORP tutorial and had authentik + postgres installed in unraid. I use SWAG + Cloudflare as well as reverse proxy and have the annoying "500 Internal Server Error" when I connect to one of my subdomains (which is a VM service exposed to port 80). The service works fine when I use the actual LAN IP.

 

In Authentik log I have this error log (I x'd and y'd the IPs and the domain). Any idea?

 

Outpost authentik Embedded Outpost (Provider NGINX) failed to detect a forward URL from nginx

{
    "url": "https:///outpost.goauthentik.io/auth/nginx",
    "headers": {
        "Accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
        "Cf-Ray": "838cea73496dc339-EWR",
        "Referer": "https://my.domain.com/",
        "Cdn-Loop": "cloudflare",
        "Priority": "u=1, i",
        "Sec-Ch-Ua": "\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\"",
        "X-Real-Ip": "xxx.xxx.xxx.xxx",
        "Cf-Visitor": "{\"scheme\":\"https\"}",
        "Connection": "close",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
        "Cf-Ipcountry": "US",
        "Sec-Fetch-Dest": "image",
        "Sec-Fetch-Mode": "no-cors",
        "Sec-Fetch-Site": "same-origin",
        "Accept-Language": "en-US,en;q=0.9,es-AR;q=0.8,es;q=0.7",
        "X-Forwarded-For": "xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy",
        "X-Forwarded-Ssl": "on",
        "Cf-Connecting-Ip": "xxx.xxx.xxx.xxx",
        "Sec-Ch-Ua-Mobile": "?0",
        "X-Forwarded-Host": "my.domain.com",
        "X-Forwarded-Proto": "https",
        "Sec-Ch-Ua-Platform": "\"Windows\""
    },
    "message": "Outpost authentik Embedded Outpost (Provider NGINX) failed to detect a forward URL from nginx",
    "outpost": "authentik Embedded Outpost",
    "provider": "NGINX"
}
User
{}

 

Edited by chenci

  • 7 months later...

It took me a while but I got a working installation now.

I followed the docker-compose installation method : https://docs.goauthentik.io/docs/installation/docker-compose

I though it would be best as the images versions were selected by the Authentik team.

 

And after some tryouts I successfully configured Authentik to work with NPM :

- SSO with Radarr/Sonarr

- Login page for service that does not support authentication.

 

I'm still working on OAuth SSO for Guacamole.

  • 4 weeks later...

I've yet to have any of Ibracorp's dockers and video instructions "just work" - why should this be any different. 👌

  • Author
4 hours ago, Espressomatic said:

I've yet to have any of Ibracorp's dockers and video instructions "just work" - why should this be any different. 👌

Feel free to update them if you like. We volunteer our time so if you can do it better please get to it.

  • 2 weeks later...
On 9/7/2024 at 12:12 AM, Espressomatic said:

I've yet to have any of Ibracorp's dockers and video instructions "just work" - why should this be any different. 👌

Fun fact, applications tend to receive updates, which eventually results in a once-useful instructional video becoming obsolete, even their Unraid setup video isn't as useful as it once was after the 6.12 update which changed how storage is assigned to shares. This very fact is the reason I stumbled upon this post, in the hopes of finding others who may have got Authentik up and running.

1 hour ago, UnknownWitcher said:

Fun fact, applications tend to receive updates, which eventually results in a once-useful instructional video becoming obsolete

 

I typically watch out for things like that, which wasn't what I was referring to. Funnily enough, the Authentik video instructions do in fact work (so kudos), and I didn't notice any glaring omissions. It leaves you with a functioning Authentik installation which you can successfully log into when finished.

My previous post was more along the lines of steps completely missed or dependencies and other requirements not disclosed, both in video and written instructions. Again, not relating to changes in the software in question - those issues are easy to ignore for the most part.

  • 1 month later...
On 8/9/2024 at 4:36 AM, hot22shot said:

It took me a while but I got a working installation now.

I followed the docker-compose installation method : https://docs.goauthentik.io/docs/installation/docker-compose

I though it would be best as the images versions were selected by the Authentik team.

 

And after some tryouts I successfully configured Authentik to work with NPM :

- SSO with Radarr/Sonarr

- Login page for service that does not support authentication.

 

I'm still working on OAuth SSO for Guacamole.

can you share your solution for authentik + npm? 

18 hours ago, D34DPUULL said:

can you share your solution for authentik + npm? 

 

Nothing fancy, I just used what Authentik advised for NPM, one trick though : I had to used my server IP in the proxy_pass URL of the outpost location.

  • 8 months later...

I've been running Authentik for nearly a year now ... and I just put it down yesterday.

It is a great product but way overkill for my usage. I'm trying to limit the number of containers running on my server and it was just too much compared to what can be achieve by competitors.

To be honest it was aso a bit of a hassle to configure.

After considering going back to Authelia I'm now using Tinyauth, designed for homelabs, simple to configure and use minimal resources to run.

As I have also changed NPM by traefik it is very easy to secure my homelab.

I happily skipped all these headache auth providers entirely. No one can access my containers nor systems as I don't open any to the public internet. Tailscale is the only way in.

  • 7 months later...

Is this still the recommended method to install Authentik on Unraid? I am on Unraid 7.2.3 and I want to secure AudioBookShelf behind authentik.
There is an IBRACORP docker in the community applications but it uses an old version of Authentik and still requires Redis. The latest version of Authentik doesn't need Redis anymore.

Cheers

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.