Hello,

I am trying to setup Authentik to do a forward auth for Firefly3, using caddy. I am trying to learn External authentication so my knowledge is limited.

My setup is as follows.

By looking at the Firefly doc Firefly doc, I need to set AUTHENTICATION_GUARD=remote_user_guard AUTHENTICATION_GUARD_HEADER=HTTP_X_AUTHENTIK_EMAIL in my .env file. I used the base .env file provided by Firefly and modified only these two lines

Then, in my Authentik, I made a forward auth for a single application for firefly. This part seem to work because the redirection is made. The external host is my Firefly ip address.

Then from the example provided in the Authentik provider, I created my caddy file on the Firefly container to redirect port 80 to my custom port 9080.

:80 {
        # directive execution order is only as stated if enclosed with route.
        route {
                # always forward outpost path to actual outpost
                reverse_proxy /outpost.goauthentik.io/* http://<outpost ip>:9080

                # forward authentication to outpost
                forward_auth http://<outpost ip>:9080 {
                        uri /outpost.goauthentik.io/auth/caddy

                        # capitalization of the headers is important, otherwise they will be empty
                        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Me>

                        # optional, in this config trust all private ranges, should probably be set to the outposts IP
                        trusted_proxies private_ranges
                }

        }
}

When I try to go on my Firefly app, the Authentik redirection is made and it tries to connect to the Firefly webpage,but I either get unable to connect when I try the https, or Looks like there’s a problem with this site when I try to connect with http.

I see that the connection is refused in both case.

I made sure that my email on my account on firefly matches the email from the Authentik user.

I tried googling my problem to no avail and the Firefly documentation is pretty scarce.

Any help would be welcome.

  • just_another_person@lemmy.worldEnglish
    1·
    7 months ago

    We need networking info to be able to tell what is happening here. If you didn’t change the “outpost_ip” placeholder, that’s your problem.

    Best to not use hostnames. Use the actual IP address.