joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update authentik Caddy template to use HTTP backend

Browse Source 
- Change reverse_proxy from https:// to http:// backend
- Use authentik_http_port instead of authentik_https_port
- Remove unnecessary TLS transport configuration
- Remove health check for non-existent endpoint

This aligns the Ansible template with the working configuration
where authentik only serves HTTP internally and Caddy handles SSL.
This commit is contained in:
Joakim
2025-12-04 19:45:04 +01:00
parent b3c3fe5c56
commit 0507e3291d
11 changed files with 11 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/authentik/templates/authentik.caddy.j2
View File

@@ -1,21 +1,11 @@
# Authentik Authentication Service
{{ authentik_domain }} {
reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }} {
transport http {
tls_insecure_skip_verify
}
header_up Host {upstream_hostport}
reverse_proxy http://{{ authentik_bind_address }}:{{ authentik_http_port }} {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Host {host}
# Health check
health_uri /if/health/live/
health_timeout 10s
health_interval 30s
health_status 200
}
# Security headers
@@ -29,7 +19,7 @@
# Authentik-specific paths
handle_path /outpost.goauthentik.io/* {
reverse_proxy https://{{ authentik_bind_address }}:{{ authentik_https_port }}
reverse_proxy http://{{ authentik_bind_address }}:{{ authentik_http_port }}
}
# Logging
@@ -38,4 +28,4 @@
level INFO
format json
}
}
}